Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware


  • Please log in to reply
24 replies to this topic

#1 Shauran

Shauran

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 27 October 2013 - 06:14 PM

Hello!

My name is Shauran, I am just a newbie here. Sorry i have posted in the wrong section of the forum lately. I got this problem on my desktop. I think its a rootkit. I tried removing it myself and thought i was successful. Scanned my desktop with MBAM, Avast  and nothing was found so I thought its already gone. But when I connected to the internet, my chrome and IE seems to load very slow. I look in my SystemExplorer and I think its redirecting me to sites that were in codes. Suddenly, again it installed the files that has been removed and some unknown exe files. I'm lost right now and don't know to begin with. I'm afraid that if i do the same process i've done, the result would just be the same.

TIA 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:27 PM

Posted 28 October 2013 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets strat with these scans.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 30 October 2013 - 08:39 AM

Hello Nasdaq!

Thank you for you immediate reply and sorry for being late. My ISP was down for the past 2 days and they only got it fix just now.

Anyway her are the logs that you have requested.

FYI,

i've restored my registry files using ERDNT, because i found that there are lots of Sus Path detection by RougeKiller that i cannot delete.

BTW

I already did run AdwCleaner before asking me. Hope this would not interfere with the process.

 

# AdwCleaner v3.010 - Report created 28/10/2013 at 20:22:51
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Siyak - SHAURAN-HP
# Running from : C:\Documents and Settings\Siyak\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\Minibar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Documents and Settings\Siyak\Local Settings\Application Data\Conduit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [4266 octets] - [28/10/2013 20:21:31]
AdwCleaner[S0].txt - [4313 octets] - [28/10/2013 20:22:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4373 octets] ##########


#4 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 30 October 2013 - 08:41 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 10/30/2013 at 21:20:43.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/30/2013 at 21:25:25.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Administrator at 21:34:35 on 2013-10-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1271.1006 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
mRun: [SystemExplorerAutoStart] "c:\program files\system explorer\SystemExplorer.exe" /TRAY
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.ph/com/EGamesPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345856944515
TCP: Interfaces\{EEC2D009-5F0B-4850-917D-3D8FA044E475} : NameServer = 208.67.222.222,208.67.220.220
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys --> c:\windows\system32\drivers\avglogx.sys [?]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys --> c:\windows\system32\drivers\avgdiskx.sys [?]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\sbiedrv.sys --> c:\program files\sandboxie\SbieDrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 P;P;c:\docume~1\siyak\locals~1\temp\p.exe --> c:\docume~1\siyak\locals~1\temp\P.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-28 04:41:10 688992 ------w- C:\dds.com
2013-10-28 04:41:10 688992 ------w- \dds.com
2013-10-27 10:35:24 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-10-26 23:11:33 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-26 23:11:33 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-26 23:11:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 23:11:33 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-26 23:11:30 43152 ----a-w- c:\windows\avastSS.scr
2013-10-26 15:37:10 177496 ----a-w- c:\windows\system32\drivers\50451574.sys
2013-10-18 05:06:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-10-18 05:06:18 1700352 ----a-w- c:\windows\system32\xgdiplus.dll
2013-10-15 15:41:12 1898232 ------w- C:\rkill.com
2013-10-15 15:41:12 1898232 ------w- \rkill.com
2013-09-24 03:54:00 587864 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-09-24 03:54:00 30552 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 03:54:00 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 03:53:52 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 03:53:52 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 03:53:36 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-09-24 03:53:36 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 03:53:26 3765976 ----a-w- c:\documents and settings\all users\application data\cisB3.exe
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 21:35:23.89 ===============
 


#5 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 30 October 2013 - 08:43 AM

My desktop is disconnected to the internet right now. Is it safe to connect now?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:27 PM

Posted 30 October 2013 - 09:14 AM

My desktop is disconnected to the internet right now. Is it safe to connect now?

Yes IF you can enable/CONNECT your AVG. It's not secure to go on line without any protection.
===

You will need an internet connection to run this tool.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Let me know what problem persists.

#7 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 31 October 2013 - 02:28 AM

Due to restoration of my registry entries, AVG, Comodo, and MBAM  cannot run, so i uninstall them using their utility cleaner. I reinstalled MBAM, Comodo  and Avast instead of AVG before going online. I downloaded combo fix and save it on my desktop. Double clik Combofix.exe and run it. I think combo fix stalled because its been 3hrs now and and its still in

(this are the last 3 lines in combo fix window)

"Extract  : streamtolls.zip"

"Output folder:C:\32788R22FWJFW\N_"

"Output folder C:\32788r22FWJFW"



#8 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 31 October 2013 - 06:04 AM

I  tried running it again but still stalled as i have said. I rebooted my computer and  and now my system is stalling to. Should I restore the registry?  would it help if i keep the desktop offline for the meantime? I use my laptop now to go online.  



#9 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 31 October 2013 - 07:00 AM

Rebooted again and redo step 1

AdwCleaner  went through and got nothing but when I try to run JRT.exe I already got an error, something like "cannot access get.it"



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:27 PM

Posted 31 October 2013 - 09:55 AM

Just run this tool for now. I will review it.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#11 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 31 October 2013 - 10:27 AM

