Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal help


  • This topic is locked This topic is locked
9 replies to this topic

#1 prifate_ryan

prifate_ryan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 March 2014 - 02:35 AM

I have installed NOD32 2014. My laptop freezes at startup sometimes after the desktop appears. I am running windows 8.1 and DDS could not be run. It gives the error message 'DDS is not meant to run on compatibility mode. The program will now exit.'

BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 March 2014 - 07:10 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 prifate_ryan

prifate_ryan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 13 March 2014 - 12:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by SYSTEM on MININT-JB89MJL on 13-03-2014 23:26:05
Running from H:\
Windows 8.1 Pro (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
HKLM-x32\...\Run: [kbdsprt] - [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\kmb\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\kmb\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [4110992 2014-02-07] (Speedbit Ltd.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
 
==================== Services (Whitelisted) =================
 
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
S2 apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation)
S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 mysql; C:\xampp\mysql\bin\mysqld.exe [8180224 2012-06-29] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
S2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\TWCU\COMMON\RegistryWriter.exe [69632 2010-07-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
S3 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-01-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S4 vsserv; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-13 23:26 - 2014-03-13 23:26 - 00000000 ____D () C:\FRST
2014-03-13 09:34 - 2014-03-13 09:34 - 06640640 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 06353960 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 04175360 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02543960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-03-13 09:34 - 2014-03-13 09:34 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02133208 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01928144 _____ (Microsoft Corporation) C:\Windows\System32\combase.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01486848 _____ (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01287064 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00764864 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00716288 _____ (Microsoft Corporation) C:\Windows\System32\swprv.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00458616 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 00447488 _____ (Microsoft Corporation) C:\Windows\System32\sppcomapi.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 00407024 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00386722 _____ () C:\Windows\System32\ApnDatabase.xml
2014-03-13 09:34 - 2014-03-13 09:34 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00311640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-03-13 09:34 - 2014-03-13 09:34 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00233920 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\System32\DWWIN.EXE
2014-03-13 09:34 - 2014-03-13 09:34 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-13 09:34 - 2014-03-13 09:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 07:04 - 2014-03-12 07:04 - 00096528 _____ () C:\Users\kmb\Downloads\all_shall_perish_never_ending_war.gp5
2014-03-12 06:52 - 2013-12-20 02:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2014-03-12 06:52 - 2013-12-20 02:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2014-03-12 06:51 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-12 06:51 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-12 06:51 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 06:51 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-12 06:51 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-12 06:51 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 06:51 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 06:51 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-12 06:51 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 06:51 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-12 06:51 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 06:51 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 06:51 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-12 06:51 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 06:51 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 06:51 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-12 06:51 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 06:45 - 2013-10-30 16:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-03-12 06:45 - 2013-10-30 16:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2014-03-12 06:45 - 2013-10-30 16:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-03-12 00:04 - 2014-02-10 19:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 00:04 - 2014-02-10 18:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 00:04 - 2014-02-10 18:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-11 08:30 - 2014-03-11 08:30 - 00001096 _____ () C:\Users\kmb\Desktop\Viber.lnk
2014-03-11 08:30 - 2014-03-11 08:30 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\ViberPC
2014-03-11 08:24 - 2014-03-11 08:24 - 00003108 _____ () C:\Windows\System32\Tasks\{141B9F72-06DD-4DCD-81E5-A7D658DBFB92}
2014-03-11 08:22 - 2014-03-11 08:31 - 00000000 ____D () C:\Users\kmb\AppData\Local\Viber
