Jump to content

Avenger.txt reloads and grows in size after each startup recommended by MAM so as to rid of captured malware


Recommended Posts

thank you! here is the fixlog.txt file 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014
Ran by Konstantine Trivizas at 2014-08-07 18:16:50 Run:3
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Boot Mode: Safe Mode (minimal)
 
==============================================
 
Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\70253a8e-3c9f-4d22-bd36-b8d19f4791c5.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\71e80baa-31c7-4340-91d3-25d57739bca6.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\catchme.dll
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\f47520ff-a754-403a-a719-51c1c4b8b4fd.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\WindowsXP-KB968930-x86-ENG.exe
 
*****************
 
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
48004B004C004D005C0053006F006600740077006100720065005C0043006C00610073007300650073005C0043004C005300490044005C007B00370033004500370030003900450041002D0035004400390033002D0034004200320045002D0042004200420030002D003900390042003700390033003800440041003900450034007D005C004C006F00630061006C0053006500720076006500720033003200 => Failed to open main key.
[HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] => No subkey with invalid name found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\70253a8e-3c9f-4d22-bd36-b8d19f4791c5.exe => Moved successfully.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\71e80baa-31c7-4340-91d3-25d57739bca6.exe => Moved successfully.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\catchme.dll => Moved successfully.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\f47520ff-a754-403a-a719-51c1c4b8b4fd.exe => Moved successfully.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\WindowsXP-KB968930-x86-ENG.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
  • Replies 168
  • Created
  • Last Reply

Top Posters In This Topic

OK, good news seems like just before Friday comes!  :) it opened it in normal mode, the CPU was not running high.

 

The folders that we discussed earlier were still there, but a) you said that we would clean some of them next and b) there was no Avenger text file there, the best news!.

 

I have not tried to open Chrome, to see if the pop ads come on again or not, as i first would like to hear from you what are the next steps and then to enable the anti virus programs i have on. Btw, can i ditch MS security essentials and just keep the Lavasoft ad-aware and the Malwarebytes? what do you think? Or do you suggest some other virus and malware protection combination?

 

I will be able to sleep ok for the first time this week...thanks to your help! :)

Link to post
Share on other sites

Gdmorning. Pls find the FRST(2).text here:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 08-08-2014 09:44:09
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
R3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 09:44 - 2014-08-08 09:44 - 00016589 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 16:23 - 2014-08-07 16:26 - 00000000 ___SD () C:\ComboFix
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:08 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-07 12:08 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-07 12:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-07 11:41 - 2014-08-07 11:42 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:31 - 2014-08-07 17:22 - 00036642 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Additionolder.txt
2014-08-06 16:26 - 2014-08-07 17:22 - 00048102 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRSTolder.txt
2014-08-06 14:37 - 2014-08-06 14:38 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-06 13:51 - 2014-08-08 09:44 - 00000000 ____D () C:\FRST
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-08 09:41 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:35 - 2014-08-08 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:33 - 2014-08-05 15:34 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-05 15:38 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-07 17:32 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-08 09:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-08 09:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-07 21:30 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-08 09:41 - 00113496 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-24 20:44 - 2014-08-07 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 09:33 - 2014-07-24 22:59 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 09:44 - 2014-08-08 09:44 - 00016589 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-08 09:44 - 2014-08-06 13:51 - 00000000 ____D () C:\FRST
2014-08-08 09:44 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp
2014-08-08 09:41 - 2014-08-05 15:43 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-08 09:41 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-08 09:41 - 2014-08-04 16:56 - 00113496 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 09:40 - 2014-08-04 17:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-08 09:40 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-08 09:40 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:40 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-08 09:40 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-08 09:40 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-08 09:40 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 09:40 - 2012-08-20 19:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-08 09:40 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-08 09:40 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-07 21:30 - 2014-08-04 17:04 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-07 21:30 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-07 21:03 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 20:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-07 20:37 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 17:32 - 2014-08-05 12:39 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-07 17:22 - 2014-08-06 16:31 - 00036642 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Additionolder.txt
2014-08-07 17:22 - 2014-08-06 16:26 - 00048102 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRSTolder.txt
2014-08-07 16:26 - 2014-08-07 16:23 - 00000000 ___SD () C:\ComboFix
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 11:49 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-07 11:42 - 2014-08-07 11:41 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-06 14:38 - 2014-08-06 14:37 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:38 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:34 - 2014-08-05 15:33 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:12 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:48 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 22:59 - 2014-07-23 09:33 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2013-11-01 13:17 - 00000000 ___HD () C:\DrFoneForAndroid
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Link to post
Share on other sites