Hi! here are the logs you requested

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by Siyak (administrator) on SHAURAN-HP on 31-10-2013 23:19:30
Running from C:\Documents and Settings\Siyak\Desktop\FarbarRecovery
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled ()
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{EEC2D009-5F0B-4850-917D-3D8FA044E475}: [NameServer]208.67.222.222,208.67.220.220
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-31] (AVAST Software)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-09-19] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4831680 2013-09-24] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [131288 2013-09-24] (COMODO)
S4 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-09-17] (Comodo Security Solutions, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [x]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [x]
S4 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [x]
S4 P; C:\DOCUME~1\Siyak\LOCALS~1\Temp\P.exe [x]
S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-10-31] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-10-31] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-10-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-31] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-10-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-10-31] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-31] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [15704 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [587864 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [30552 2013-09-24] (COMODO)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-29] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-29] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-29] (HP)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [95579 2003-11-20] (Intel Corporation)
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [96216 2013-09-24] (COMODO)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SEDriver; C:\Program Files\System Explorer\service\SEDriverXP.sys [10456 2012-08-21] ()
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [122110 2003-11-20] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [99002 2003-11-20] (Intel Corporation)
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]
S3 rkhdrv40; No ImagePath
S3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2099-03-01 10:12 - 2001-08-17 21:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys
2099-03-01 10:11 - 2012-11-15 12:52 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2099-03-01 10:11 - 2008-04-14 05:42 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\irftp.exe
2099-03-01 10:11 - 2008-04-14 05:42 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2099-03-01 10:11 - 2008-04-14 05:41 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2099-03-01 10:11 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2099-03-01 10:11 - 2008-04-14 00:21 - 00101120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2099-03-01 10:11 - 2008-04-14 00:16 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2099-03-01 10:11 - 2008-04-14 00:16 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthusb.sys
2099-03-01 10:11 - 2008-04-14 00:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2099-03-01 10:11 - 2008-04-14 00:10 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2099-03-01 10:10 - 2008-04-14 05:42 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
2099-03-01 10:10 - 2008-04-14 00:10 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2099-03-01 10:10 - 2004-08-04 06:31 - 00020992 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RTL8139.sys
2099-03-01 10:09 - 2099-03-01 10:09 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2099-03-01 10:09 - 2099-03-01 10:09 - 00000000 ____D C:\Program Files\Common Files\ODBC
2099-03-01 10:09 - 2013-10-17 09:24 - 00569694 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2099-03-01 10:09 - 2013-10-17 08:25 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2099-03-01 10:09 - 2012-08-24 23:50 - 00004161 _____ C:\WINDOWS\ODBCINST.INI
2099-03-01 10:09 - 2008-04-14 05:42 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system\winspool.drv
2099-03-01 10:09 - 2008-04-14 05:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\storprop.dll
2099-03-01 10:09 - 2008-04-14 05:42 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2099-03-01 10:09 - 2008-04-14 05:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\batt.dll
2099-03-01 10:09 - 2008-04-14 00:24 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2099-03-01 10:09 - 2004-08-04 20:00 - 01685606 ____C C:\WINDOWS\system32\dllcache\sam.spd
2099-03-01 10:09 - 2004-08-04 20:00 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spttseng.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00643717 ____C C:\WINDOWS\system32\dllcache\ltts1033.lxa
2099-03-01 10:09 - 2004-08-04 20:00 - 00605050 ____C C:\WINDOWS\system32\dllcache\r1033tts.lxa
2099-03-01 10:09 - 2004-08-04 20:00 - 00176157 ____C (Digi International, Inc.) C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00176157 _____ (Digi International, Inc.) C:\WINDOWS\system32\dgrpsetu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00126912 _____ (Microsoft Corporation) C:\WINDOWS\system\MSVIDEO.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00109456 _____ (Microsoft Corporation) C:\WINDOWS\system\AVIFILE.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00103424 ____C (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnclass.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00103424 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\EqnClass.Dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00085020 ____C (Digi International) C:\WINDOWS\system32\dllcache\dgsetup.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00085020 _____ (Digi International) C:\WINDOWS\system32\dgsetup.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system\OLECLI.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcommon.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00073376 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIAVI.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00069584 _____ (Microsoft Corporation) C:\WINDOWS\system\AVICAP.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00068768 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_869.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_866.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_857.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_855.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_852.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_737.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_869.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_866.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_857.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_855.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_852.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066594 _____ C:\WINDOWS\system32\c_737.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_875.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_28603.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_28599.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_28597.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_28595.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_28594.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20127.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10082.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10081.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10029.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10017.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10010.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10007.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_10006.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_875.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_28603.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_28599.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\C_28597.NLS
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\C_28595.NLS
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\C_28594.NLS
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_20127.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10082.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10081.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10029.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10017.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10010.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10007.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00066082 _____ C:\WINDOWS\system32\c_10006.nls
2099-03-01 10:09 - 2004-08-04 20:00 - 00061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\spcplui.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sapisvr.exe
2099-03-01 10:09 - 2004-08-04 20:00 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIWAVE.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00025264 _____ (Microsoft Corporation) C:\WINDOWS\system\MCISEQ.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00024661 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxcoins.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system\TAPI.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\taskman.exe
2099-03-01 10:09 - 2004-08-04 20:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\TASKMAN.EXE
2099-03-01 10:09 - 2004-08-04 20:00 - 00013600 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irclass.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system\LZEXPAND.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system\VER.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00008192 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhept.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhept.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00007168 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela3.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz2.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdsl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela3.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz2.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcz1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdcr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdal.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuq.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuf.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela2.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdgkl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdest.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuq.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtuf.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlv.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhela2.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdgkl.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdest.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycc.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbduzb.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdur.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtat.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdro.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdmon.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkyr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkaz.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe319.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe220.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdbu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdblr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdazel.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdaze.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdycc.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbduzb.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdur.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdtat.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdru.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdro.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdpl1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdmon.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdlt.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkyr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkaz.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhu1.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe319.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe220.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhe.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdbu.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdblr.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdazel.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdaze.dll
2099-03-01 10:09 - 2004-08-04 20:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2099-03-01 10:09 - 2004-08-04 20:00 - 00004048 _____ (Microsoft Corporation) C:\WINDOWS\system\TIMER.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00003360 _____ (Microsoft Corporation) C:\WINDOWS\system\SYSTEM.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00002577 ____N C:\WINDOWS\system32\CONFIG.TMP
2099-03-01 10:09 - 2004-08-04 20:00 - 00002176 _____ (Microsoft Corporation) C:\WINDOWS\system\VGA.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00002032 _____ (Microsoft Corporation) C:\WINDOWS\system\MOUSE.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00002000 _____ (Microsoft Corporation) C:\WINDOWS\system\KEYBOARD.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00001744 _____ (Microsoft Corporation) C:\WINDOWS\system\SOUND.DRV
2099-03-01 10:09 - 2004-08-04 20:00 - 00001688 _____ C:\WINDOWS\system32\AUTOEXEC.NT
2099-03-01 10:09 - 2004-08-04 20:00 - 00001152 _____ (Microsoft Corporation) C:\WINDOWS\system\MMTASK.TSK
2099-03-01 10:09 - 2004-08-04 20:00 - 00000888 ____C C:\WINDOWS\system32\dllcache\sam.sdf
2099-03-01 10:08 - 2013-10-28 12:44 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.bak
2099-03-01 10:08 - 2013-10-28 12:44 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2099-03-01 10:08 - 2013-10-17 12:04 - 00091888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2099-03-01 10:08 - 2004-08-04 20:00 - 01042903 ____C C:\WINDOWS\system32\dllcache\SP2.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00797189 ____C C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00399645 ____C C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00037484 ____C C:\WINDOWS\system32\dllcache\MW770.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00013472 ____C C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00008574 ____C C:\WINDOWS\system32\dllcache\IASNT4.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00007382 ____C C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2099-03-01 10:08 - 2004-08-04 20:00 - 00007334 ____C C:\WINDOWS\system32\dllcache\wmerrenu.cat
2099-03-01 10:07 - 2099-03-01 10:07 - 00876544 _____ C:\WINDOWS\system32\config\system.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00659456 _____ C:\WINDOWS\system32\config\software.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2099-03-01 10:07 - 2099-03-01 10:07 - 00094208 _____ C:\WINDOWS\system32\config\default.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2099-03-01 10:07 - 2099-03-01 10:07 - 00001024 ____H C:\WINDOWS\system32\config\TempKey.LOG
2099-03-01 10:07 - 2013-10-31 09:14 - 00000220 ___SH C:\boot.ini
2099-03-01 10:07 - 2013-10-28 12:44 - 19394560 _____ C:\WINDOWS\system32\config\software.bak
2099-03-01 10:07 - 2013-10-28 12:44 - 07864320 _____ C:\WINDOWS\system32\config\system.bak
2099-03-01 10:07 - 2013-10-28 12:44 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2099-03-01 10:01 - 2099-03-01 10:03 - 00000000 ____D C:\WINDOWS\system32\ras
2099-03-01 10:01 - 2099-03-01 10:02 - 00000000 ____D C:\WINDOWS\system32\icsxml
2099-03-01 10:01 - 2099-03-01 10:02 - 00000000 ____D C:\WINDOWS\system32\1033
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\wins
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\ShellExt
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\IME
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\export
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\disdn
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\dhcp
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\3com_dmi
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\3076
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\2052
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1054
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1042
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1041
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1037
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1031
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1028
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1025
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Resources
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Provisioning
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\java
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Driver Cache
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Connection Wizard
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\addins
2099-03-01 10:01 - 2013-10-29 15:53 - 00000000 ____D C:\WINDOWS\repair
2099-03-01 10:01 - 2013-10-17 08:20 - 00000000 ____D C:\WINDOWS\pchealth
2099-03-01 10:01 - 2013-10-12 18:50 - 00000000 ____D C:\WINDOWS\twain_32
2099-03-01 10:01 - 2013-10-08 14:32 - 00000000 ____D C:\WINDOWS\system
2099-03-01 10:01 - 2013-09-25 10:09 - 00000000 ____D C:\WINDOWS\security
2099-03-01 10:01 - 2013-06-21 12:51 - 00000000 ____D C:\WINDOWS\Help
2099-03-01 10:01 - 2012-08-25 15:03 - 00000000 ____D C:\WINDOWS\Media
2099-03-01 10:01 - 2012-08-25 12:14 - 00000000 ____D C:\WINDOWS\system32\mui
2099-03-01 10:01 - 2012-08-25 08:17 - 00000000 ____D C:\WINDOWS\system32\usmt
2099-03-01 10:01 - 2012-08-25 08:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2099-03-01 10:01 - 2012-08-25 08:17 - 00000000 ____D C:\WINDOWS\PeerNet
2099-03-01 10:01 - 2012-08-25 08:17 - 00000000 ____D C:\WINDOWS\ime
2099-03-01 10:01 - 2012-08-25 08:15 - 00000000 ____D C:\WINDOWS\system32\npp
2099-03-01 10:01 - 2012-08-25 08:15 - 00000000 ____D C:\WINDOWS\mui
2099-03-01 10:01 - 2012-08-25 08:15 - 00000000 ____D C:\WINDOWS\msagent
2099-03-01 10:01 - 2012-08-24 23:49 - 00000000 ___RD C:\WINDOWS\Web
2099-03-01 10:01 - 2012-08-24 23:49 - 00000000 ____D C:\WINDOWS\system32\ias
