Jump to content

Avenger.txt reloads and grows in size after each startup recommended by MAM so as to rid of captured malware


Recommended Posts

  • Replies 168
  • Created
  • Last Reply

Top Posters In This Topic

Gd morning.

 

1. I have both of them disabled at the moment but i will delete for good from programs, MS Security Essential and just stay with Ad-Aware. If you know of another good AV that does not take up a lot of RAM in running, please let me know.

 

2. Next  question is relative to which folders need to stay in the C drive and which can be a) either deleted or b) placed in another location. You can see these folders from the scanning reports.

- 13aeb57dd9c3dd4707bfd7cf which contains folders 'amd64' and 'i386'. i suspect these are system files, perhaps they can be moved under 'Windows'  ? or they can stay there?

-

82c2f8c : this contains the 82c2f8c.exe file which was not recognised by the machine at the start up when the pc was infected. Leave it there or move it elsewhere?

 

- Config.Msi What folder is this? It is empty. I guess i can delete it. ?

 

- DrFoneforAndroid is a folder that contained files to fix Android phone issues. I was under the impression i had deleted all DrFone files before (can you see that?) so i will delete this folder as it is empty.

 

- FRST: this is the Farbar folder and i suspect i can safely leave it there (perhaps future use) OR should i remove it now and download again if / when needed?  I can see that under Qurantine< C < Documents and Settings < Myname < Local Settings < Temp it holds  6 files that all seem like quarantined infected files (extension '.exe.xBAD). 

 

- MSOCache: < Al Users several '901...' named folders are there containing various .dat and .dll files

 

- Qobox folder: contains all Combofix related files including  Quarantine files (of Windows, system 32 etc)

 

Thank you. I will ask you ref 'external drive' after we deal with the above folders. 

Link to post
Share on other sites

I have also noticed that Adobe Reader cannot read a file that i attempted to open, as it found it damaged and the reader in generally hangs in trying to open other docs. i tried to shut it but it takes ages, so it forces me to have to reboot the pc. Should i de-install and re-install Adobe Reader.?  

Link to post
Share on other sites

First of all:
 
 
warning.gif Windows XP end of support warning!



As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft

Any patches, updates or security releases are ceased for this System.

This is just an information for you if not aware.

My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8. Of course you need to coordinate such decision with your needs and finances. Moving to newer operating system will also require new hardware, so keep it in mind.
 
 
 
Second, let's get rid of used tools:
 
 
The following will implement some post-cleanup procedures:
 
=> Please download DelFix by Xplode to your Desktop.
 
Run the tool and check the following boxes below;
checkmark.png Remove disinfection tools
checkmark.png Create registry backup
checkmark.png Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
 
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

 

Third:

 

Reinstall Adobe Reader if it is not working properly. 

 

 

Fourth:

 

If I missed something, let me know.

Link to post
Share on other sites

dear TWH, 

I am impressed  with your methodical approach and professionalism!!

 

I will follow your instructions and report back. You are correct in that the operating system needs to be changed. In view of this being an old laptop, it wont be able to accommodate Windows 7 (i have tried Windows 8 and do not find it business user friendly), so it will need to be replaced soon, i was intending to do this, after completing some other tasks (i.e meet my taxes deadline etc) but the virus stopped me in my tracks. I will now be able to complete my tax returns and do search for a new desktop or laptop.

 

In the meantime, i assume you agree in that i delete from the programs one of the two AV, i.e. the MS Security Essentials and still keep the free version of MBAV...?

 

Then i will be able to browse the web with no fear of such infection and i will be in position to report to you if the ad pop up issue is there or not. Have you identified the name of the virus or malware that was bringing up these pop ads on the left bottom end of the browser? This was the first infection two weeks ago and subsequently (possibly through the click of one of these ads) led i believe, to the Avenger and Cryptography viruses both entering the computer. You have not seen signs of the cryptography i suspect (?) and thanks God that the files of the C drive seem to not have been locked, but for sure that virus entered the machine and placed html and text files among folders which i soon i realised and deleted. It is possible that some files on the external drive may be locked. |i will ask you next to let me know how we can scan that external drive.    

Link to post
Share on other sites

Yes, please delete either Ad-Aware or Microsoft antivirus.

 

You were infected with very fresh variant of malware called Poweliks. Read here about it --> http://www.pcworld.com/article/2461120/stealthy-malware-poweliks-resides-only-in-system-registry.html

 

I do not see any sign of Cryptolocker on your system.