2014-03-10 23:26 - 2014-03-10 23:28 - 00688992 _____ (Swearware) C:\Users\kmb\Downloads\dds.com
2014-03-10 20:56 - 2014-03-10 20:56 - 00195072 _____ () C:\Users\kmb\Downloads\lecture13.ppt
2014-03-09 08:58 - 2014-03-09 08:58 - 00000870 _____ () C:\Users\kmb\Downloads\Music - Shortcut.lnk
2014-03-08 20:17 - 2014-03-08 20:17 - 00038400 ____H () C:\Users\kmb\Downloads\~WRL0005.tmp
2014-03-08 20:10 - 2014-03-09 00:08 - 00004766 _____ () C:\Windows\setupact.log
2014-03-08 20:10 - 2014-03-08 20:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 20:09 - 2014-03-13 09:35 - 01311928 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 20:08 - 2014-03-12 17:28 - 00476272 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\CISCO_CCNA
2014-03-05 21:57 - 2014-03-05 21:57 - 00035967 _____ () C:\Users\kmb\Downloads\joe_satriani_rubina.gp3
2014-03-04 12:13 - 2014-03-06 22:45 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\TeraCopy
2014-03-03 17:05 - 2014-03-03 17:05 - 00000000 ____D () C:\Users\kmb\dwhelper
2014-03-03 06:47 - 2014-03-03 06:48 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-02 20:58 - 2014-03-02 20:59 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\ProgramData\TP-LINK Driver
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\ProgramData\Ralink
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files (x86)\TP-LINK
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-02 14:52 - 2010-07-30 09:24 - 00527360 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\RAIHV.dll
2014-03-02 14:52 - 2010-07-30 09:24 - 00527360 _____ (Cisco Systems, Inc.) C:\Windows\System32\RAIHV.dll
2014-03-02 14:52 - 2010-07-30 09:24 - 00025088 _____ () C:\Windows\SysWOW64\RAEXTUI.dll
2014-03-02 14:52 - 2010-07-30 09:24 - 00025088 _____ () C:\Windows\System32\RAEXTUI.dll
2014-03-02 14:52 - 2010-05-27 22:42 - 00014051 _____ () C:\Windows\SysWOW64\RaCoInst.dat
2014-03-02 14:52 - 2010-05-27 22:42 - 00014051 _____ () C:\Windows\System32\RaCoInst.dat
2014-02-28 22:03 - 2014-02-28 22:05 - 03099532 _____ (CamStudio Open Source ) C:\Users\kmb\Downloads\CamStudio_2.7_r316_setup.exe
2014-02-28 15:11 - 2014-02-28 15:11 - 00000011 _____ () C:\Users\kmb\pw.txt
2014-02-28 11:51 - 2014-02-28 11:51 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\dvdcss
2014-02-26 10:00 - 2014-03-01 06:32 - 00000000 ____D () C:\Program Files (x86)\Professional Recover-Center
2014-02-26 09:09 - 2014-03-04 00:48 - 00000000 ____D () C:\xampp
2014-02-24 02:18 - 2014-02-24 02:19 - 00000000 ____D () C:\Program Files (x86)\PWGen
2014-02-24 02:12 - 2014-02-24 02:13 - 01390926 _____ (Christian Thoeing ) C:\Users\kmb\Downloads\PWGen-2.4.0-Setup.exe
2014-02-24 02:06 - 2014-02-24 02:06 - 00001184 _____ () C:\Users\kmb\Downloads\owasp.txt
2014-02-24 01:36 - 2014-02-26 09:30 - 00000000 ____D () C:\Users\kmb\AppData\Local\Deployment
2014-02-24 01:36 - 2014-02-24 01:36 - 00000000 ____D () C:\Users\kmb\AppData\Local\Apps\2.0
2014-02-24 00:56 - 2004-06-08 22:01 - 02195968 _____ () C:\gdbnt.exe
2014-02-23 07:18 - 2014-02-23 23:48 - 00000000 ____D () C:\Windows\SysWOW64\Plugins
2014-02-23 06:49 - 2014-02-23 06:49 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf30a66a70e3e1
2014-02-23 06:49 - 2014-02-23 06:49 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf30a66a70e3e1.job
2014-02-23 06:05 - 2014-03-02 11:53 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Audacity
2014-02-23 05:46 - 2014-02-24 00:30 - 00000000 ____D () C:\Program Files\Recuva
2014-02-23 05:43 - 2014-03-13 08:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 05:43 - 2014-02-23 06:49 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 05:43 - 2014-02-23 06:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 00:33 - 2014-02-23 00:33 - 00001796 _____ () C:\Users\kmb\Downloads\facebook-sdk-master.zip
2014-02-22 08:27 - 2014-02-22 08:27 - 00000000 ____D () C:\Users\kmb\AppData\Local\ESET
2014-02-20 14:09 - 2014-03-07 00:26 - 00000184 _____ () C:\Users\kmb\.packettracer
2014-02-20 14:09 - 2014-02-20 14:22 - 00000000 ____D () C:\Users\kmb\Cisco Packet Tracer 6.0.1
2014-02-19 20:53 - 2014-02-19 20:53 - 00000000 ____D () C:\ProgramData\ESET
2014-02-19 20:53 - 2014-02-19 20:53 - 00000000 ____D () C:\Program Files\ESET
2014-02-19 14:07 - 2014-02-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-02-19 12:57 - 2014-02-19 12:57 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Wireshark
2014-02-19 10:31 - 2014-02-19 10:31 - 00001363 _____ () C:\Users\UpdatusUser\Desktop\WiFiPasswordDecryptor.lnk
2014-02-19 10:31 - 2014-02-19 10:31 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2014-02-19 10:31 - 2012-01-20 14:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2014-02-19 10:30 - 2014-02-19 12:38 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\systweak
2014-02-18 12:06 - 2014-02-19 16:17 - 00000000 ____D () C:\Users\kmb\AppData\Local\CyberGhost
2014-02-18 10:58 - 2014-02-18 11:00 - 00000000 ____D () C:\Program Files (x86)\Cisco Packet Tracer 6.0.1
2014-02-18 10:54 - 2014-02-18 10:54 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-18 10:12 - 2014-02-18 10:15 - 03208193 _____ () C:\Users\kmb\Downloads\Delite software.rar
2014-02-17 23:46 - 2014-02-17 23:46 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-02-17 23:45 - 2014-02-17 23:46 - 00000000 ____D () C:\Program Files\OpenVPN
2014-02-17 10:18 - 2014-02-17 10:18 - 00000000 ____D () C:\Program Files (x86)\Privoxy
2014-02-16 20:31 - 2014-03-12 17:30 - 00000433 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-02-16 13:11 - 2014-02-18 12:06 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-02-16 13:01 - 2014-02-19 13:09 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\I2P
