Win32:Evo-gen virus?

**Trancidonia** · 2014-03-17, 02:50

cont..

2014-03-11 13:47 - 2014-03-12 17:06 - 00044499 _____ () C:\WINDOWS\KB975713.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00044236 _____ () C:\WINDOWS\KB2598479.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00043626 _____ () C:\WINDOWS\KB2507938.log
2014-03-11 13:47 - 2014-03-12 17:06 - 00042993 _____ () C:\WINDOWS\KB982132.log
2014-03-11 13:47 - 2014-03-12 17:05 - 00041366 _____ () C:\WINDOWS\KB979687.log
2014-03-11 13:47 - 2014-03-12 17:04 - 00040487 _____ () C:\WINDOWS\KB2719985.log
2014-03-11 13:47 - 2014-03-12 17:01 - 00031934 _____ () C:\WINDOWS\KB2508429.log
2014-03-11 13:47 - 2014-03-12 17:01 - 00029748 _____ () C:\WINDOWS\KB971029.log
2014-03-11 13:47 - 2009-06-22 05:44 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\triedit.dll
2014-03-11 13:47 - 2008-05-01 22:33 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msadce.dll
2014-03-11 13:46 - 2014-03-12 17:06 - 00042803 _____ () C:\WINDOWS\KB971657.log
2014-03-11 13:46 - 2014-03-12 17:04 - 00040163 _____ () C:\WINDOWS\KB952004.log
2014-03-11 13:46 - 2014-03-12 17:04 - 00039272 _____ () C:\WINDOWS\KB975025.log
2014-03-11 13:46 - 2014-03-12 17:01 - 00028261 _____ () C:\WINDOWS\KB2506212.log
2014-03-11 13:46 - 2014-03-12 16:57 - 00032934 _____ () C:\WINDOWS\KB977914.log
2014-03-11 13:45 - 2014-03-12 17:06 - 00042748 _____ () C:\WINDOWS\KB978338.log
2014-03-11 13:45 - 2014-03-12 17:05 - 00042142 _____ () C:\WINDOWS\KB974112.log
2014-03-11 13:45 - 2014-03-12 17:03 - 00037365 _____ () C:\WINDOWS\KB977816.log
2014-03-11 13:45 - 2014-03-12 17:01 - 00030109 _____ () C:\WINDOWS\KB2653956.log
2014-03-11 13:45 - 2014-03-12 17:01 - 00029624 _____ () C:\WINDOWS\KB974392.log
2014-03-11 13:45 - 2011-04-21 21:37 - 00105472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2014-03-11 13:45 - 2009-07-28 06:27 - 00128512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dhtmled.ocx
2014-03-11 13:45 - 2009-03-06 22:22 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pdh.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advapi32.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00473600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fastprox.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00453120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2014-03-11 13:45 - 2009-02-09 20:10 - 00401408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2014-03-11 13:45 - 2009-02-06 19:11 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\services.exe
2014-03-11 13:45 - 2009-02-06 18:10 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvse.exe
2014-03-11 13:44 - 2014-03-12 17:05 - 00039612 _____ () C:\WINDOWS\KB2483185.log
2014-03-11 13:44 - 2014-03-12 17:04 - 00037927 _____ () C:\WINDOWS\KB974571.log
2014-03-11 13:44 - 2014-03-12 17:04 - 00037499 _____ () C:\WINDOWS\KB973507.log
2014-03-11 13:44 - 2014-03-12 17:01 - 00036901 _____ () C:\WINDOWS\KB2419632.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00026484 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00025809 _____ () C:\WINDOWS\KB2619339.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00025064 _____ () C:\WINDOWS\KB960803.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024888 _____ () C:\WINDOWS\KB978542.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024851 _____ () C:\WINDOWS\KB2727528.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024765 _____ () C:\WINDOWS\KB978706.log
2014-03-11 13:43 - 2014-03-12 16:56 - 00024759 _____ () C:\WINDOWS\KB979482.log
2014-03-11 13:43 - 2012-07-04 22:05 - 00139784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2014-03-11 13:43 - 2012-05-29 02:16 - 00536576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2014-03-11 13:43 - 2010-06-18 21:36 - 03558912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2014-03-11 13:42 - 2014-03-14 08:43 - 00089641 _____ () C:\WINDOWS\setupapi.log
2014-03-11 13:42 - 2014-03-12 16:56 - 00024365 _____ () C:\WINDOWS\KB973815.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00026472 _____ () C:\WINDOWS\KB2676562.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00025863 _____ () C:\WINDOWS\KB2509553.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00025761 _____ () C:\WINDOWS\KB2813345.log
2014-03-11 13:42 - 2014-03-12 16:55 - 00021472 _____ () C:\WINDOWS\KB982665.log
2014-03-11 13:42 - 2013-11-06 09:03 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsp4res.dll
2014-03-11 13:42 - 2013-08-09 08:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-03-11 13:42 - 2013-08-09 08:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-03-11 13:42 - 2013-07-04 11:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-03-11 13:42 - 2013-07-04 10:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2014-03-11 13:42 - 2013-07-04 10:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2014-03-11 13:42 - 2013-07-04 10:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2014-03-11 13:42 - 2010-12-09 23:15 - 00718336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntdll.dll