 

When you finish all this, let me know so we can scan your External drive.

Link to post
Share on other sites

Thank you. Here is the report from Delfix

 

# DelFix v10.8 - Logfile created 09/08/2014 at 12:27:31

# Updated 29/07/2014 by Xplode

# Username : Konstantine Trivizas - KONSTANT-8F5437

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\FRST

Deleted : C:\ComboFix.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition(2).txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\Additionolder.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\Fixlog.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\Fixlogolder.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST(2).txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\Desktop\FRSTolder.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\Addition.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\Fixlog.txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\FRST(2).txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\FRST(3).txt

Deleted : C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\FRST.txt

Deleted : C:\WINDOWS\grep.exe

Deleted : C:\WINDOWS\PEV.exe

Deleted : C:\WINDOWS\NIRCMD.exe

Deleted : C:\WINDOWS\MBR.exe

Deleted : C:\WINDOWS\SED.exe

Deleted : C:\WINDOWS\SWREG.exe

Deleted : C:\WINDOWS\SWSC.exe

Deleted : C:\WINDOWS\SWXCACLS.exe

Deleted : C:\WINDOWS\Zip.exe

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #466 [system Checkpoint | 06/29/2014 14:41:07]

Deleted : RP #467 [software Distribution Service 3.0 | 06/30/2014 09:34:47]

Deleted : RP #468 [software Distribution Service 3.0 | 07/02/2014 08:29:38]

Deleted : RP #469 [software Distribution Service 3.0 | 07/04/2014 07:58:40]

Deleted : RP #470 [software Distribution Service 3.0 | 07/07/2014 09:37:31]

Deleted : RP #471 [software Distribution Service 3.0 | 07/08/2014 11:10:09]

Deleted : RP #472 [software Distribution Service 3.0 | 07/10/2014 10:40:18]

Deleted : RP #473 [software Distribution Service 3.0 | 07/12/2014 09:33:04]

Deleted : RP #474 [software Distribution Service 3.0 | 07/13/2014 14:31:24]

Deleted : RP #475 [software Distribution Service 3.0 | 07/14/2014 14:56:49]

Deleted : RP #476 [software Distribution Service 3.0 | 07/16/2014 08:07:16]

Deleted : RP #477 [software Distribution Service 3.0 | 07/17/2014 09:08:22]

Deleted : RP #478 [software Distribution Service 3.0 | 07/18/2014 13:54:47]

Deleted : RP #479 [software Distribution Service 3.0 | 07/20/2014 11:14:01]

Deleted : RP #480 [software Distribution Service 3.0 | 07/21/2014 18:15:48]

Deleted : RP #481 [software Distribution Service 3.0 | 07/22/2014 21:23:53]

Deleted : RP #482 [software Distribution Service 3.0 | 07/24/2014 08:35:56]

Deleted : RP #483 [before uninstall Facebook Video Calling 2.0.0.447 | 07/24/2014 19:49:06]

Deleted : RP #484 [Removed Facebook Video Calling 2.0.0.447 | 07/24/2014 19:49:20]

Deleted : RP #485 [before uninstall Yontoo 1.10.02 | 07/24/2014 19:53:08]

Deleted : RP #486 [before uninstall Google Chrome | 07/24/2014 22:06:04]

Deleted : RP #487 [before uninstall Google Drive | 07/24/2014 22:09:25]

Deleted : RP #488 [Removed Google Drive | 07/24/2014 22:10:05]

Deleted : RP #489 [software Distribution Service 3.0 | 07/25/2014 09:10:06]

Deleted : RP #490 [software Distribution Service 3.0 | 07/28/2014 09:45:58]

Deleted : RP #491 [software Distribution Service 3.0 | 07/29/2014 15:26:47]

Deleted : RP #492 [software Distribution Service 3.0 | 07/31/2014 15:30:11]

Deleted : RP #493 [installed %1 %2. | 08/01/2014 08:41:21]

Deleted : RP #494 [system Checkpoint | 08/07/2014 20:02:42]

Deleted : RP #495 [software Distribution Service 3.0 | 08/08/2014 15:26:38]

 

New restore point created !