2014-02-16 07:04 - 2013-11-27 07:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-02-16 07:04 - 2013-11-27 05:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-02-16 07:04 - 2013-11-27 00:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2014-02-16 07:04 - 2013-11-26 05:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2014-02-16 07:04 - 2013-11-26 01:21 - 18577920 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-02-16 07:04 - 2013-11-26 00:28 - 13925888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 07:04 - 2013-11-23 03:49 - 21196664 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-02-16 07:04 - 2013-11-22 19:57 - 00637952 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2014-02-16 07:04 - 2013-11-22 19:25 - 00744448 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2014-02-16 07:04 - 2013-11-22 19:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-02-16 07:03 - 2013-12-08 16:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
2014-02-16 07:03 - 2013-12-08 16:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-02-16 07:03 - 2013-11-27 07:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2014-02-16 07:03 - 2013-11-27 06:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-02-16 07:03 - 2013-11-27 04:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2014-02-16 07:03 - 2013-11-27 02:54 - 00461824 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2014-02-16 07:03 - 2013-11-27 02:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2014-02-16 07:03 - 2013-11-27 02:08 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-16 07:03 - 2013-11-27 01:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-16 07:03 - 2013-11-27 01:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2014-02-16 07:03 - 2013-11-27 01:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2014-02-16 07:03 - 2013-11-27 01:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Graphics.dll
2014-02-16 07:03 - 2013-11-27 00:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-02-16 07:03 - 2013-11-26 05:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2014-02-16 07:03 - 2013-11-26 03:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-02-16 07:03 - 2013-11-24 17:45 - 00142680 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-02-16 07:03 - 2013-11-24 17:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2014-02-16 07:03 - 2013-11-24 15:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-02-16 07:03 - 2013-11-24 15:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-02-16 07:03 - 2013-11-23 04:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\System32\ploptin.dll
2014-02-16 07:03 - 2013-11-23 00:19 - 18642504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-16 07:03 - 2013-11-22 23:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\bi.dll
2014-02-16 07:03 - 2013-11-22 23:13 - 00019456 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2014-02-16 07:03 - 2013-11-22 23:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-02-16 07:03 - 2013-11-22 20:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2014-02-16 07:03 - 2013-11-22 19:48 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-02-16 07:03 - 2013-11-22 19:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-02-16 07:03 - 2013-11-22 19:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-16 07:03 - 2013-11-20 22:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\deviceregistration.dll
2014-02-16 07:03 - 2013-11-20 22:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-02-16 07:03 - 2013-11-15 06:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2014-02-16 07:03 - 2013-11-15 06:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-02-16 07:03 - 2013-11-15 06:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2014-02-16 07:03 - 2013-11-15 05:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-02-16 07:03 - 2013-10-30 16:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-02-16 07:03 - 2013-10-30 15:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ___RD () C:\Sandbox
2014-02-13 19:10 - 2014-01-09 00:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-02-13 19:10 - 2014-01-08 23:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-13 19:10 - 2014-01-08 23:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-02-13 19:10 - 2014-01-08 23:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2014-02-13 19:10 - 2014-01-08 23:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-02-13 19:10 - 2014-01-08 23:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-02-13 19:10 - 2014-01-08 23:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-13 19:10 - 2014-01-08 23:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-02-13 19:10 - 2014-01-08 23:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-13 19:10 - 2014-01-08 23:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-02-13 19:08 - 2013-12-20 02:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-02-13 19:08 - 2013-12-19 22:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-13 19:07 - 2014-01-04 12:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\System32\propsys.dll
2014-02-13 19:07 - 2014-01-04 11:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-13 19:07 - 2014-01-04 06:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-02-13 19:07 - 2014-01-04 06:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-13 19:07 - 2014-01-04 05:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2014-02-13 19:07 - 2014-01-04 05:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll
2014-02-13 19:07 - 2014-01-04 05:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-13 19:07 - 2014-01-04 05:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-02-13 19:07 - 2013-12-20 18:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-13 19:07 - 2013-12-20 18:10 - 00009701 _____ () C:\Windows\System32\connectedsearch-results.searchconnector-ms