2099-03-01 10:01 - 2012-08-24 23:46 - 00000000 ____D C:\WINDOWS\Cursors
2099-03-01 10:01 - 2012-08-24 23:45 - 00000000 ____D C:\WINDOWS\system32\spool
2013-10-31 23:18 - 2013-10-31 23:18 - 00000000 ____D C:\FRST
2013-10-31 23:11 - 2013-10-31 23:13 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\FarbarRecovery
2013-10-31 22:33 - 2013-10-31 22:33 - 00001262 _____ C:\Documents and Settings\Siyak\Desktop\RKreport[0]_S_10312013_223319.txt
2013-10-31 22:33 - 2013-10-31 22:33 - 00000839 _____ C:\Documents and Settings\Siyak\Desktop\RKreport[0]_H_10312013_223336.txt
2013-10-31 22:26 - 2013-10-31 22:26 - 00000000 ____D C:\WINDOWS\system32\New Folder
2013-10-31 18:12 - 2013-10-31 18:12 - 00000000 _____ C:\Documents and Settings\Siyak\defogger_reenable
2013-10-31 11:22 - 2013-10-31 19:24 - 00000000 ___SD C:\32788R22FWJFW
2013-10-31 11:19 - 2013-10-31 11:19 - 05137879 _____ (Swearware) C:\Documents and Settings\Siyak\Desktop\ComboFix.exe
2013-10-31 10:13 - 2013-10-31 10:43 - 00000000 ____D C:\Program Files\Comodo
2013-10-31 09:50 - 2013-10-31 19:33 - 00001586 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-31 09:23 - 2013-10-31 09:23 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-10-31 09:23 - 2013-10-31 09:22 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-10-31 09:23 - 2013-10-31 09:22 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-10-31 09:22 - 2013-10-31 09:22 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-10-31 09:22 - 2013-10-31 09:22 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-10-31 09:20 - 2013-10-31 09:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-31 08:22 - 2013-10-31 18:12 - 00004748 _____ C:\WINDOWS\setupapi.log
2013-10-31 08:02 - 2013-10-31 08:02 - 00000244 _____ C:\Documents and Settings\Siyak\Desktop\defogger_enable.log
2013-10-31 06:38 - 2013-10-31 06:38 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2013-10-30 22:37 - 2013-10-30 22:37 - 00013104 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-30 22:37 - 2013-10-30 22:37 - 00000000 __SHD C:\Documents and Settings\Administrator.SHAURAN-HP\PrivacIE
2013-10-30 21:35 - 2013-10-30 21:35 - 00005904 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\dds.txt
2013-10-30 21:35 - 2013-10-30 21:35 - 00004340 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\attach.txt
2013-10-30 21:34 - 2013-10-28 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\dds.com
2013-10-30 21:25 - 2013-10-30 21:25 - 00001200 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\JRT.txt
2013-10-30 21:22 - 2013-10-30 21:22 - 00000803 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Internet Explorer.lnk
2013-10-30 21:22 - 2013-10-30 21:22 - 00000738 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Outlook Express.lnk
2013-10-30 21:22 - 2013-10-30 21:22 - 00000171 _____ C:\WINDOWS\wmsetup.log
2013-10-30 21:22 - 2013-10-30 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator.SHAURAN-HP\IETldCache
2013-10-30 21:20 - 2013-10-30 21:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-30 21:18 - 2013-10-30 20:45 - 01033335 _____ (Thisisu) C:\Documents and Settings\Siyak\Desktop\JRT.exe
2013-10-29 18:10 - 2013-10-31 23:14 - 00013861 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-29 15:52 - 2013-10-31 09:51 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\BackUp
2013-10-29 12:24 - 2013-10-25 10:21 - 00955392 _____ C:\Documents and Settings\Siyak\Desktop\RogueKiller (1).exe
2013-10-29 09:54 - 2013-10-28 12:38 - 00050477 _____ C:\Documents and Settings\Siyak\Desktop\Defogger.exe
2013-10-29 07:25 - 2013-10-29 07:25 - 00006681 _____ C:\Documents and Settings\Siyak\Desktop\dds.txt
2013-10-29 07:25 - 2013-10-29 07:25 - 00004340 _____ C:\Documents and Settings\Siyak\Desktop\attach.txt
2013-10-29 07:23 - 2013-10-28 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\Siyak\Desktop\dds.com
2013-10-28 20:21 - 2013-10-31 19:30 - 00000000 ____D C:\AdwCleaner
2013-10-28 20:20 - 2013-10-28 06:45 - 01060070 _____ C:\Documents and Settings\Siyak\Desktop\adwcleaner.exe
2013-10-28 20:18 - 2013-10-28 12:41 - 00688992 ____N (Swearware) C:\dds.com
2013-10-28 20:18 - 2013-10-15 23:41 - 01898232 ____N (Bleeping Computer, LLC) C:\rkill.com
2013-10-27 20:13 - 2013-10-31 10:15 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-10-27 20:07 - 2013-10-27 20:07 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-10-27 19:26 - 2013-10-27 19:26 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\Avast
2013-10-27 19:00 - 2013-10-27 19:00 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SystemExplorer
2013-10-27 18:45 - 2013-10-31 23:17 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2013-10-27 18:41 - 2013-10-31 10:21 - 00001677 _____ C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
2013-10-27 18:41 - 2013-10-31 10:20 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
2013-10-27 18:40 - 2013-10-27 18:41 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space
2013-10-27 18:36 - 2013-10-31 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2013-10-27 18:35 - 2013-10-31 10:13 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-10-27 18:34 - 2013-10-27 18:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-10-27 14:15 - 2013-10-27 14:15 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\Malwarebytes
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-27 14:11 - 2013-10-27 14:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-27 14:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-27 14:09 - 2013-10-28 07:52 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\Mbam
2013-10-26 23:37 - 2013-10-26 23:37 - 00177496 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\50451574.sys
2013-10-26 22:00 - 2007-10-04 10:44 - 00095744 _____ () C:\Documents and Settings\Siyak\Desktop\rku37300509.exe
2013-10-26 18:40 - 2013-10-29 12:17 - 00000069 _____ C:\WINDOWS\avast5.ini
2013-10-26 15:27 - 2013-10-26 15:27 - 00001272 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131026_152727.reg
2013-10-26 07:54 - 2013-10-26 11:40 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\regsearch
2013-10-26 07:53 - 2008-12-09 14:14 - 00345156 _____ C:\Documents and Settings\Siyak\Desktop\regsearch.zip
2013-10-26 06:51 - 2013-10-30 22:57 - 00000178 ___SH C:\Documents and Settings\Administrator.SHAURAN-HP\ntuser.ini
2013-10-26 06:47 - 2013-10-30 22:37 - 00000000 ____D C:\Documents and Settings\Administrator.SHAURAN-HP
2013-10-26 06:47 - 2013-10-30 21:22 - 00000792 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Windows Media Player.lnk
2013-10-26 06:47 - 2013-10-30 21:22 - 00000000 ___RD C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Accessories
2013-10-26 06:47 - 2013-10-13 20:35 - 00000000 ____D C:\Documents and Settings\Administrator.SHAURAN-HP\Amin.SHAURAN-HP.000
2013-10-26 06:47 - 2012-10-13 05:47 - 00000000 ____D C:\Documents and Settings\Administrator.SHAURAN-HP\Application Data\TuneUp Software
2013-10-26 06:47 - 2012-08-24 23:50 - 00001599 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Remote Assistance.lnk
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\AVAST Software
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-10-25 16:57 - 2013-10-25 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-10-25 16:46 - 2013-10-25 16:46 - 00000325 _____ C:\Documents and Settings\LocalService\My Documents\RootkitReveal2.txt
2013-10-25 16:32 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Siyak\Desktop\RootkitRevealer.exe
2013-10-25 16:32 - 2006-07-28 08:32 - 00007005 _____ C:\Documents and Settings\Siyak\Desktop\Eula.txt
2013-10-25 16:32 - 2005-12-07 14:19 - 00102160 _____ C:\Documents and Settings\Siyak\Desktop\RootkitRevealer.chm
2013-10-25 11:22 - 2013-10-27 06:20 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\AvaMbamCleaner
2013-10-25 11:21 - 2013-10-31 23:13 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RKtools
2013-10-25 10:16 - 2013-10-25 10:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-10-25 10:16 - 2013-10-25 10:16 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-10-25 10:04 - 2013-10-25 10:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-10-25 09:57 - 2013-10-25 09:57 - 00001406 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_095714.txt
2013-10-25 09:57 - 2013-10-25 09:57 - 00000984 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_H_10252013_095724.txt
2013-10-25 09:54 - 2007-10-04 10:44 - 00095744 ____N () C:\Documents and Settings\Administrator\Desktop\rku37300509.exe
2013-10-25 09:53 - 2013-10-25 09:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-10-25 09:53 - 2013-10-25 09:49 - 00087354 ____N C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar
2013-10-25 09:44 - 2013-10-25 09:44 - 00000917 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_H_10252013_094433.txt
2013-10-25 09:43 - 2013-10-25 09:43 - 00001337 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_094348.txt
2013-10-25 09:39 - 2013-10-25 09:39 - 00001510 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_10252013_093956.txt
2013-10-25 09:39 - 2013-10-25 09:39 - 00001473 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_093951.txt
2013-10-25 09:36 - 2013-10-25 09:46 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2013-10-25 09:35 - 2013-10-25 09:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-10-25 09:27 - 2013-10-25 00:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Siyak\Desktop\mbam-setup-1.75.0.1300 (1).exe
2013-10-25 09:27 - 2013-10-24 23:57 - 07211664 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Siyak\Desktop\mbam-rules.exe
2013-10-25 09:12 - 2013-10-25 10:54 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-25 09:12 - 2013-10-25 09:35 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-25 09:12 - 2012-10-13 05:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2013-10-25 09:12 - 2012-08-24 23:50 - 00001599 ____N C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-10-25 09:12 - 2012-08-24 23:50 - 00000792 ____N C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2013-10-25 09:12 - 2012-08-24 23:50 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-10-24 22:42 - 2013-10-24 17:40 - 00377856 _____ C:\Documents and Settings\Siyak\Desktop\INternetExplorer.exe
2013-10-24 19:20 - 2013-10-24 17:40 - 00377856 _____ C:\Documents and Settings\Siyak\Desktop\Axo0n0skq.exe
2013-10-24 15:58 - 2013-10-31 07:02 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\DumpWmilib
2013-10-24 07:18 - 2013-10-29 12:30 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RK_Quarantine
2013-10-23 17:50 - 2013-10-23 17:50 - 00002742 ____N C:\RootRepeal report 10-23-13 (17-50-41).txt
2013-10-23 17:25 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Documents and Settings\Siyak\Desktop\RootRepeal.exe
2013-10-23 00:36 - 2013-10-23 00:36 - 00000000 ____D C:\Program Files\Common Files\INCAInternet
2013-10-22 21:12 - 2013-06-05 14:39 - 00172032 _____ (Inner Media, Inc.) C:\WINDOWS\system32\dzip32.dll
2013-10-22 21:12 - 2013-06-05 14:39 - 00139264 _____ (Inner Media, Inc.) C:\WINDOWS\system32\dunzip32.dll
2013-10-22 09:58 - 2013-10-22 09:58 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\ProcessLasso
2013-10-21 23:31 - 2013-10-21 23:32 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\RanOnline
2013-10-21 19:06 - 2013-10-27 21:14 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-10-21 19:06 - 2013-10-21 19:06 - 00000823 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\IObit
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2013-10-21 19:05 - 2013-10-21 19:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
2013-10-21 19:05 - 2013-10-21 19:05 - 00000000 ____D C:\Program Files\IObit
2013-10-21 19:02 - 2013-10-21 19:02 - 00000544 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to defragsetup.exe.lnk
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Documents and Settings\Siyak\Start Menu\Programs\WinRAR
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2013-10-20 22:19 - 2013-10-20 22:28 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-10-20 22:09 - 2013-10-20 22:09 - 00198268 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131020_220918.reg
2013-10-20 18:44 - 2013-10-31 10:41 - 00000000 ____D C:\Documents and Settings\Siyak\Local Settings\Application Data\COMODO
2013-10-20 18:23 - 2013-10-20 18:23 - 00009338 _____ C:\Documents and Settings\Siyak\My Documents\CisReport_v6.3.294583.2937_20131020-182335.zip
2013-10-20 18:02 - 2013-10-20 18:02 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-10-20 18:02 - 2013-10-20 18:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adtrustmedia
2013-10-20 17:34 - 2013-09-24 11:53 - 03765976 _____ (COMODO) C:\Documents and Settings\All Users\Application Data\cisB3.exe
2013-10-20 14:08 - 2013-10-21 09:44 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2013-10-19 16:40 - 2013-10-20 05:41 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-10-19 16:40 - 2013-10-20 05:25 - 00000000 ____D C:\Documents and Settings\Siyak\Doctor Web
2013-10-18 13:06 - 2013-10-21 22:58 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-10-18 13:06 - 2013-10-18 13:06 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgdiplus.dll
2013-10-18 13:06 - 2013-10-18 13:06 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2013-10-18 10:44 - 2013-10-18 10:44 - 00000881 _____ C:\Documents and Settings\Siyak\Local Settings\Application Data\recently-used.xbel
2013-10-18 09:25 - 2013-10-19 01:40 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\Comodo
2013-10-18 08:41 - 2013-10-27 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2013-10-17 16:20 - 2013-10-17 16:20 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-10-17 12:02 - 2013-10-17 12:02 - 00678908 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131017_120219.reg
2013-10-17 09:03 - 2013-10-17 09:03 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-17 09:01 - 2013-10-17 09:01 - 00000000 ____D C:\Program Files\MSBuild
2013-10-17 08:57 - 2013-10-17 08:57 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-17 08:52 - 2013-10-17 08:55 - 00000000 ____D C:\1e11bc64166fadcf1723a3cd4c3d96
2013-10-17 08:52 - 2008-07-06 20:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2013-10-17 08:52 - 2008-07-06 20:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2013-10-17 08:52 - 2008-07-06 20:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2013-10-17 08:52 - 2008-07-06 20:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2013-10-17 08:52 - 2008-07-06 20:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2013-10-17 08:52 - 2008-07-06 20:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2013-10-17 08:52 - 2008-07-06 18:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2013-10-15 08:27 - 2013-10-17 16:28 - 00001682 _____ C:\Documents and Settings\All Users\Desktop\Counter-Strike-PRO.EXE.lnk
2013-10-15 08:27 - 2013-10-15 08:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike PRO
2013-10-15 08:24 - 2013-10-31 08:27 - 00000000 ____D C:\Program Files\Counter Strike PRO
2013-10-14 16:28 - 2013-10-14 16:28 - 00016096 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131014_162810.reg
2013-10-14 09:11 - 2013-10-14 09:11 - 00000000 ____D C:\Program Files\Advanced Port Scanner
2013-10-14 09:11 - 2013-10-14 09:11 - 00000000 ____D C:\Documents and Settings\Siyak\Start Menu\Programs\Advanced Port Scanner
2013-10-12 19:26 - 2013-10-27 19:00 - 00000000 ____D C:\Program Files\System Explorer
2013-10-12 10:57 - 2013-10-12 10:57 - 00001060 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to procexp.exe.lnk
2013-10-11 20:40 - 2013-10-18 16:05 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\BMExtreme
2013-10-11 20:40 - 2013-10-11 20:40 - 00001564 _____ C:\Documents and Settings\All Users\Desktop\BMExtreme.lnk
2013-10-11 20:40 - 2013-10-11 20:40 - 00000000 ____D C:\Program Files\BMExtreme
2013-10-11 20:40 - 2013-10-11 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BMExtreme
2013-10-11 16:46 - 2013-10-23 06:47 - 00000000 ____D C:\Program Files\e-Games
2013-10-11 14:21 - 2013-10-11 14:21 - 00000919 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to tdsskiller.exe.lnk
2013-10-11 14:04 - 2013-10-26 18:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-11 12:15 - 2013-10-17 12:24 - 00000672 _____ C:\Documents and Settings\LocalService\My Documents\RootkitReveal.txt
2013-10-11 10:12 - 2013-10-11 10:12 - 00001102 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to RootkitRevealer.exe.lnk
2013-10-10 17:47 - 2013-10-10 18:03 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RETORIKA 5
2013-10-10 08:24 - 2013-10-10 08:24 - 00001053 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to Procmon.exe.lnk
2013-10-09 17:08 - 2013-07-03 10:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-09 16:42 - 2013-07-17 08:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-09 16:42 - 2013-07-17 08:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-09 16:42 - 2013-07-17 08:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-09 16:36 - 2013-08-09 08:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-09 16:36 - 2013-08-09 08:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-09 16:36 - 2009-03-18 19:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-08 14:31 - 2013-10-12 18:28 - 00000000 ____D C:\WINDOWS\system\System132
2013-10-03 15:49 - 2013-10-03 15:49 - 00022700 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131003_154946.reg
2013-10-02 20:50 - 2013-10-02 20:50 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-10-02 09:03 - 2013-10-02 09:03 - 00000909 _____ C:\Documents and Settings\Siyak\Desktop\noscript.exe.lnk
2013-10-02 08:39 - 2013-10-02 08:39 - 00000917 _____ C:\Documents and Settings\Siyak\Desktop\Revo Uninstaller.lnk
2013-10-02 08:39 - 2013-10-02 08:39 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-02 08:30 - 2013-10-02 08:30 - 00000000 __SHD C:\Documents and Settings\Siyak\IECompatCache
2013-10-02 00:00 - 2013-10-02 00:00 - 00013058 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131002_000005.reg
2013-10-01 20:46 - 2013-10-01 20:46 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\AVG
2013-10-01 18:01 - 2013-10-01 18:01 - 00000440 __RSH C:\Documents and Settings\Siyak\ntuser.pol
2013-10-01 14:30 - 2013-10-01 14:30 - 00000000 ____D C:\Documents and Settings\Siyak\Local Settings\Application Data\avgchrome
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\WINDOWS\system32\searchplugins
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\WINDOWS\system32\Extensions
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 13:05 - 2013-10-01 20:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2013-10-01 13:05 - 2013-10-01 13:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\TuneUp Software
 