 

########## - EOF - ##########

Link to post
Share on other sites

i took some time as i was reading about various free AV. i decided to delete Ad-Aware (which had not identified some of the prior viruses while MS security essentials had) and to replace it with Avast which sounded better. i had asked your opinion on AVs but i noticed you never commented.

 

In downloading Avast (from download.com) i beleive i was infected. The MS SE caught and quarantined 'Ransom:Win32/Crowti and it continously informs me now that threats are identified and deleted. Before the download it was not identifying anything. The CPU is running high again. ##

 

I have also noticed many files under the Config.Msi folder which before was empty. I deleted them all (recycle bin only till i hear from you) except for 1191d01.rbf for which access is denied. I suspect is used in the background to write other mal files in registry etc? i am panicked again. HELP.

 

To shut up the PC? not leave it going? to delete Avast completely? to run farbar again? 

Link to post
Share on other sites

  Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014

Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 09-08-2014 15:39:37
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-09] (Google Inc.)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp" /s /q
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-09] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
R3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MpKsl5d67bf93; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys [39464 2014-08-09] (Microsoft Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:38 - 2014-08-09 15:39 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:37 - 2014-08-09 15:40 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:36 - 2014-08-09 15:39 - 00000000 ____D () C:\FRST
2014-08-09 15:35 - 2014-08-09 15:30 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:49 - 2014-08-09 14:56 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:48 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:47 - 2014-08-09 14:49 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:47 - 2014-08-09 14:46 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:47 - 2014-08-09 14:46 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:36 - 2014-08-09 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:33 - 2014-08-09 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 12:27 - 2014-08-09 12:32 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-08 23:20 - 2014-08-09 15:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-08 23:20 - 2014-08-09 09:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-08 23:19 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-05 16:15 - 2014-08-09 14:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:35 - 2014-08-09 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-09 14:16 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-07 17:32 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-09 09:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-09 09:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-08 23:41 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-09 14:42 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-09 14:54 - 00000000 ____D () C:\82c2f8c
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:40 - 2014-08-09 15:37 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:40 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-09 15:39 - 2014-08-09 15:38 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:39 - 2014-08-09 15:36 - 00000000 ____D () C:\FRST
2014-08-09 15:30 - 2014-08-09 15:35 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 15:04 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 14:56 - 2014-08-09 14:49 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:54 - 2014-08-01 09:37 - 00000000 ____D () C:\82c2f8c
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-09 14:50 - 2012-08-20 19:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:49 - 2014-08-09 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:49 - 2014-08-09 14:47 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:49 - 2013-02-21 00:09 - 00000000 ____D () C:\Program Files\Google
2014-08-09 14:46 - 2014-08-09 14:47 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:46 - 2014-08-09 14:47 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:46 - 2014-08-09 14:47 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:43 - 2014-08-09 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:42 - 2014-08-04 16:56 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-09 14:19 - 2014-08-09 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 14:16 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-09 14:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:32 - 2014-08-09 12:27 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-09 12:00 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-09 10:03 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 09:17 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-09 09:17 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-09 09:09 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-09 09:09 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-09 09:09 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-09 09:07 - 2014-08-04 17:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-09 09:07 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-09 09:07 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 23:41 - 2014-08-04 17:04 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-08 23:41 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-08 23:19 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-08 23:16 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 17:32 - 2014-08-05 12:39 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