2014-02-13 18:11 - 2014-01-06 23:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\pcaui.exe
2014-02-13 18:11 - 2014-01-06 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-13 17:43 - 2014-02-13 17:43 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\QFX Software
2014-02-13 17:43 - 2014-02-13 17:43 - 00000000 ____D () C:\ProgramData\QFX Software
2014-02-13 17:42 - 2014-02-23 23:48 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2014-02-13 17:42 - 2013-05-31 06:53 - 00222200 _____ (QFX Software Corporation) C:\Windows\System32\Drivers\keyscrambler.sys
2014-02-13 09:21 - 2013-12-08 16:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-13 09:21 - 2013-12-08 15:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 09:08 - 2014-02-13 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 09:07 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-02-13 09:06 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-13 09:06 - 2014-02-13 09:06 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 09:02 - 2014-02-13 09:02 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 09:02 - 2014-02-13 09:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-13 09:01 - 2014-02-13 09:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-13 08:06 - 2014-03-02 15:05 - 00000000 ____D () C:\Users\kmb\Documents\Virtual Machines
2014-02-13 08:02 - 2014-03-11 06:12 - 00000000 ____D () C:\Users\kmb\AppData\Local\VMware
2014-02-13 08:01 - 2014-03-11 08:39 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\VMware
2014-02-13 07:26 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-13 07:26 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-13 07:26 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-13 07:26 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-13 07:26 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-13 07:26 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-13 07:26 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-13 07:26 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-13 07:26 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-13 07:26 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 07:26 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-13 07:26 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 07:26 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 07:26 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 07:26 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 07:26 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-13 07:26 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 07:26 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 07:26 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 07:26 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 07:24 - 2014-01-06 21:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-13 07:24 - 2014-01-06 20:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 07:24 - 2013-12-08 16:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-13 07:24 - 2013-12-08 15:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 07:24 - 2013-11-20 22:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-13 07:24 - 2013-11-20 21:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 07:18 - 2013-12-08 18:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-13 07:18 - 2013-12-08 17:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 20:41 - 2014-03-01 06:31 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Foxit Software
2014-02-12 20:41 - 2014-02-12 20:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-02-12 20:40 - 2014-02-12 20:40 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-02-12 20:26 - 2014-02-12 20:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-12 20:26 - 2014-02-12 20:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-11 19:58 - 2014-02-11 19:58 - 00881814 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 19:58 - 2014-02-11 19:58 - 00001024 _____ () C:\.rnd
2014-02-11 19:58 - 2012-01-18 15:47 - 00942192 _____ (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2014-02-11 19:58 - 2012-01-18 15:47 - 00433264 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-02-11 19:58 - 2012-01-18 15:47 - 00354416 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-02-11 19:58 - 2012-01-18 15:47 - 00063088 _____ (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2014-02-11 19:58 - 2012-01-18 15:46 - 00030320 _____ (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2014-02-11 19:58 - 2011-08-29 22:11 - 00039024 _____ (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2014-02-11 19:56 - 2014-03-12 17:28 - 00000000 ____D () C:\ProgramData\VMware
2014-02-11 19:56 - 2014-02-11 19:56 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-02-11 19:56 - 2014-02-11 19:56 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-02-11 19:55 - 2014-02-11 19:55 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-02-11 19:41 - 2014-02-11 19:42 - 00000000 ____D () C:\Users\kmb\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-02-11 16:04 - 2014-02-23 01:57 - 00000000 ____D () C:\Users\kmb\AppData\Local\CRE
2014-02-11 16:04 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\kmb\AppData\Local\NativeMessaging
2014-02-11 16:04 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\kmb\AppData\Local\Conduit
2014-02-11 16:02 - 2014-02-11 16:02 - 00000009 _____ () C:\END
2014-02-11 16:01 - 2014-03-13 01:28 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\BitTorrent
2014-02-11 15:20 - 2014-02-11 15:20 - 00000000 ____D () C:\Users\kmb\.tuxguitar-1.2
2014-02-11 14:37 - 2014-02-11 14:38 - 00000000 ____D () C:\Users\kmb\.idlerc
 