==================== One Month Modified Files and Folders =======
 
2099-03-01 10:09 - 2099-03-01 10:09 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2099-03-01 10:09 - 2099-03-01 10:09 - 00000000 ____D C:\Program Files\Common Files\ODBC
2099-03-01 10:07 - 2099-03-01 10:07 - 00876544 _____ C:\WINDOWS\system32\config\system.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00659456 _____ C:\WINDOWS\system32\config\software.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2099-03-01 10:07 - 2099-03-01 10:07 - 00094208 _____ C:\WINDOWS\system32\config\default.sav
2099-03-01 10:07 - 2099-03-01 10:07 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2099-03-01 10:07 - 2099-03-01 10:07 - 00001024 ____H C:\WINDOWS\system32\config\TempKey.LOG
2099-03-01 10:03 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\ras
2099-03-01 10:02 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\icsxml
2099-03-01 10:02 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1033
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\wins
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\ShellExt
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\IME
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\export
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\disdn
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\dhcp
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\3com_dmi
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\3076
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\2052
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1054
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1042
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1041
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1037
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1031
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1028
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system32\1025
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Resources
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Provisioning
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\java
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Driver Cache
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\Connection Wizard
2099-03-01 10:01 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\addins
2013-10-31 23:18 - 2013-10-31 23:18 - 00000000 ____D C:\FRST
2013-10-31 23:17 - 2013-10-27 18:45 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2013-10-31 23:16 - 2012-08-24 23:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-31 23:16 - 2012-08-24 23:48 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-31 23:14 - 2013-10-29 18:10 - 00013861 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-31 23:14 - 2012-08-24 23:56 - 00000178 ___SH C:\Documents and Settings\Siyak\ntuser.ini
2013-10-31 23:13 - 2013-10-31 23:11 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\FarbarRecovery
2013-10-31 23:13 - 2013-10-25 11:21 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RKtools
2013-10-31 22:33 - 2013-10-31 22:33 - 00001262 _____ C:\Documents and Settings\Siyak\Desktop\RKreport[0]_S_10312013_223319.txt
2013-10-31 22:33 - 2013-10-31 22:33 - 00000839 _____ C:\Documents and Settings\Siyak\Desktop\RKreport[0]_H_10312013_223336.txt
2013-10-31 22:26 - 2013-10-31 22:26 - 00000000 ____D C:\WINDOWS\system32\New Folder
2013-10-31 22:08 - 2004-08-04 20:00 - 00012540 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-31 19:33 - 2013-10-31 09:50 - 00001586 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-31 19:30 - 2013-10-28 20:21 - 00000000 ____D C:\AdwCleaner
2013-10-31 19:24 - 2013-10-31 11:22 - 00000000 ___SD C:\32788R22FWJFW
2013-10-31 18:12 - 2013-10-31 18:12 - 00000000 _____ C:\Documents and Settings\Siyak\defogger_reenable
2013-10-31 18:12 - 2013-10-31 08:22 - 00004748 _____ C:\WINDOWS\setupapi.log
2013-10-31 18:12 - 2012-08-24 23:56 - 00000000 ____D C:\Documents and Settings\Siyak
2013-10-31 11:21 - 2012-08-25 08:06 - 00012540 _____ C:\WINDOWS\system32\wpa.bak
2013-10-31 11:19 - 2013-10-31 11:19 - 05137879 _____ (Swearware) C:\Documents and Settings\Siyak\Desktop\ComboFix.exe
2013-10-31 10:43 - 2013-10-31 10:13 - 00000000 ____D C:\Program Files\Comodo
2013-10-31 10:41 - 2013-10-20 18:44 - 00000000 ____D C:\Documents and Settings\Siyak\Local Settings\Application Data\COMODO
2013-10-31 10:39 - 2013-10-27 18:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2013-10-31 10:21 - 2013-10-27 18:41 - 00001677 _____ C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
2013-10-31 10:20 - 2013-10-27 18:41 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
2013-10-31 10:15 - 2013-10-27 20:13 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-10-31 10:13 - 2013-10-27 18:35 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-10-31 09:51 - 2013-10-29 15:52 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\BackUp
2013-10-31 09:23 - 2013-10-31 09:23 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-10-31 09:22 - 2013-10-31 09:23 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-10-31 09:22 - 2013-10-31 09:23 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-10-31 09:22 - 2013-10-31 09:22 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-10-31 09:22 - 2013-10-31 09:22 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-10-31 09:20 - 2013-10-31 09:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-31 09:14 - 2099-03-01 10:07 - 00000220 ___SH C:\boot.ini
2013-10-31 09:14 - 2012-08-24 23:50 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-10-31 08:27 - 2013-10-15 08:24 - 00000000 ____D C:\Program Files\Counter Strike PRO
2013-10-31 08:02 - 2013-10-31 08:02 - 00000244 _____ C:\Documents and Settings\Siyak\Desktop\defogger_enable.log
2013-10-31 07:02 - 2013-10-24 15:58 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\DumpWmilib
2013-10-31 06:38 - 2013-10-31 06:38 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2013-10-30 22:57 - 2013-10-26 06:51 - 00000178 ___SH C:\Documents and Settings\Administrator.SHAURAN-HP\ntuser.ini
2013-10-30 22:37 - 2013-10-30 22:37 - 00013104 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-30 22:37 - 2013-10-30 22:37 - 00000000 __SHD C:\Documents and Settings\Administrator.SHAURAN-HP\PrivacIE
2013-10-30 22:37 - 2013-10-26 06:47 - 00000000 ____D C:\Documents and Settings\Administrator.SHAURAN-HP
2013-10-30 21:35 - 2013-10-30 21:35 - 00005904 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\dds.txt
2013-10-30 21:35 - 2013-10-30 21:35 - 00004340 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\attach.txt
2013-10-30 21:25 - 2013-10-30 21:25 - 00001200 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\JRT.txt
2013-10-30 21:22 - 2013-10-30 21:22 - 00000803 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Internet Explorer.lnk
2013-10-30 21:22 - 2013-10-30 21:22 - 00000738 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Outlook Express.lnk
2013-10-30 21:22 - 2013-10-30 21:22 - 00000171 _____ C:\WINDOWS\wmsetup.log
2013-10-30 21:22 - 2013-10-30 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator.SHAURAN-HP\IETldCache
2013-10-30 21:22 - 2013-10-26 06:47 - 00000792 _____ C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Windows Media Player.lnk
2013-10-30 21:22 - 2013-10-26 06:47 - 00000000 ___RD C:\Documents and Settings\Administrator.SHAURAN-HP\Start Menu\Programs\Accessories
2013-10-30 21:20 - 2013-10-30 21:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-30 20:45 - 2013-10-30 21:18 - 01033335 _____ (Thisisu) C:\Documents and Settings\Siyak\Desktop\JRT.exe
2013-10-29 18:55 - 2012-08-24 23:54 - 00000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2013-10-29 18:54 - 2012-08-24 23:54 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-10-29 15:53 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\repair
2013-10-29 15:53 - 2012-08-25 09:41 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-10-29 15:53 - 2012-08-24 23:47 - 00000000 ____D C:\WINDOWS\Registration
2013-10-29 15:16 - 2012-09-04 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-29 12:30 - 2013-10-24 07:18 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RK_Quarantine
2013-10-29 12:17 - 2013-10-26 18:40 - 00000069 _____ C:\WINDOWS\avast5.ini
2013-10-29 07:25 - 2013-10-29 07:25 - 00006681 _____ C:\Documents and Settings\Siyak\Desktop\dds.txt
2013-10-29 07:25 - 2013-10-29 07:25 - 00004340 _____ C:\Documents and Settings\Siyak\Desktop\attach.txt
2013-10-28 20:35 - 2012-08-25 18:48 - 00000000 ____D C:\WINDOWS\ERDNT
2013-10-28 12:44 - 2099-03-01 10:08 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-28 12:44 - 2099-03-01 10:08 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-28 12:44 - 2099-03-01 10:07 - 19394560 _____ C:\WINDOWS\system32\config\software.bak
2013-10-28 12:44 - 2099-03-01 10:07 - 07864320 _____ C:\WINDOWS\system32\config\system.bak
2013-10-28 12:44 - 2099-03-01 10:07 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-10-28 12:44 - 2013-09-04 11:23 - 04677632 _____ C:\Documents and Settings\Siyak\ntuser.bak
2013-10-28 12:44 - 2012-08-26 09:43 - 00028672 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-28 12:44 - 2012-08-26 09:43 - 00016384 ____H C:\Documents and Settings\Siyak\NTUSER.tmp.LOG
2013-10-28 12:44 - 2012-08-26 09:43 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-28 12:44 - 2012-08-26 09:43 - 00001024 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-28 12:41 - 2013-10-30 21:34 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.SHAURAN-HP\Desktop\dds.com
2013-10-28 12:41 - 2013-10-29 07:23 - 00688992 ____R (Swearware) C:\Documents and Settings\Siyak\Desktop\dds.com
2013-10-28 12:41 - 2013-10-28 20:18 - 00688992 ____N (Swearware) C:\dds.com
2013-10-28 12:38 - 2013-10-29 09:54 - 00050477 _____ C:\Documents and Settings\Siyak\Desktop\Defogger.exe
2013-10-28 07:52 - 2013-10-27 14:09 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\Mbam
2013-10-28 06:45 - 2013-10-28 20:20 - 01060070 _____ C:\Documents and Settings\Siyak\Desktop\adwcleaner.exe
2013-10-27 21:14 - 2013-10-21 19:06 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-10-27 21:12 - 2012-12-07 09:27 - 00000000 ____D C:\WINDOWS\pss
2013-10-27 21:07 - 2012-08-25 08:44 - 00000000 ____D C:\Program Files\Google
2013-10-27 21:07 - 2012-08-25 08:44 - 00000000 ____D C:\Documents and Settings\Siyak\Local Settings\Application Data\Google
2013-10-27 20:07 - 2013-10-27 20:07 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-10-27 19:26 - 2013-10-27 19:26 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\Avast
2013-10-27 19:00 - 2013-10-27 19:00 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SystemExplorer
2013-10-27 19:00 - 2013-10-12 19:26 - 00000000 ____D C:\Program Files\System Explorer
2013-10-27 18:44 - 2013-10-18 08:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2013-10-27 18:41 - 2013-10-27 18:40 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space
2013-10-27 18:34 - 2013-10-27 18:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-10-27 14:15 - 2013-10-27 14:15 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\Malwarebytes
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-27 14:15 - 2013-10-27 14:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-27 14:15 - 2013-10-27 14:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-27 06:20 - 2013-10-25 11:22 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\AvaMbamCleaner
2013-10-26 23:37 - 2013-10-26 23:37 - 00177496 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\50451574.sys
2013-10-26 18:51 - 2013-10-11 14:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-26 18:30 - 2012-08-25 10:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-10-26 15:27 - 2013-10-26 15:27 - 00001272 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131026_152727.reg
2013-10-26 11:40 - 2013-10-26 07:54 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\regsearch
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\AVAST Software
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-10-25 16:57 - 2013-10-25 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-10-25 16:46 - 2013-10-25 16:46 - 00000325 _____ C:\Documents and Settings\LocalService\My Documents\RootkitReveal2.txt
2013-10-25 10:54 - 2013-10-25 09:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-25 10:21 - 2013-10-29 12:24 - 00955392 _____ C:\Documents and Settings\Siyak\Desktop\RogueKiller (1).exe
2013-10-25 10:16 - 2013-10-25 10:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-10-25 10:16 - 2013-10-25 10:16 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-10-25 10:04 - 2013-10-25 10:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-10-25 09:57 - 2013-10-25 09:57 - 00001406 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_095714.txt