==================== End Of Log ============================

Link to post
Share on other sites

Addition text is here:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 09-08-2014 15:39:37
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-09] (Google Inc.)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp" /s /q
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-09] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
R3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MpKsl5d67bf93; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys [39464 2014-08-09] (Microsoft Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:38 - 2014-08-09 15:39 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:37 - 2014-08-09 15:40 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:36 - 2014-08-09 15:39 - 00000000 ____D () C:\FRST
2014-08-09 15:35 - 2014-08-09 15:30 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:49 - 2014-08-09 14:56 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:48 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:47 - 2014-08-09 14:49 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:47 - 2014-08-09 14:46 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:47 - 2014-08-09 14:46 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:36 - 2014-08-09 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:33 - 2014-08-09 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 12:27 - 2014-08-09 12:32 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-08 23:20 - 2014-08-09 15:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-08 23:20 - 2014-08-09 09:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-08 23:19 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-05 16:15 - 2014-08-09 14:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:35 - 2014-08-09 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-09 14:16 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-07 17:32 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-09 09:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-09 09:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-08 23:41 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-09 14:42 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-09 14:54 - 00000000 ____D () C:\82c2f8c
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:40 - 2014-08-09 15:37 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:40 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-09 15:39 - 2014-08-09 15:38 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:39 - 2014-08-09 15:36 - 00000000 ____D () C:\FRST
2014-08-09 15:30 - 2014-08-09 15:35 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 15:04 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 14:56 - 2014-08-09 14:49 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:54 - 2014-08-01 09:37 - 00000000 ____D () C:\82c2f8c
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-09 14:50 - 2012-08-20 19:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:49 - 2014-08-09 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:49 - 2014-08-09 14:47 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:49 - 2013-02-21 00:09 - 00000000 ____D () C:\Program Files\Google
2014-08-09 14:46 - 2014-08-09 14:47 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:46 - 2014-08-09 14:47 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:46 - 2014-08-09 14:47 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:43 - 2014-08-09 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:42 - 2014-08-04 16:56 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-09 14:19 - 2014-08-09 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 14:16 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-09 14:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:32 - 2014-08-09 12:27 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-09 12:00 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-09 10:03 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 09:17 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-09 09:17 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-09 09:09 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-09 09:09 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-09 09:09 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-09 09:07 - 2014-08-04 17:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-09 09:07 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-09 09:07 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 23:41 - 2014-08-04 17:04 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-08 23:41 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-08 23:19 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-08 23:16 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 17:32 - 2014-08-05 12:39 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Link to post
Share on other sites

I do not see presence of new malware, system is clean.
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

I m sorry, i do not mean to be critical, you have been of immense help to me, but i asked you several times which AV would you recommend; you never answered that; i guess cause you try to be impartial. I was buffled which to keep and which to delete, i was exhausted, hungry etc...whole week i have been a wreck. I googled the Avast and this site download.com came first and it appeared as an official site of Avast. In fact now i recall that this is where we downloaded the MBAM first and now i can tell how the Avenger came in. Second time! i can see from scan that is the CUTWAIL.GEN KEN600 AND KEN 602 virus. i can also see dycrypt instructons files from the scan.

 

I suspect i should delete immediately the Avast AV and the .exe file it has placed on the desktop? 

Link to post
Share on other sites

Thanks GOD...i ll do the cleaning you have asked. What about Avast...do i get rid of it and its .exe file? and what about the 1191cb3,rbf file that cannot be deleted?

Link to post
Share on other sites

here is the fixlog.text of 09.08.2014

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 09-08-2014 15:39:37
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-09] (Google Inc.)
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp" /s /q
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-09] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-09] ()
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
R3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MpKsl5d67bf93; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys [39464 2014-08-09] (Microsoft Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
R3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:38 - 2014-08-09 15:39 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:37 - 2014-08-09 15:40 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:36 - 2014-08-09 15:39 - 00000000 ____D () C:\FRST
2014-08-09 15:35 - 2014-08-09 15:30 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:49 - 2014-08-09 14:56 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:48 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:47 - 2014-08-09 14:49 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:47 - 2014-08-09 14:46 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:47 - 2014-08-09 14:46 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:47 - 2014-08-09 14:46 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:36 - 2014-08-09 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:33 - 2014-08-09 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 12:27 - 2014-08-09 12:32 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-08 23:20 - 2014-08-09 15:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-08 23:20 - 2014-08-09 09:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-08 23:19 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-05 16:15 - 2014-08-09 14:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:35 - 2014-08-09 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-09 14:16 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-07 17:32 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-09 09:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-09 09:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-08 23:41 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-09 14:42 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-09 14:54 - 00000000 ____D () C:\82c2f8c
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 15:40 - 2014-08-09 15:37 - 00018913 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-09 15:40 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\temp
2014-08-09 15:39 - 2014-08-09 15:38 - 00035835 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-09 15:39 - 2014-08-09 15:36 - 00000000 ____D () C:\FRST
2014-08-09 15:30 - 2014-08-09 15:35 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.exe
2014-08-09 15:04 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 14:56 - 2014-08-09 14:49 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-09 14:54 - 2014-08-01 09:37 - 00000000 ____D () C:\82c2f8c
2014-08-09 14:51 - 2014-08-09 14:51 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\AVAST Software
2014-08-09 14:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-09 14:50 - 2012-08-20 19:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-09 14:49 - 2014-08-09 14:49 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 14:49 - 2014-08-09 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-09 14:49 - 2014-08-09 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-08-09 14:49 - 2014-08-09 14:47 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-09 14:49 - 2013-02-21 00:09 - 00000000 ____D () C:\Program Files\Google
2014-08-09 14:46 - 2014-08-09 14:47 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1407592170703
2014-08-09 14:46 - 2014-08-09 14:47 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-09 14:46 - 2014-08-09 14:47 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-09 14:46 - 2014-08-09 14:47 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-09 14:46 - 2014-08-09 14:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-09 14:43 - 2014-08-09 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 14:43 - 2014-08-09 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-09 14:42 - 2014-08-04 16:56 - 00155582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-09 14:38 - 2014-08-09 14:38 - 04862664 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online (1).exe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-09 14:20 - 2012-08-22 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-09 14:19 - 2014-08-09 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-09 14:16 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-09 14:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-09 12:32 - 2014-08-09 12:27 - 00004215 _____ () C:\DelFix.txt
2014-08-09 12:27 - 2014-08-09 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-09 12:00 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-09 10:03 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 09:17 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-09 09:17 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-09 09:09 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-09 09:09 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-09 09:09 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-09 09:09 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-09 09:07 - 2014-08-04 17:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-09 09:07 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-09 09:07 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 23:41 - 2014-08-04 17:04 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-08 23:41 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-08 23:20 - 2014-08-08 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-08 23:19 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-08 23:16 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-07 17:36 - 2014-08-07 17:36 - 00000162 ____H () C:\Documents and Settings\Konstantine Trivizas\Desktop\~$FRST.txt
2014-08-07 17:32 - 2014-08-05 12:39 - 00016906 _____ () C:\WINDOWS\setupapi.log
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Link to post
Share on other sites