==================== One Month Modified Files and Folders =======
 
2014-03-13 23:26 - 2014-03-13 23:26 - 00000000 ____D () C:\FRST
2014-03-13 09:36 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 09:36 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-03-13 09:35 - 2014-03-08 20:09 - 01311928 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 09:34 - 2014-03-13 09:34 - 06640640 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 06353960 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 04175360 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02543960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-03-13 09:34 - 2014-03-13 09:34 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 02133208 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01928144 _____ (Microsoft Corporation) C:\Windows\System32\combase.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01486848 _____ (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01287064 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00764864 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00716288 _____ (Microsoft Corporation) C:\Windows\System32\swprv.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00458616 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 00447488 _____ (Microsoft Corporation) C:\Windows\System32\sppcomapi.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-13 09:34 - 2014-03-13 09:34 - 00407024 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00386722 _____ () C:\Windows\System32\ApnDatabase.xml
2014-03-13 09:34 - 2014-03-13 09:34 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00311640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-03-13 09:34 - 2014-03-13 09:34 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00233920 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\System32\DWWIN.EXE
2014-03-13 09:34 - 2014-03-13 09:34 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-13 09:34 - 2014-03-13 09:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-03-13 09:34 - 2014-03-13 09:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-13 09:25 - 2014-02-06 23:22 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\vlc
2014-03-13 09:16 - 2014-02-06 08:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 09:08 - 2014-02-05 22:13 - 00867804 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-13 09:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2014-03-13 08:26 - 2014-02-23 05:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 01:28 - 2014-02-11 16:01 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\BitTorrent
2014-03-12 20:47 - 2014-02-05 22:15 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1342965420-3808495054-3693482613-1001
2014-03-12 19:21 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\tracing
2014-03-12 17:42 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-12 17:30 - 2014-02-16 20:31 - 00000433 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-03-12 17:28 - 2014-03-08 20:08 - 00476272 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-12 17:28 - 2014-02-11 19:56 - 00000000 ____D () C:\ProgramData\VMware
2014-03-12 17:28 - 2014-02-06 09:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-12 17:23 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 17:23 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 08:18 - 2014-02-07 12:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 08:18 - 2014-02-05 22:09 - 00000000 ____D () C:\users\kmb
2014-03-12 08:18 - 2013-08-22 05:25 - 00000167 _____ () C:\Windows\win.ini
2014-03-12 07:04 - 2014-03-12 07:04 - 00096528 _____ () C:\Users\kmb\Downloads\all_shall_perish_never_ending_war.gp5
2014-03-11 10:17 - 2014-02-06 08:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 08:39 - 2014-02-13 08:02 - 00000000 ____D () C:\Users\kmb\AppData\Local\VMware
2014-03-11 08:39 - 2014-02-13 08:01 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\VMware
2014-03-11 08:31 - 2014-03-11 08:22 - 00000000 ____D () C:\Users\kmb\AppData\Local\Viber
2014-03-11 08:30 - 2014-03-11 08:30 - 00001096 _____ () C:\Users\kmb\Desktop\Viber.lnk
2014-03-11 08:30 - 2014-03-11 08:30 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\ViberPC
2014-03-11 08:24 - 2014-03-11 08:24 - 00003108 _____ () C:\Windows\System32\Tasks\{141B9F72-06DD-4DCD-81E5-A7D658DBFB92}
2014-03-10 23:28 - 2014-03-10 23:26 - 00688992 _____ (Swearware) C:\Users\kmb\Downloads\dds.com
2014-03-10 20:56 - 2014-03-10 20:56 - 00195072 _____ () C:\Users\kmb\Downloads\lecture13.ppt
2014-03-10 07:27 - 2014-02-06 08:02 - 00001898 _____ () C:\Windows\Sandboxie.ini
2014-03-09 10:29 - 2014-02-09 05:16 - 00000000 ____D () C:\Mov
2014-03-09 09:21 - 2014-02-07 12:22 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Skype
2014-03-09 08:58 - 2014-03-09 08:58 - 00000870 _____ () C:\Users\kmb\Downloads\Music - Shortcut.lnk
2014-03-09 00:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF
2014-03-09 00:08 - 2014-03-08 20:10 - 00004766 _____ () C:\Windows\setupact.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00038400 ____H () C:\Users\kmb\Downloads\~WRL0005.tmp
2014-03-08 20:17 - 2014-02-05 22:09 - 00000000 ____D () C:\Users\kmb\AppData\Local\Packages