2013-10-25 09:57 - 2013-10-25 09:57 - 00000984 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_H_10252013_095724.txt
2013-10-25 09:53 - 2013-10-25 09:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-10-25 09:49 - 2013-10-25 09:53 - 00087354 ____N C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar
2013-10-25 09:46 - 2013-10-25 09:36 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2013-10-25 09:44 - 2013-10-25 09:44 - 00000917 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_H_10252013_094433.txt
2013-10-25 09:43 - 2013-10-25 09:43 - 00001337 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_094348.txt
2013-10-25 09:39 - 2013-10-25 09:39 - 00001510 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_10252013_093956.txt
2013-10-25 09:39 - 2013-10-25 09:39 - 00001473 ____N C:\Documents and Settings\Administrator\Desktop\RKreport[0]_S_10252013_093951.txt
2013-10-25 09:35 - 2013-10-25 09:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-10-25 09:35 - 2013-10-25 09:12 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-25 08:03 - 2004-08-04 20:00 - 00000512 _____ C:\WINDOWS\win.ini
2013-10-25 08:03 - 2004-08-04 20:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-25 00:02 - 2013-10-25 09:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Siyak\Desktop\mbam-setup-1.75.0.1300 (1).exe
2013-10-24 23:57 - 2013-10-25 09:27 - 07211664 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\Siyak\Desktop\mbam-rules.exe
2013-10-24 17:40 - 2013-10-24 22:42 - 00377856 _____ C:\Documents and Settings\Siyak\Desktop\INternetExplorer.exe
2013-10-24 17:40 - 2013-10-24 19:20 - 00377856 _____ C:\Documents and Settings\Siyak\Desktop\Axo0n0skq.exe
2013-10-23 17:50 - 2013-10-23 17:50 - 00002742 ____N C:\RootRepeal report 10-23-13 (17-50-41).txt
2013-10-23 06:47 - 2013-10-11 16:46 - 00000000 ____D C:\Program Files\e-Games
2013-10-23 00:36 - 2013-10-23 00:36 - 00000000 ____D C:\Program Files\Common Files\INCAInternet
2013-10-22 21:12 - 2012-08-25 01:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-22 18:25 - 2012-08-25 10:06 - 00000000 ____D C:\Program Files\FlashGet
2013-10-22 15:05 - 2012-08-25 23:38 - 04106752 ___SH C:\Documents and Settings\Siyak\Desktop\Thumbs.db
2013-10-22 09:58 - 2013-10-22 09:58 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\ProcessLasso
2013-10-21 23:32 - 2013-10-21 23:31 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\RanOnline
2013-10-21 23:07 - 2013-09-28 20:06 - 00000000 ____D C:\Sept 28
2013-10-21 23:02 - 2013-01-02 12:02 - 00000000 ____D C:\Documents and Settings\Siyak\My Documents\New Year
2013-10-21 22:58 - 2013-10-18 13:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-10-21 19:06 - 2013-10-21 19:06 - 00000823 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\IObit
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2013-10-21 19:06 - 2013-10-21 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
2013-10-21 19:05 - 2013-10-21 19:05 - 00000000 ____D C:\Program Files\IObit
2013-10-21 19:02 - 2013-10-21 19:02 - 00000544 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to defragsetup.exe.lnk
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Documents and Settings\Siyak\Start Menu\Programs\WinRAR
2013-10-21 18:19 - 2013-10-21 18:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2013-10-21 09:44 - 2013-10-20 14:08 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2013-10-20 22:28 - 2013-10-20 22:19 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-10-20 22:09 - 2013-10-20 22:09 - 00198268 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131020_220918.reg
2013-10-20 18:23 - 2013-10-20 18:23 - 00009338 _____ C:\Documents and Settings\Siyak\My Documents\CisReport_v6.3.294583.2937_20131020-182335.zip
2013-10-20 18:02 - 2013-10-20 18:02 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-10-20 18:02 - 2013-10-20 18:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adtrustmedia
2013-10-20 06:47 - 2013-06-26 09:24 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\Pics
2013-10-20 05:41 - 2013-10-19 16:40 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-10-20 05:25 - 2013-10-19 16:40 - 00000000 ____D C:\Documents and Settings\Siyak\Doctor Web
2013-10-19 01:40 - 2013-10-18 09:25 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\Comodo
2013-10-18 16:05 - 2013-10-11 20:40 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\BMExtreme
2013-10-18 13:06 - 2013-10-18 13:06 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgdiplus.dll
2013-10-18 13:06 - 2013-10-18 13:06 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2013-10-18 13:02 - 2012-10-26 08:03 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\vlc
2013-10-18 12:01 - 2013-01-02 12:03 - 00026112 _____ C:\Documents and Settings\Siyak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-18 10:52 - 2013-05-10 07:40 - 00000000 ____D C:\Documents and Settings\Siyak\.gimp-2.8
2013-10-18 10:44 - 2013-10-18 10:44 - 00000881 _____ C:\Documents and Settings\Siyak\Local Settings\Application Data\recently-used.xbel
2013-10-18 09:00 - 2013-09-28 05:37 - 00001014 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to avg_remover_stf_x86_2014_4116.lnk
2013-10-18 09:00 - 2013-09-09 15:22 - 00000929 _____ C:\Documents and Settings\Siyak\Desktop\Old Launcher.lnk
2013-10-18 09:00 - 2013-07-30 07:04 - 00000851 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to Globe Broadband Bill 8-18-12 cutoff.lnk
2013-10-17 16:28 - 2013-10-15 08:27 - 00001682 _____ C:\Documents and Settings\All Users\Desktop\Counter-Strike-PRO.EXE.lnk
2013-10-17 16:22 - 2012-11-15 12:48 - 00000000 ____D C:\Program Files\HP
2013-10-17 16:20 - 2013-10-17 16:20 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-10-17 12:24 - 2013-10-11 12:15 - 00000672 _____ C:\Documents and Settings\LocalService\My Documents\RootkitReveal.txt
2013-10-17 12:08 - 2012-08-25 09:08 - 00013104 _____ C:\Documents and Settings\Siyak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-17 12:04 - 2099-03-01 10:08 - 00091888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-17 12:02 - 2013-10-17 12:02 - 00678908 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131017_120219.reg
2013-10-17 11:12 - 2012-08-25 12:14 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-17 09:24 - 2099-03-01 10:09 - 00569694 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-17 09:03 - 2013-10-17 09:03 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-17 09:01 - 2013-10-17 09:01 - 00000000 ____D C:\Program Files\MSBuild
2013-10-17 08:57 - 2013-10-17 08:57 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-17 08:55 - 2013-10-17 08:52 - 00000000 ____D C:\1e11bc64166fadcf1723a3cd4c3d96
2013-10-17 08:25 - 2099-03-01 10:09 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-17 08:20 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\pchealth
2013-10-15 23:41 - 2013-10-28 20:18 - 01898232 ____N (Bleeping Computer, LLC) C:\rkill.com
2013-10-15 08:27 - 2013-10-15 08:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike PRO
2013-10-15 00:18 - 2012-09-07 12:28 - 00163840 ___SH C:\Documents and Settings\Siyak\My Documents\Thumbs.db
2013-10-14 16:28 - 2013-10-14 16:28 - 00016096 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131014_162810.reg
2013-10-14 09:11 - 2013-10-14 09:11 - 00000000 ____D C:\Program Files\Advanced Port Scanner
2013-10-14 09:11 - 2013-10-14 09:11 - 00000000 ____D C:\Documents and Settings\Siyak\Start Menu\Programs\Advanced Port Scanner
2013-10-13 20:35 - 2013-10-26 06:47 - 00000000 ____D C:\Documents and Settings\Administrator.SHAURAN-HP\Amin.SHAURAN-HP.000
2013-10-12 18:51 - 2012-11-15 12:46 - 00006297 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2013-10-12 18:50 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-12 18:50 - 2012-11-15 12:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2013-10-12 18:28 - 2013-10-08 14:31 - 00000000 ____D C:\WINDOWS\system\System132
2013-10-12 10:57 - 2013-10-12 10:57 - 00001060 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to procexp.exe.lnk
2013-10-11 20:40 - 2013-10-11 20:40 - 00001564 _____ C:\Documents and Settings\All Users\Desktop\BMExtreme.lnk
2013-10-11 20:40 - 2013-10-11 20:40 - 00000000 ____D C:\Program Files\BMExtreme
2013-10-11 20:40 - 2013-10-11 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BMExtreme
2013-10-11 14:21 - 2013-10-11 14:21 - 00000919 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to tdsskiller.exe.lnk
2013-10-11 12:14 - 2012-08-24 23:54 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-11 10:12 - 2013-10-11 10:12 - 00001102 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to RootkitRevealer.exe.lnk
2013-10-11 08:45 - 2012-08-24 23:54 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-10 18:03 - 2013-10-10 17:47 - 00000000 ____D C:\Documents and Settings\Siyak\Desktop\RETORIKA 5
2013-10-10 08:24 - 2013-10-10 08:24 - 00001053 _____ C:\Documents and Settings\Siyak\Desktop\Shortcut to Procmon.exe.lnk
2013-10-09 18:37 - 2013-07-27 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:33 - 2012-08-25 13:50 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 18:32 - 2012-08-25 15:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-08 14:32 - 2099-03-01 10:01 - 00000000 ____D C:\WINDOWS\system
2013-10-03 16:21 - 2013-02-19 03:22 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-10-03 15:49 - 2013-10-03 15:49 - 00022700 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131003_154946.reg
2013-10-03 15:12 - 2013-06-17 12:28 - 00000000 ____D C:\Program Files\Real
2013-10-03 15:11 - 2013-06-17 12:25 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\Real
2013-10-03 15:07 - 2013-09-28 05:53 - 00000000 ____D C:\Program Files\AVG
2013-10-02 20:50 - 2013-10-02 20:50 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-10-02 09:03 - 2013-10-02 09:03 - 00000909 _____ C:\Documents and Settings\Siyak\Desktop\noscript.exe.lnk
2013-10-02 08:39 - 2013-10-02 08:39 - 00000917 _____ C:\Documents and Settings\Siyak\Desktop\Revo Uninstaller.lnk
2013-10-02 08:39 - 2013-10-02 08:39 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-02 08:30 - 2013-10-02 08:30 - 00000000 __SHD C:\Documents and Settings\Siyak\IECompatCache
2013-10-02 08:25 - 2013-02-17 13:52 - 00000000 ____D C:\Program Files\PdaNet for Android
2013-10-02 08:17 - 2012-09-04 15:14 - 00000000 ____D C:\WINDOWS\system32\cxaxcxhxe
2013-10-02 00:00 - 2013-10-02 00:00 - 00013058 _____ C:\Documents and Settings\Siyak\My Documents\cc_20131002_000005.reg
2013-10-01 20:54 - 2013-10-01 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2013-10-01 20:54 - 2013-03-11 11:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trows RAN Free Server Edition March 02, 2013
2013-10-01 20:54 - 2012-11-15 12:51 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\HpUpdate
2013-10-01 20:54 - 2012-10-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PMB
2013-10-01 20:46 - 2013-10-01 20:46 - 00000000 ____D C:\Documents and Settings\Siyak\Application Data\AVG
2013-10-01 18:01 - 2013-10-01 18:01 - 00000440 __RSH C:\Documents and Settings\Siyak\ntuser.pol
2013-10-01 14:33 - 2012-08-24 23:54 - 00229376 _____ C:\Documents and Settings\LocalService\NTUSER.bak
2013-10-01 14:33 - 2012-08-24 23:54 - 00225280 _____ C:\Documents and Settings\NetworkService\NTUSER.bak
2013-10-01 14:30 - 2013-10-01 14:30 - 00000000 ____D C:\Documents and Settings\Siyak\Local Settings\Application Data\avgchrome
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\WINDOWS\system32\searchplugins
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\WINDOWS\system32\Extensions
2013-10-01 13:09 - 2013-10-01 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 13:05 - 2013-10-01 13:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2013-10-01 13:02 - 2013-02-19 03:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TuneUp Software
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Amin\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\Amin\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\Amin\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\Amin\Local Settings\Temp\oi_{FCD64D8A-4C3C-4C16-A345-10C754DC4FB5}.exe
C:\Documents and Settings\Amin\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Amin\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\Siyak\Local Settings\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2013
Ran by Siyak at 2013-10-31 23:21:06
Running from C:\Documents and Settings\Siyak\Desktop\FarbarRecovery
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
Could not list Security Center items. Check WMI.
 