i tried to disable for ten mins Avast and to start MS SE to do a scan, but MS SE does not start exist as so as to update; i get the message: When i click: start now i get: 'Coul dnot start the SE service: The specified service does not exist as an uninstalled service. Error code: 0x80070424.

 

Did the fix instructions we applied disable MS SE? i was impressed that it caught this Cutwail.gen virus! \it is also 17 MB in memory .v. 190 MB for Avastar. I was hoping i could have both as programs and sometimes disable one and enable the other for scans. How can i bring back MS SE?   

Link to post
Share on other sites

Also, while the MS SE had the CUTWAIL.GEN KEN600 AND KEN 602 virus in Quarantine, before I informed you, i did a quick scan using Avastar (right after its installation)and it did not detect the Cutwail virus. Is that cause the virus was already in Quarantine by MS SE? 

 

I will leave you in peace now and whenever you can we scan the external drive next and clean the FRST files; if it is a matter of just deleting them from the drive via file manager i can do, if it involves removing back end files, i will need your help. :) :) 

Link to post
Share on other sites

Also, dear THE

 

i wonder if once a virus enters the system there will always be traces left

over in the system (??) and because of this may be easier to pick up the viruses or similar viruses again.? will Avastar (besides sensible behaviour) protect me best...or how can i bring back MS SE and have it in the background (till i have had more experience with avastar)? thank you. 

Link to post
Share on other sites

I am sorry! on post 117 earlier, by mistake i copied the text of the scan results (duplicate).

 

Here is the text from this fixlog of 09.08.2014 

 

Pls let me know what other files or left overs to delete; thanks. 

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:9-08-2014

Ran by Konstantine Trivizas at 2014-08-09 16:07:29 Run:1
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp" /s /q
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
c:\Program Files\Microsoft Security Client
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R1 MpKsl5d67bf93; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys [39464 2014-08-09] (Microsoft Corporation)
C:\WINDOWS\System32\DRIVERS\MpFilter.sys
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys
Reboot:
*****************
 
[HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] => Subkey with invalid name deleted successfully.
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f => Value not found.
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f => Value not found.
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q => Value not found.
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp" /s /q => Value not found.
MsMpSvc => Service stopped successfully.
MsMpSvc => Service deleted successfully.
"c:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
MpFilter => Service stopped successfully.
MpFilter => Service deleted successfully.
MpKsl5d67bf93 => Service not found.
C:\WINDOWS\System32\DRIVERS\MpFilter.sys => Moved successfully.
"c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C819C16D-1C45-4337-90FE-CF757A174D4E}\MpKsl5d67bf93.sys" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.