2014-03-08 20:10 - 2014-03-08 20:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 06:10 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-07 05:55 - 2014-02-08 04:35 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-07 05:51 - 2014-02-08 04:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-07 00:26 - 2014-02-20 14:09 - 00000184 _____ () C:\Users\kmb\.packettracer
2014-03-06 22:45 - 2014-03-04 12:13 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\TeraCopy
2014-03-06 11:43 - 2014-02-06 13:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\CISCO_CCNA
2014-03-05 21:57 - 2014-03-05 21:57 - 00035967 _____ () C:\Users\kmb\Downloads\joe_satriani_rubina.gp3
2014-03-05 02:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-03-04 00:48 - 2014-02-26 09:09 - 00000000 ____D () C:\xampp
2014-03-03 17:05 - 2014-03-03 17:05 - 00000000 ____D () C:\Users\kmb\dwhelper
2014-03-03 06:48 - 2014-03-03 06:47 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-02 20:59 - 2014-03-02 20:58 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2014-03-02 15:05 - 2014-02-13 08:06 - 00000000 ____D () C:\Users\kmb\Documents\Virtual Machines
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\ProgramData\TP-LINK Driver
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\ProgramData\Ralink
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files (x86)\TP-LINK
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-02 11:53 - 2014-02-23 06:05 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Audacity
2014-03-01 06:32 - 2014-02-26 10:00 - 00000000 ____D () C:\Program Files (x86)\Professional Recover-Center
2014-03-01 06:31 - 2014-02-12 20:41 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Foxit Software
2014-02-28 22:05 - 2014-03-12 06:51 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 22:05 - 2014-02-28 22:03 - 03099532 _____ (CamStudio Open Source ) C:\Users\kmb\Downloads\CamStudio_2.7_r316_setup.exe
2014-02-28 20:58 - 2014-03-12 06:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 20:30 - 2014-03-12 06:51 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:17 - 2014-03-12 06:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 19:54 - 2014-03-12 06:51 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:47 - 2014-03-12 06:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:42 - 2014-03-12 06:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:18 - 2014-03-12 06:51 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 19:14 - 2014-03-12 06:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-12 06:51 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 19:03 - 2014-03-12 06:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 18:57 - 2014-03-12 06:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-12 06:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:32 - 2014-03-12 06:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-12 06:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-12 06:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-12 06:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 15:11 - 2014-02-28 15:11 - 00000011 _____ () C:\Users\kmb\pw.txt
2014-02-28 11:51 - 2014-02-28 11:51 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\dvdcss
2014-02-28 07:58 - 2014-02-06 13:16 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Apple Computer
2014-02-26 09:30 - 2014-02-24 01:36 - 00000000 ____D () C:\Users\kmb\AppData\Local\Deployment
2014-02-26 01:24 - 2014-02-06 08:01 - 00000000 ____D () C:\Program Files\PeerBlock
2014-02-24 04:38 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\kmb\AppData\Local\Microsoft Help
2014-02-24 02:19 - 2014-02-24 02:18 - 00000000 ____D () C:\Program Files (x86)\PWGen
2014-02-24 02:13 - 2014-02-24 02:12 - 01390926 _____ (Christian Thoeing ) C:\Users\kmb\Downloads\PWGen-2.4.0-Setup.exe
2014-02-24 02:06 - 2014-02-24 02:06 - 00001184 _____ () C:\Users\kmb\Downloads\owasp.txt
2014-02-24 01:36 - 2014-02-24 01:36 - 00000000 ____D () C:\Users\kmb\AppData\Local\Apps\2.0
2014-02-24 00:57 - 2014-02-05 22:09 - 00000000 ____D () C:\Users\kmb\AppData\Local\VirtualStore
2014-02-24 00:30 - 2014-02-23 05:46 - 00000000 ____D () C:\Program Files\Recuva
2014-02-23 23:48 - 2014-02-23 07:18 - 00000000 ____D () C:\Windows\SysWOW64\Plugins
2014-02-23 23:48 - 2014-02-13 17:42 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2014-02-23 06:49 - 2014-02-23 06:49 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf30a66a70e3e1
2014-02-23 06:49 - 2014-02-23 06:49 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf30a66a70e3e1.job
2014-02-23 06:49 - 2014-02-23 05:43 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 06:49 - 2014-02-23 05:43 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 06:16 - 2014-02-06 08:00 - 00000000 ____D () C:\Users\kmb\AppData\Local\Google
2014-02-23 05:43 - 2014-02-06 08:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 01:57 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\kmb\AppData\Local\CRE
2014-02-23 01:57 - 2014-02-06 14:02 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\newnext.me
2014-02-23 01:57 - 2014-02-06 14:02 - 00000000 ____D () C:\Users\kmb\AppData\Local\genienext