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.2.2.28595)
32 Bit HP CIO Components Installer (Version: 6.1.2)
AutoHotkey 1.1.10.01 (Version: 1.1.10.01)
avast! Free Antivirus (Version: 9.0.2006)
BufferChm (Version: 140.0.212.000)
CCleaner (Version: 4.06)
COMODO Firewall (Version: 6.3.32439.2937)
Copy (Version: 140.0.212.000)
Counter-Strike PRO
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000)
ERUNT 1.1j
F2400 (Version: 140.0.690.000)
FlashGet 1.9.6.1073 (Version: 1.9.6.1073)
GIMP 2.8.4 (Version: 2.8.4)
Google Update Helper (Version: 1.3.21.115)
GPBaseService2 (Version: 140.0.211.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
Intel® Extreme Graphics Driver
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NirSoft VideoCacheView
Revo Uninstaller 1.95 (Version: 1.95)
Scan (Version: 140.0.80.000)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
SopCast 3.8.2 (Version: 3.8.2)
SoundMAX
Status (Version: 140.0.212.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.88)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Internet Explorer 8 (Version: 20090308.140743)
YTD Video Downloader 4.5.1 (Version: 4.5.1)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2004-08-04 20:00 - 2013-10-31 22:33 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Siyak.job => C:\Documents and Settings\Siyak\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_Siyak.job => C:\Documents and Settings\Siyak\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Siyak.job => C:\Documents and Settings\Siyak\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-31 09:23 - 2013-10-15 14:06 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13101500\algo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27952658.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27952658.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/29/2013 06:57:57 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF while recovering repository file.
 
Error: (10/29/2013 06:57:57 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF while recovering repository file.
 
Error: (10/29/2013 03:57:04 PM) (Source: NTBackup) (User: )
Description: End Operation: Warnings or errors were encountered.
 
Consult the backup report for more details.
 
Error: (10/29/2013 03:57:00 PM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'
 
 
Verify:  Off 
 
Mode:  Replace 
 
Type:  Normal 
 
 
Consult the backup report for more details.
 
Error: (10/29/2013 03:53:06 PM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (10/29/2013 00:18:18 PM) (Source: Application Error) (User: )
Description: Faulting application avastui.exe, version 9.0.2006.160, faulting module avastui.exe, version 9.0.2006.160, fault address 0x000b7c6b.
Processing media-specific event for [avastui.exe!ws!]
 
Error: (10/28/2013 03:35:37 PM) (Source: ESENT) (User: )
Description: Catalog Database (1972) The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1888256 (0x00000000001cd000) for 4096 (0x00001000) bytes failed verification due to a page number mismatch.  The expected page number was 460 (0x000001cc) and the actual page number was 423 (0x000001a7).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.
 
Error: (10/28/2013 01:33:37 PM) (Source: ESENT) (User: )
Description: Catalog Database (1972) The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1888256 (0x00000000001cd000) for 4096 (0x00001000) bytes failed verification due to a page number mismatch.  The expected page number was 460 (0x000001cc) and the actual page number was 423 (0x000001a7).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.
 
Error: (10/28/2013 01:28:22 PM) (Source: ESENT) (User: )
Description: Catalog Database (1972) The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1888256 (0x00000000001cd000) for 4096 (0x00001000) bytes failed verification due to a page number mismatch.  The expected page number was 460 (0x000001cc) and the actual page number was 423 (0x000001a7).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.
 
Error: (10/28/2013 00:46:39 PM) (Source: Windows Product Activation) (User: )
Description: Due to hardware changes on this computer, you will need to reactivate your Windows product.
 
 
System errors:
=============
Error: (08/28/2012 07:40:38 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\e-Games\Ran Online\MFC80.DLL.
Reference error message: The operation completed successfully.
.
 
Error: (08/28/2012 07:40:38 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (08/28/2012 07:40:38 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (08/28/2012 06:39:41 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\e-Games\Ran Online\MFC80.DLL.
Reference error message: The operation completed successfully.
.
 
Error: (08/28/2012 06:39:41 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (08/28/2012 06:39:41 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (08/28/2012 05:55:57 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\e-Games\Ran Online\MFC80.DLL.
Reference error message: The operation completed successfully.
.
 
Error: (08/28/2012 05:55:57 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (08/28/2012 05:55:57 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (08/27/2012 07:55:43 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\e-Games\Ran Online\MFC80.DLL.
Reference error message: The operation completed successfully.
.
 
 
Microsoft Office Sessions:
=========================
Error: (10/29/2013 06:57:57 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF
 
Error: (10/29/2013 06:57:57 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF
 
Error: (10/29/2013 03:57:04 PM) (Source: NTBackup)(User: )
Description: Warnings or errors were encountered.
 
Error: (10/29/2013 03:57:00 PM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OffReplaceNormal
 
Error: (10/29/2013 03:53:06 PM) (Source: COM+)(User: )
Description: (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (10/29/2013 00:18:18 PM) (Source: Application Error)(User: )
Description: avastui.exe9.0.2006.160avastui.exe9.0.2006.160000b7c6b
 
Error: (10/28/2013 03:35:37 PM) (Source: ESENT)(User: )
Description: Catalog Database1972C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb1888256 (0x00000000001cd000)4096 (0x00001000)-1018 (0xfffffc06)460 (0x000001cc)423 (0x000001a7)
 
Error: (10/28/2013 01:33:37 PM) (Source: ESENT)(User: )
Description: Catalog Database1972C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb1888256 (0x00000000001cd000)4096 (0x00001000)-1018 (0xfffffc06)460 (0x000001cc)423 (0x000001a7)
 
Error: (10/28/2013 01:28:22 PM) (Source: ESENT)(User: )
Description: Catalog Database1972C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb1888256 (0x00000000001cd000)4096 (0x00001000)-1018 (0xfffffc06)460 (0x000001cc)423 (0x000001a7)
 
Error: (10/28/2013 00:46:39 PM) (Source: Windows Product Activation)(User: )
Description: 
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 23%
Total physical RAM: 1271.48 MB
Available physical RAM: 968.82 MB
Total Pagefile: 3034.46 MB
Available Pagefile: 2846.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.19 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:38.33 GB) (Free:18.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 38 GB) (Disk ID: E97BE97B)
Partition 1: (Active) - (Size=38 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:27 PM

Posted 31 October 2013 - 01:22 PM

Nothing suspicious was found on your last log.