and the addittion(2).txt here:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 08-08-2014 09:44:09
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
R3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 09:44 - 2014-08-08 09:44 - 00016589 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 16:23 - 2014-08-07 16:26 - 00000000 ___SD () C:\ComboFix
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:08 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-07 12:08 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-07 12:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-07 11:41 - 2014-08-07 11:42 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:31 - 2014-08-07 17:22 - 00036642 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Additionolder.txt
2014-08-06 16:26 - 2014-08-07 17:22 - 00048102 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRSTolder.txt
2014-08-06 14:37 - 2014-08-06 14:38 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-06 13:51 - 2014-08-08 09:44 - 00000000 ____D () C:\FRST
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-08 09:41 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:35 - 2014-08-08 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:33 - 2014-08-05 15:34 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-05 15:38 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-07 17:32 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-08 09:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-08 09:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-07 21:30 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-08 09:41 - 00113496 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-24 20:44 - 2014-08-07 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 09:33 - 2014-07-24 22:59 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 09:44 - 2014-08-08 09:44 - 00016589 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-08 09:44 - 2014-08-06 13:51 - 00000000 ____D () C:\FRST
2014-08-08 09:44 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp
2014-08-08 09:41 - 2014-08-05 15:43 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-08 09:41 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-08 09:41 - 2014-08-04 16:56 - 00113496 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 09:40 - 2014-08-04 17:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-08 09:40 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-08 09:40 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:40 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-08 09:40 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-08 09:40 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-08 09:40 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 09:40 - 2012-08-20 19:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-08 09:40 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-08 09:40 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-07 21:30 - 2014-08-04 17:04 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-07 21:30 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-07 21:03 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 20:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-07 20:37 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 17:32 - 2014-08-05 12:39 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-07 17:22 - 2014-08-06 16:31 - 00036642 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Additionolder.txt
2014-08-07 17:22 - 2014-08-06 16:26 - 00048102 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRSTolder.txt
2014-08-07 16:26 - 2014-08-07 16:23 - 00000000 ___SD () C:\ComboFix
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 11:49 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-07 11:42 - 2014-08-07 11:41 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-06 14:38 - 2014-08-06 14:37 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:38 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:34 - 2014-08-05 15:33 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:12 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:48 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 22:59 - 2014-07-23 09:33 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2013-11-01 13:17 - 00000000 ___HD () C:\DrFoneForAndroid
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Link to post
Share on other sites

Can you please let me know if i can recommend to my outside source who holds my external drive to go download the farbar tool, to do the same scans and then to pass the logs on to you? if you answer this, so that i do not confuse your reply between my pc and the external drive,please specify which, your next answer will be on. Thank you.  

Link to post
Share on other sites

I have also read this posting http://www.malwarekillers.com/recover-files-encrypted-cryptowall-cryptodefense/ ref the encrypted .txt and .html files that were attached into some of my folders, which i manually removed early in the week, but i worry (since i have not opened any files since) that these may be really encrypted. Can you tell at all by having looked into my files? from the scanning of farbar resust you can see where the encrypted files came into; and since i moved some of them into the external drive of mine,i worry that my external drive may have encrypted files. 

Link to post
Share on other sites

Sorry, i m still so nervous and anxious; hard to do all correctly. Here is the addition text file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by Konstantine Trivizas at 2014-08-08 09:45:36
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
ASF (Version: 3.11.1 - Broadcom) Hidden
Broadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 3.11.1 - Broadcom)
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.13.01 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D7453B4F-9A57-4B46-9878-48F90223F8F7}) (Version:  - Microsoft)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.10.47.3 - Dell Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )
hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Your Uninstaller! 2008 Version 6.2 (HKLM\...\Your Uninstaller! 2008_is1) (Version: 6.2 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Application Data\Dropbox\bin\Dropbox.exe /autoplay No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.23. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Application Data\Dropbox\bin\Dropbox.exe /wiacallback (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24. (the data entry has 20 more characters).
 