2014-02-23 01:57 - 2014-02-06 14:01 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-23 00:33 - 2014-02-23 00:33 - 00001796 _____ () C:\Users\kmb\Downloads\facebook-sdk-master.zip
2014-02-22 08:27 - 2014-02-22 08:27 - 00000000 ____D () C:\Users\kmb\AppData\Local\ESET
2014-02-20 14:22 - 2014-02-20 14:09 - 00000000 ____D () C:\Users\kmb\Cisco Packet Tracer 6.0.1
2014-02-20 08:16 - 2013-08-22 05:25 - 00008192 ___SH () C:\Windows\System32\config\ELAM
2014-02-19 20:53 - 2014-02-19 20:53 - 00000000 ____D () C:\ProgramData\ESET
2014-02-19 20:53 - 2014-02-19 20:53 - 00000000 ____D () C:\Program Files\ESET
2014-02-19 16:17 - 2014-02-18 12:06 - 00000000 ____D () C:\Users\kmb\AppData\Local\CyberGhost
2014-02-19 14:07 - 2014-02-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-02-19 13:09 - 2014-02-16 13:01 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\I2P
2014-02-19 13:04 - 2014-02-06 08:03 - 00000000 ____D () C:\Program Files (x86)\i2p
2014-02-19 12:57 - 2014-02-19 12:57 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\Wireshark
2014-02-19 12:38 - 2014-02-19 10:30 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\systweak
2014-02-19 10:48 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-02-19 10:31 - 2014-02-19 10:31 - 00001363 _____ () C:\Users\UpdatusUser\Desktop\WiFiPasswordDecryptor.lnk
2014-02-19 10:31 - 2014-02-19 10:31 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2014-02-18 12:06 - 2014-02-16 13:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-02-18 11:00 - 2014-02-18 10:58 - 00000000 ____D () C:\Program Files (x86)\Cisco Packet Tracer 6.0.1
2014-02-18 10:54 - 2014-02-18 10:54 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-18 10:15 - 2014-02-18 10:12 - 03208193 _____ () C:\Users\kmb\Downloads\Delite software.rar
2014-02-17 23:46 - 2014-02-17 23:46 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-02-17 23:46 - 2014-02-17 23:45 - 00000000 ____D () C:\Program Files\OpenVPN
2014-02-17 13:00 - 2013-08-22 07:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 13:00 - 2013-08-22 07:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 10:18 - 2014-02-17 10:18 - 00000000 ____D () C:\Program Files (x86)\Privoxy
2014-02-16 20:20 - 2014-02-06 07:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 20:18 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-16 20:18 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-02-16 20:18 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\System32\Dism
2014-02-15 17:01 - 2014-02-06 07:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 08:57 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-14 08:57 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-14 08:57 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera
2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ___RD () C:\Sandbox
2014-02-13 17:43 - 2014-02-13 17:43 - 00000000 ____D () C:\Users\kmb\AppData\Roaming\QFX Software
2014-02-13 17:43 - 2014-02-13 17:43 - 00000000 ____D () C:\ProgramData\QFX Software
2014-02-13 09:08 - 2014-02-13 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 09:08 - 2013-08-22 11:11 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 09:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-13 09:07 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-02-13 09:07 - 2014-02-13 09:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-13 09:06 - 2014-02-13 09:06 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 09:06 - 2014-02-07 12:26 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-13 09:03 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-13 09:02 - 2014-02-13 09:02 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 09:02 - 2014-02-13 09:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-13 09:01 - 2014-02-13 09:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-12 20:41 - 2014-02-12 20:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-02-12 20:40 - 2014-02-12 20:40 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-02-12 20:26 - 2014-02-12 20:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-12 20:26 - 2014-02-12 20:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-11 20:03 - 2014-02-06 13:12 - 00000000 ____D () C:\Python27
2014-02-11 19:58 - 2014-02-11 19:58 - 00881814 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 19:58 - 2014-02-11 19:58 - 00001024 _____ () C:\.rnd
2014-02-11 19:56 - 2014-02-11 19:56 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-02-11 19:56 - 2014-02-11 19:56 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-02-11 19:55 - 2014-02-11 19:55 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-02-11 19:42 - 2014-02-11 19:41 - 00000000 ____D () C:\Users\kmb\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-02-11 16:04 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\kmb\AppData\Local\NativeMessaging
2014-02-11 16:04 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\kmb\AppData\Local\Conduit
2014-02-11 16:02 - 2014-02-11 16:02 - 00000009 _____ () C:\END
2014-02-11 15:20 - 2014-02-11 15:20 - 00000000 ____D () C:\Users\kmb\.tuxguitar-1.2
2014-02-11 14:38 - 2014-02-11 14:37 - 00000000 ____D () C:\Users\kmb\.idlerc
 