Did you restore this computer to a previous date?
What are the current problems with this computer?

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#13 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 01 November 2013 - 05:29 AM

Did you restore this computer to a previous date?
Yes i did a system restore before getting help. That would be 15 - 20 days ago  
 
What are the current problems with this computer?
1. it's skipping autochk now. Error  "Cannot find autochk.exe." But autochk.exe is in my system32 folder, (Autochk folder is                 missing)
2. Its running slow than usual
3. When searching something in windows explorer,  It never stop. It just keep looping until I click stop.
4. At some point the system will be at stall. Mouse cursor is moving but system timer is stuck and cannot close any program               running including         task manager. That I will be force to execute a force shutdown by holding the cpu power button.   
5.I disabled some services but will be started on startup  (ALG, NLA, COM+ )
 
 
Run OTL but was not successful (No interface)
End it in task manager
Run it again, run scan, but no log is created upon completion. (Error : Could not fine OTL.txt. Would you like to save it? ) I saved it but its blank.
rebooted the computer and run OTL again . 
Here iis the Log OTL.txt but there was no Extras.txt created. I thought it was because System restore service is not started, but when I try to start the service, I got an error: 1359: An internal error occured
 
OTL logfile created on: 11/1/2013 12:37:58 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Siyak\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.24 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 75.65% Memory free
2.96 Gb Paging File | 2.79 Gb Available in Paging File | 94.02% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 18.67 Gb Free Space | 48.69% Space Free | Partition Type: NTFS
 
Computer Name: SHAURAN-HP | User Name: Siyak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/31 09:22:41 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/10/31 09:22:39 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/30 20:26:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Siyak\Desktop\OTL.exe
PRC - [2013/09/24 11:53:54 | 004,831,680 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/31 09:22:53 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/15 14:06:28 | 002,136,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13101500\algo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Siyak\LOCALS~1\Temp\P.exe -- (P)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2013/10/31 09:22:39 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/09/24 11:53:54 | 004,831,680 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/09/24 11:53:28 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/09/19 11:15:30 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/09/17 12:00:52 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/01/13 16:51:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (rkhdrv40)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/31 09:22:57 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/10/31 09:22:57 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/10/31 09:22:57 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/31 09:22:57 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/10/31 09:22:57 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/10/31 09:22:57 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/10/31 09:22:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/10/31 09:22:57 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/09/24 11:54:00 | 000,587,864 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013/09/24 11:54:00 | 000,096,216 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013/09/24 11:54:00 | 000,030,552 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 11:54:00 | 000,015,704 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/01 08:34:32 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-602162358-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
IE - HKU\S-1-5-21-602162358-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-602162358-746137067-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
[2012/11/27 00:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Siyak\Application Data\Mozilla\Firefox\extensions
[2012/11/27 00:47:57 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Siyak\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/10/01 13:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013/10/31 22:33:36 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled [2013/10/27 20:34:24 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab (EGamesPlugin Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345856944515 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEC2D009-5F0B-4850-917D-3D8FA044E475}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Siyak\My Documents\My Pictures\CCard May 6 2013 due.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Siyak\My Documents\My Pictures\CCard May 6 2013 due.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/24 23:50:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099/03/01 10:11:40 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2099/03/01 10:11:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2099/03/01 10:11:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2099/03/01 10:10:38 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2099/03/01 10:10:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2099/03/01 10:09:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2099/03/01 10:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2099/03/01 10:09:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2099/03/01 10:09:15 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2099/03/01 10:09:15 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2099/03/01 10:09:14 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2099/03/01 10:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2099/03/01 10:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2099/03/01 10:09:13 | 000,000,000 | R--D | C] -- C:\Program Files
[2099/03/01 10:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2099/03/01 10:09:11 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2099/03/01 10:09:11 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2099/03/01 10:09:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2099/03/01 10:09:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2099/03/01 10:09:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2099/03/01 10:09:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2099/03/01 10:09:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2099/03/01 10:09:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2099/03/01 10:09:08 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2099/03/01 10:09:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2099/03/01 10:09:08 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2099/03/01 10:09:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2099/03/01 10:09:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2099/03/01 10:09:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2099/03/01 10:09:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2099/03/01 10:09:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2099/03/01 10:09:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2099/03/01 10:09:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2099/03/01 10:09:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2099/03/01 10:09:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2099/03/01 10:09:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2099/03/01 10:09:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2099/03/01 10:09:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2099/03/01 10:09:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2099/03/01 10:09:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2099/03/01 10:09:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2099/03/01 10:09:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2099/03/01 10:09:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2099/03/01 10:09:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2099/03/01 10:09:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2099/03/01 10:09:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2099/03/01 10:09:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2099/03/01 10:09:06 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2099/03/01 10:09:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2099/03/01 10:09:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2099/03/01 10:09:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2099/03/01 10:09:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2099/03/01 10:09:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2099/03/01 10:09:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2099/03/01 10:09:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2099/03/01 10:09:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2099/03/01 10:09:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2099/03/01 10:09:03 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2099/03/01 10:09:03 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2099/03/01 10:09:03 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2099/03/01 10:09:03 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2099/03/01 10:09:03 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2099/03/01 10:09:03 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2099/03/01 10:09:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2099/03/01 10:09:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2099/03/01 10:09:03 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2099/03/01 10:09:03 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2099/03/01 10:09:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2099/03/01 10:09:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2099/03/01 10:09:03 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2099/03/01 10:09:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2099/03/01 10:09:03 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2099/03/01 10:09:03 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2099/03/01 10:09:03 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2099/03/01 10:09:03 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2099/03/01 10:09:02 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2099/03/01 10:09:02 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2099/03/01 10:09:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2099/03/01 10:09:02 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2099/03/01 10:09:02 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2099/03/01 10:09:02 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2099/03/01 10:09:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2099/03/01 10:09:02 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2099/03/01 10:09:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2099/03/01 10:09:02 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2099/03/01 10:09:02 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2099/03/01 10:09:02 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2099/03/01 10:09:02 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2099/03/01 10:09:01 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2099/03/01 10:09:01 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2099/03/01 10:09:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2099/03/01 10:09:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2099/03/01 10:09:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2099/03/01 10:09:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2099/03/01 10:08:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2099/03/01 10:08:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2099/03/01 10:08:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2099/03/01 10:08:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2099/03/01 10:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2099/03/01 10:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2099/03/01 10:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2099/03/01 10:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2099/03/01 10:08:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2099/03/01 10:08:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2099/03/01 10:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2099/03/01 10:08:13 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2099/03/01 10:01:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2099/03/01 10:01:25 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2099/03/01 10:01:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2099/03/01 10:01:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2099/03/01 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2013/11/01 12:36:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Siyak\Desktop\OTL.exe
[2013/11/01 11:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\OTL
[2013/11/01 10:16:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Autochk.bak
[2013/10/31 23:18:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/31 23:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\FarbarRecovery
[2013/10/31 22:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\New Folder
[2013/10/31 11:22:03 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/10/31 11:19:25 | 005,137,879 | ---- | C] (Swearware) -- C:\Documents and Settings\Siyak\Desktop\ComboFix.exe
[2013/10/31 10:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013/10/31 09:23:07 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/10/31 09:23:06 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/10/31 09:23:05 | 000,774,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/10/31 09:23:05 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/10/31 09:23:04 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/10/31 09:23:04 | 000,035,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/10/31 09:22:58 | 000,269,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/10/31 09:22:54 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/10/31 09:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/31 06:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\RootRepealLogs
[2013/10/31 06:38:19 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/30 21:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/30 21:18:14 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\Siyak\Desktop\JRT.exe
[2013/10/29 17:23:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Siyak\Recent
[2013/10/29 15:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\My Documents\BackUp
[2013/10/29 07:23:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Siyak\Desktop\dds.com
[2013/10/28 20:21:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/28 20:18:05 | 000,688,992 | ---- | C] (Swearware) -- C:\dds.com
[2013/10/28 20:18:04 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.com
[2013/10/27 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013/10/27 20:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/10/27 19:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\My Documents\Avast
[2013/10/27 19:01:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled
[2013/10/27 19:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2013/10/27 19:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
[2013/10/27 18:40:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/10/27 18:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/27 18:35:24 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/27 18:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/10/27 14:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\Malwarebytes
[2013/10/27 14:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/27 14:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/27 14:11:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/27 14:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/27 14:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\Mbam
[2013/10/26 23:37:10 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\50451574.sys
[2013/10/26 07:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\regsearch
[2013/10/25 17:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\AVAST Software
[2013/10/25 17:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/10/25 16:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/25 16:32:24 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Siyak\Desktop\RootkitRevealer.exe
[2013/10/25 11:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\AvaMbamCleaner
[2013/10/25 11:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\RKtools
[2013/10/25 09:27:57 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Siyak\Desktop\mbam-setup-1.75.0.1300 (1).exe
[2013/10/25 09:27:57 | 007,211,664 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Siyak\Desktop\mbam-rules.exe
[2013/10/24 15:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\My Documents\DumpWmilib
[2013/10/24 07:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\RK_Quarantine
[2013/10/23 00:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCAInternet
[2013/10/22 21:12:36 | 000,172,032 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dzip32.dll
[2013/10/22 21:12:34 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2013/10/22 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\ProcessLasso
[2013/10/21 23:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\My Documents\RanOnline
[2013/10/21 19:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/10/21 19:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\IObit
[2013/10/21 19:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2013/10/21 19:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/10/21 18:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Start Menu\Programs\WinRAR
[2013/10/21 18:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/10/20 18:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Local Settings\Application Data\COMODO
[2013/10/20 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2013/10/20 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/20 17:34:44 | 003,765,976 | ---- | C] (COMODO) -- C:\Documents and Settings\All Users\Application Data\cisB3.exe
[2013/10/19 16:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Doctor Web
[2013/10/18 13:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/18 13:06:18 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xgdiplus.dll
[2013/10/18 09:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\Comodo
[2013/10/18 08:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/17 16:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/17 09:03:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/10/17 09:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/17 08:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/17 08:52:11 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/10/17 08:52:11 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/10/17 08:52:11 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/10/17 08:52:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/10/17 08:52:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/10/17 08:52:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/10/17 08:52:03 | 000,000,000 | ---D | C] -- C:\1e11bc64166fadcf1723a3cd4c3d96
[2013/10/15 08:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike PRO
[2013/10/15 08:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Counter Strike PRO
[2013/10/14 09:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Start Menu\Programs\Advanced Port Scanner
[2013/10/14 09:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Port Scanner
[2013/10/12 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2013/10/11 20:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BMExtreme
[2013/10/11 20:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\BMExtreme
[2013/10/11 20:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Application Data\BMExtreme
[2013/10/11 16:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\e-Games
[2013/10/11 14:04:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/10 17:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Siyak\Desktop\RETORIKA 5
[2013/10/09 17:08:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/09 16:42:56 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/09 16:42:56 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/09 16:42:56 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/09 16:36:06 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/09 16:36:06 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/09 16:36:06 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/08 14:31:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\System132
[2013/10/02 20:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/01 12:08:14 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/11/01 12:08:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/31 22:33:36 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/31 22:08:00 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/31 18:12:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Siyak\defogger_reenable
[2013/10/31 11:21:21 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/10/31 11:19:25 | 005,137,879 | ---- | M] (Swearware) -- C:\Documents and Settings\Siyak\Desktop\ComboFix.exe
[2013/10/31 10:21:00 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/31 10:20:53 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/31 10:13:50 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/31 09:23:51 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/10/31 09:22:57 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/10/31 09:22:57 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/10/31 09:22:57 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/10/31 09:22:57 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/10/31 09:22:57 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/10/31 09:22:57 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/10/31 09:22:57 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/10/31 09:22:57 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/10/31 09:22:54 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/10/31 09:22:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/10/31 09:14:49 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/10/31 09:14:02 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2013/10/31 06:38:20 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/30 20:45:38 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Siyak\Desktop\JRT.exe
[2013/10/30 20:26:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Siyak\Desktop\OTL.exe
[2013/10/29 12:17:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\avast5.ini
[2013/10/28 12:44:39 | 004,677,632 | ---- | M] () -- C:\Documents and Settings\Siyak\ntuser.bak
[2013/10/28 12:41:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Siyak\Desktop\dds.com
[2013/10/28 12:41:10 | 000,688,992 | ---- | M] (Swearware) -- C:\dds.com
[2013/10/28 12:38:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Defogger.exe
[2013/10/28 06:45:36 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\adwcleaner.exe
[2013/10/27 21:14:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/10/27 19:00:24 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
[2013/10/27 14:15:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/26 23:37:10 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\50451574.sys
[2013/10/26 15:27:34 | 000,001,272 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131026_152727.reg
[2013/10/25 10:21:18 | 000,955,392 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\RogueKiller (1).exe
[2013/10/25 00:02:34 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Siyak\Desktop\mbam-setup-1.75.0.1300 (1).exe
[2013/10/24 23:57:26 | 007,211,664 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Siyak\Desktop\mbam-rules.exe
[2013/10/24 17:40:14 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\INternetExplorer.exe
[2013/10/24 17:40:14 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Axo0n0skq.exe
[2013/10/21 19:06:00 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2013/10/21 19:02:56 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to defragsetup.exe.lnk
[2013/10/21 09:44:43 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/10/20 22:09:34 | 000,198,268 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131020_220918.reg
[2013/10/20 18:23:45 | 000,009,338 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\CisReport_v6.3.294583.2937_20131020-182335.zip
[2013/10/18 13:06:18 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xgdiplus.dll
[2013/10/18 12:01:04 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Siyak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/18 10:44:15 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Siyak\Local Settings\Application Data\recently-used.xbel
[2013/10/18 09:00:47 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to avg_remover_stf_x86_2014_4116.lnk
[2013/10/18 09:00:47 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Old Launcher.lnk
[2013/10/18 09:00:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to Globe Broadband Bill 8-18-12 cutoff.lnk
[2013/10/17 16:28:13 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike-PRO.EXE.lnk
[2013/10/17 12:04:15 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/17 12:02:26 | 000,678,908 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131017_120219.reg
[2013/10/17 09:24:00 | 000,494,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/17 09:24:00 | 000,084,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/15 23:41:12 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.com
[2013/10/15 00:17:52 | 000,021,978 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\1379792_552042168202108_186472418_n.jpg
[2013/10/14 16:28:14 | 000,016,096 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131014_162810.reg
[2013/10/12 10:57:13 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to procexp.exe.lnk
[2013/10/11 20:40:19 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BMExtreme.lnk
[2013/10/11 14:21:45 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to tdsskiller.exe.lnk
[2013/10/11 10:12:32 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to RootkitRevealer.exe.lnk
[2013/10/10 17:47:13 | 000,066,322 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\FORECASTING.pdf
[2013/10/10 08:24:51 | 000,001,053 | ---- | M] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to Procmon.exe.lnk
[2013/10/03 15:49:50 | 000,022,700 | ---- | M] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131003_154946.reg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2099/03/01 10:09:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2099/03/01 10:09:15 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2099/03/01 10:09:15 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2099/03/01 10:09:14 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2099/03/01 10:09:14 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2099/03/01 10:09:01 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2099/03/01 10:08:51 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2099/03/01 10:08:51 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2099/03/01 10:08:51 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2099/03/01 10:08:51 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2099/03/01 10:08:51 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2099/03/01 10:08:51 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2099/03/01 10:08:51 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2099/03/01 10:08:50 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2099/03/01 10:08:13 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2099/03/01 10:07:07 | 000,000,220 | -HS- | C] () -- C:\boot.ini
[2099/03/01 10:07:03 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/10/31 18:12:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Siyak\defogger_reenable
[2013/10/31 09:23:51 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/10/31 09:23:06 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/10/31 09:23:06 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/10/29 12:24:07 | 000,955,392 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\RogueKiller (1).exe
[2013/10/29 09:54:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Defogger.exe
[2013/10/28 20:20:55 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\adwcleaner.exe
[2013/10/27 19:00:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\System Explorer.lnk
[2013/10/27 18:45:10 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/10/27 18:41:18 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/27 18:41:15 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/27 14:15:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/26 22:00:24 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\rku37300509.exe
[2013/10/26 18:40:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\avast5.ini
[2013/10/26 15:27:33 | 000,001,272 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131026_152727.reg
[2013/10/26 07:53:01 | 000,345,156 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\regsearch.zip
[2013/10/25 16:32:24 | 000,102,160 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\RootkitRevealer.chm
[2013/10/24 22:42:14 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\INternetExplorer.exe
[2013/10/24 19:20:02 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Axo0n0skq.exe
[2013/10/23 17:25:43 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Siyak\Desktop\RootRepeal.exe
[2013/10/21 19:06:39 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/10/21 19:06:00 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2013/10/21 19:02:56 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to defragsetup.exe.lnk
[2013/10/20 22:09:31 | 000,198,268 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131020_220918.reg
[2013/10/20 18:23:44 | 000,009,338 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\CisReport_v6.3.294583.2937_20131020-182335.zip
[2013/10/20 14:08:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/10/18 10:44:15 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Siyak\Local Settings\Application Data\recently-used.xbel
[2013/10/17 12:02:22 | 000,678,908 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131017_120219.reg
[2013/10/15 08:27:39 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike-PRO.EXE.lnk
[2013/10/15 00:17:51 | 000,021,978 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\1379792_552042168202108_186472418_n.jpg
[2013/10/14 16:28:12 | 000,016,096 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131014_162810.reg
[2013/10/12 10:57:13 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to procexp.exe.lnk
[2013/10/11 20:40:19 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BMExtreme.lnk
[2013/10/11 14:21:45 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to tdsskiller.exe.lnk
[2013/10/11 10:12:32 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to RootkitRevealer.exe.lnk
[2013/10/10 17:47:11 | 000,066,322 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\FORECASTING.pdf
[2013/10/10 08:24:50 | 000,001,053 | ---- | C] () -- C:\Documents and Settings\Siyak\Desktop\Shortcut to Procmon.exe.lnk
[2013/10/03 15:49:48 | 000,022,700 | ---- | C] () -- C:\Documents and Settings\Siyak\My Documents\cc_20131003_154946.reg
[2013/10/01 18:01:26 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Siyak\ntuser.pol
[2013/09/11 17:45:23 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Siyak\resetlog.tx
[2013/09/09 09:33:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 11:23:07 | 004,677,632 | ---- | C] () -- C:\Documents and Settings\Siyak\ntuser.bak
[2013/02/11 10:01:13 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REditor.INI
[2013/01/23 11:52:07 | 000,038,560 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2013/01/17 16:17:45 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2013/01/02 12:03:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Siyak\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 09:58:16 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2012/11/12 08:14:28 | 000,002,514 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/08/28 21:47:21 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Siyak\Local Settings\Application Data\dt.dat
[2012/08/25 22:05:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/08/25 12:45:53 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/25 09:25:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/24 23:53:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/24 23:47:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== ZeroAccess Check ==========
 