==================== Restore Points  =========================
 
29-06-2014 14:41:07 System Checkpoint
30-06-2014 09:34:47 Software Distribution Service 3.0
02-07-2014 08:29:38 Software Distribution Service 3.0
04-07-2014 07:58:40 Software Distribution Service 3.0
07-07-2014 09:37:31 Software Distribution Service 3.0
08-07-2014 11:10:09 Software Distribution Service 3.0
10-07-2014 10:40:18 Software Distribution Service 3.0
12-07-2014 09:33:04 Software Distribution Service 3.0
13-07-2014 14:31:24 Software Distribution Service 3.0
14-07-2014 14:56:49 Software Distribution Service 3.0
16-07-2014 08:07:16 Software Distribution Service 3.0
17-07-2014 09:08:22 Software Distribution Service 3.0
18-07-2014 13:54:47 Software Distribution Service 3.0
20-07-2014 11:14:01 Software Distribution Service 3.0
21-07-2014 18:15:48 Software Distribution Service 3.0
22-07-2014 21:23:53 Software Distribution Service 3.0
24-07-2014 08:35:56 Software Distribution Service 3.0
24-07-2014 19:49:06 Before uninstall Facebook Video Calling 2.0.0.447
24-07-2014 19:49:20 Removed Facebook Video Calling 2.0.0.447
24-07-2014 19:53:08 Before uninstall Yontoo 1.10.02
24-07-2014 22:06:04 Before uninstall Google Chrome
24-07-2014 22:09:25 Before uninstall Google Drive
24-07-2014 22:10:05 Removed Google Drive
25-07-2014 09:10:06 Software Distribution Service 3.0
28-07-2014 09:45:58 Software Distribution Service 3.0
29-07-2014 15:26:47 Software Distribution Service 3.0
31-07-2014 15:30:11 Software Distribution Service 3.0
01-08-2014 08:41:21 Installed %1 %2.
07-08-2014 20:02:42 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 13:00 - 2014-07-23 09:33 - 00001391 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
107.181.174.70 www.google-analytics.com.
107.181.174.70 google-analytics.com.
107.181.174.70 connect.facebook.net.
146.0.75.222 www.google-analytics.com.
146.0.75.222 google-analytics.com.
146.0.75.222 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job => C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job => C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-22 12:31 - 2005-12-19 17:08 - 00018944 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2012-08-22 12:31 - 2005-12-19 17:08 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-06-03 16:12 - 2014-06-03 16:12 - 00655352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 08386920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 02421064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00478056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00300920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00205160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00277872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00503648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00270192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00372600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00179552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00143720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00633712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 01873768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00344944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00313720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 02038128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareShellExtension.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 06699864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00310624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00804208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: nwiz => nwiz.exe /installquiet
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 00:08:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (08/06/2014 03:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst (3).exe, version 5.8.2014.0, faulting module frst (3).exe, version 5.8.2014.0, fault address 0x0001f3d4.
Processing media-specific event for [frst (3).exe!ws!]
 
Error: (08/06/2014 03:08:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\FRST(2).TXT.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/06/2014 03:08:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\FRST(2).TXT.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/06/2014 02:52:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DOWNLOADS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/06/2014 02:52:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DOWNLOADS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/05/2014 04:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]
 
Error: (08/05/2014 00:04:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/08/2014 09:40:48 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 00904B145117 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (08/07/2014 08:15:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/07/2014 06:17:31 PM) (Source: DCOM) (EventID: 10005) (User: KONSTANT-8F5437)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/07/2014 06:13:07 PM) (Source: DCOM) (EventID: 10005) (User: KONSTANT-8F5437)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/07/2014 05:48:42 PM) (Source: DCOM) (EventID: 10005) (User: KONSTANT-8F5437)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/07/2014 05:48:29 PM) (Source: DCOM) (EventID: 10005) (User: KONSTANT-8F5437)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/07/2014 05:48:18 PM) (Source: DCOM) (EventID: 10005) (User: KONSTANT-8F5437)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (08/07/2014 05:48:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL
 
Error: (08/07/2014 05:48:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31
 
Error: (08/07/2014 05:48:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (08/07/2014 00:08:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008d1c0
 
Error: (08/06/2014 03:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst (3).exe5.8.2014.0frst (3).exe5.8.2014.00001f3d4
 
Error: (08/06/2014 03:08:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\FRST(2).TXT.LNK
 
Error: (08/06/2014 03:08:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\FRST(2).TXT.LNK
 
Error: (08/06/2014 02:52:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DOWNLOADS.LNK
 
Error: (08/06/2014 02:52:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DOWNLOADS.LNK
 
Error: (08/05/2014 04:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd
 
Error: (08/05/2014 00:04:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI
 
Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI
 
Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 2047.23 MB
Available physical RAM: 1492.4 MB
Total Pagefile: 3943.59 MB
Available Pagefile: 3469.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.26 GB) (Free:21.3 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: CDE9CDE9)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

I do not see signs of cryptolocker on your PC.
 