Some content of TEMP:
====================
C:\Users\kmb\AppData\Local\Temp\KMP_3.8.0.120.exe
C:\Users\kmb\AppData\Local\Temp\KMP_3.8.0.121.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 09:34] - [2014-03-13 09:34] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-02 14:52:07
Restore point made on: 2014-03-03 17:07:13
Restore point made on: 2014-03-07 05:51:39
Restore point made on: 2014-03-12 06:48:52
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8099.17 MB
Available physical RAM: 7203.79 MB
Total Pagefile: 8099.17 MB
Available Pagefile: 7233.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.66 GB) (Free:37.35 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:284.76 GB) (Free:10.47 GB) NTFS
Drive g: (Win81AIO-7in1-x64-en-US-Sep2013) (CDROM) (Total:3.18 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:3.78 GB) (Free:3.78 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: () (Fixed) (Total:14.65 GB) (Free:14.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E0CDC82E)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 00066DBA)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2014-03-11 08:30
 
==================== End Of Log ============================


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 15 March 2014 - 08:35 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 prifate_ryan

prifate_ryan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 16 March 2014 - 05:00 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.16.02
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
kmb :: ZERO [administrator]
 
Protection: Enabled
 
3/16/2014 1:58:42 PM
MBAM-log-2014-03-16 (15-43-49).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 430979
Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\kmb\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
 
Files Detected: 48
D:\Downloads\VMware Workstation 8.0.2 Build 591240\VmWare 9 Keygenerator.exe (Riskware.Tool.CK) -> No action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
 
(end)


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 March 2014 - 03:26 AM

 

Files Detected: 48

Is it possible that you didn´t show the whole log?

Please post ap the whole content of the log file.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 prifate_ryan

prifate_ryan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 March 2014 - 06:17 AM

ESET Scan result:
 
C:\Users\kmb\AppData\Local\Installer\Install_5441\dap10i_15b41249eb_setup.exe a variant of Win32/SpeedBit.A potentially unwanted application
D:\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\peazip-5.1.1.WINDOWS.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\Recovery\rcsetup150.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\VMware Workstation 8.0.2 Build 591240\VmWare 9 Keygenerator.exe a variant of Win32/Keygen.IH potentially unsafe application


#8 prifate_ryan

prifate_ryan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 March 2014 - 06:18 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.16.02
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
kmb :: ZERO [administrator]
 
Protection: Enabled
 
3/16/2014 1:58:42 PM
MBAM-log-2014-03-16 (15-43-49).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 
 
Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 430979
Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\kmb\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
 
Files Detected: 3
D:\Downloads\VMware Workstation 8.0.2 Build 591240\VmWare 9 Keygenerator.exe (Riskware.Tool.CK) -> No 
 
action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\kmb\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
 
(end)


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 March 2014 - 06:54 AM

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 23 March 2014 - 01:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users