[2013/10/17 08:39:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/29 05:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/13 05:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/10/13 05:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.SHAURAN-HP\Application Data\TuneUp Software
[2013/10/20 18:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/25 16:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/27 07:58:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/02/17 12:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/10/21 19:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/10/27 18:41:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/10/27 19:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2013/10/23 06:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/10/01 13:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/09/29 09:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin\Application Data\AVG Secure Search
[2012/09/29 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin\Application Data\AVG2013
[2012/10/06 17:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin\Application Data\PhotoScape
[2012/09/29 09:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin\Application Data\TuneUp Software
[2012/10/25 01:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin.SHAURAN-HP\Application Data\PhotoScape
[2012/10/13 05:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amin.SHAURAN-HP\Application Data\TuneUp Software
[2013/10/02 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/10/01 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2013/10/25 17:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\AVAST Software
[2013/10/01 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\AVG
[2013/09/09 01:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\AVG Secure Search(2)
[2013/10/18 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\BMExtreme
[2013/10/21 19:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\IObit
[2013/03/18 10:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\PE Explorer
[2013/04/01 09:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\PhotoScape
[2013/10/22 09:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\ProcessLasso
[2013/02/19 03:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\TuneUp Software
[2013/06/17 10:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Siyak\Application Data\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 21:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 13:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 20:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: SERVICES  >
[2004/08/04 20:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.DAT  >
[2013/10/16 03:36:22 | 000,003,075 | ---- | M] () MD5=6806FCE3B99E6913439FB220BF6544B0 -- C:\Documents and Settings\Administrator.SHAURAN-HP\Local Settings\Temp\jrt\services.dat
[2013/10/16 03:36:22 | 000,003,075 | ---- | M] () MD5=6806FCE3B99E6913439FB220BF6544B0 -- C:\Documents and Settings\Siyak\Local Settings\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2012/10/14 18:00:11 | 000,001,602 | ---- | M] () MD5=94D07667555B9C82B296EFB76865F2B7 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 20:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2004/08/04 20:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 20:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
 
< End of report >


#14 Shauran

Shauran
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 01 November 2013 - 06:16 AM

SEOpenedFiles_zpse9b9a7eb.jpg

combofix_zps951f0516.jpg



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:27 PM

Posted 01 November 2013 - 08:23 AM

Yes ComboFix created that foled.
C:\32788r22FWJFW

Uninstall the application this way.

Rename ComboFix.exe to UNINSTALL.exe and double click it. It's case insensitive.
===

The other files and folders you identified are good. Do not remove them.
===

There are may files marked as missing in your logs. Let try to repair some of them.

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
When this is completed, run the SFC.EXE

If the Minibox does not work try to run this.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Keep me posted on the results.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users