What did you do regarding two antivirus products?
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 
 
 
 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

fixlist.txt

Link to post
Share on other sites

Thanks for the fixlist.text and guidelines; i assume i will need to run both the farbar and the combo fix right? and send results to you?

 

Ref the two AV products (Ad-aware from Lavasoft and Malwarebytes AM) i have them in the pc but they are disabled now, so that the scanning tools above can run. i continue to email you from the second laptop. thanks.  

Link to post
Share on other sites

here is the fixlog.text result. I proceed now with the combofix and will also send. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014
Ran by Konstantine Trivizas at 2014-08-08 11:11:27 Run:4
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
hosts:
ipconfig /flushdns
*****************
 
48004B004C004D005C0053006F006600740077006100720065005C0043006C00610073007300650073005C0043004C005300490044005C007B00370033004500370030003900450041002D0035004400390033002D0034004200320045002D0042004200420030002D003900390042003700390033003800440041003900450034007D005C004C006F00630061006C0053006500720076006500720033003200 => Failed to open main key.
[HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] => No subkey with invalid name found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":B3D74A13" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
ipconfig /flushdns => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====
Link to post
Share on other sites

i have opened and run combofix from the 'open' command. When using 'run as administrator' it does not open; indicates an error. I can see an Autoscan blue screen open in dos language which is letting me know that it is scanning for infected files and that it will take 10 or double that time, but the cursor is not moving; no files seem to be scanned, no indication of any scanning happening. yet the pc is not frozen when i attempted the same yesterday. 

 

Should i attepmt to do this from safe mode?

Link to post
Share on other sites

i tried to close the autoscan and restart but i cnt even close it. i can t even open task manager now; all is frozen. i suspect combofix is a heavy powerful program and it struggles to run on my machine and takes a very log time. I will need to reboot i think and try again?

Link to post
Share on other sites

i opened and run the combofix from safemode. It scanned the files (same as from normal mode) and backed up registry files (same as before) YET the blue screen autoscan is again open and the cursor does not move; no indication of something happening. I will let it as is till i hear fro you. thank you.

Link to post
Share on other sites

its from normal mode that it first got frozen and then i asked you if i should go to safe mode. Anyhow,i m going into normal mode now and lets see, i doubt it will work, so lets be prepared for an alternative if possible.

 

Also, when you say that you do not see signs of cryptolocker in the files: i recall opening one of the encrypted text files that i found under various folders and which i opened and which was describing of an unlock key and how to obtain it. BUT i closed and deleted immediately these files then fearing that having them open would do more damage. Now, i could see on the scans we performed enrcypted html files locations.  If my files have been encrypted - how will i know other than waiting to open them? - can we find these deleted text files with the ransom instructions?

 

Thank you.  

Link to post
Share on other sites

again after backing the registry files etc, the 'autoscan' informs me that it is creating a restore point and that then scans for infected files, but that scan again, does not progress. (unless it does and it takes a huge time, hours, in which case i would not know). 

Link to post
Share on other sites

it definitely hangs and does not work; i will have an IT literate person seating next to me in an hour; perhaps you can tell us if we could clean some of the remaining errors in registry and do deletions etc manually? i will also have back my external drive to which he will be running a rootkit to identify infections. Or should we try farbar, or?....

ps: you must be getting tired of this...sorry :(  

Link to post
Share on other sites

i guess you are gone. I am in agony! we could not run the windows xp live from cd to this new computer (ir defaults back to the native op system of this machine which is windows 8) so as to apply the Malwarebytes rootikit (beta) scan to find infections or possibly enrypted files on my external drive. AT THIS stage i think  may not be worth to try to work with the old computer and perhaps i should clean it,....unless you feel we can finish the task we started? 

 

Then i should focus on detecting the status of the external drive. Do you have any advise pls on how to do this best?

thank you. 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.