2014-03-11 13:42 - 2010-07-12 20:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2014-03-11 13:42 - 2009-11-21 23:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-03-11 13:42 - 2009-03-18 19:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-03-11 13:41 - 2014-03-12 16:54 - 00020278 _____ () C:\WINDOWS\KB2620712.log
2014-03-11 13:41 - 2014-03-12 16:54 - 00019789 _____ () C:\WINDOWS\KB2584146.log
2014-03-11 13:41 - 2013-11-28 04:21 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2014-03-11 13:41 - 2012-01-12 03:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-03-11 13:41 - 2012-01-12 03:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-03-11 13:41 - 2011-07-08 22:02 - 00010496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2014-03-11 13:40 - 2014-03-12 16:54 - 00020582 _____ () C:\WINDOWS\KB975467.log
2014-03-11 13:39 - 2014-03-12 16:54 - 00021106 _____ () C:\WINDOWS\KB968389.log
2014-03-11 13:39 - 2010-10-11 22:59 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2014-03-11 13:36 - 2014-03-12 16:56 - 00023525 _____ () C:\WINDOWS\KB979309.log
2014-03-11 09:38 - 2014-03-11 09:38 - 00000174 _____ () C:\Documents and Settings\User\defogger_reenable
2014-03-11 08:24 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-03-11 08:24 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-03-10 09:27 - 2014-03-10 09:27 - 00000000 _RSHD () C:\cmdcons
2014-03-10 09:27 - 2014-03-01 12:26 - 00000245 _____ () C:\Boot.bak
2014-03-10 09:27 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-10 09:25 - 2014-03-12 08:50 - 00000000 ____D () C:\Qoobox
2014-03-10 09:25 - 2014-03-10 09:32 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 09:25 - 2011-06-26 14:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-10 09:25 - 2010-11-08 01:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-10 09:25 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-10 09:25 - 2000-08-31 08:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-08 14:58 - 2014-03-08 15:07 - 00011889 _____ () C:\Documents and Settings\User\Desktop\Book2a.xlsx
2014-03-07 17:58 - 2014-03-11 14:42 - 00000180 _____ () C:\hwsig.log
2014-03-07 10:22 - 2014-03-07 10:22 - 00000000 ____D () C:\Program Files\ESET
2014-03-06 14:57 - 2014-03-14 13:08 - 00054272 _____ () C:\Documents and Settings\User\Desktop\container - 6 3 2014.xls
2014-03-05 10:13 - 2014-03-05 10:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 09:33 - 2014-03-05 10:09 - 00000000 ____D () C:\AdwCleaner
2014-03-04 10:22 - 2014-03-04 17:57 - 00227455 _____ () C:\Documents and Settings\User\Desktop\CONTAINA - SCHEDULE.xlsx
2014-03-04 09:29 - 2014-03-17 09:33 - 00000000 ____D () C:\FRST
2014-03-03 13:59 - 2014-03-03 13:59 - 00000000 __SHD () C:\Documents and Settings\User\IECompatCache
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-03 09:58 - 2014-03-03 09:58 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-03 09:57 - 2014-03-03 09:57 - 00000796 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-03 09:57 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-01 12:20 - 2014-03-13 11:11 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-20 08:38 - 2014-02-20 08:43 - 00048640 _____ () C:\Documents and Settings\User\Desktop\2002020141_Bong_PriceComfirmation.xls
2014-02-19 14:34 - 2014-02-19 14:34 - 00940794 _____ () C:\WINDOWS\system32\LoopyMusic.wav
2014-02-19 14:34 - 2014-02-19 14:34 - 00146650 _____ () C:\WINDOWS\system32\BuzzingBee.wav
2014-02-17 12:20 - 2014-02-17 12:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 09:33 - 2014-03-17 09:33 - 00024919 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-17 09:33 - 2014-03-17 09:33 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-03-17 09:33 - 2014-03-17 09:32 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-17 09:33 - 2014-03-04 09:29 - 00000000 ____D () C:\FRST
2014-03-17 09:31 - 2014-03-17 09:31 - 00123673 _____ () C:\Documents and Settings\User\Desktop\TDSS.TXT
2014-03-17 09:21 - 2010-08-23 10:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 09:21 - 2010-08-23 10:48 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 08:44 - 2014-01-07 15:32 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-17 08:35 - 2013-12-16 13:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 08:34 - 2014-03-17 08:44 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe
2014-03-17 08:23 - 2014-03-17 08:23 - 00010768 _____ () C:\Documents and Settings\User\Desktop\OCT PROFIT.xlsx
2014-03-17 08:15 - 2009-12-05 22:25 - 01593223 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 08:13 - 2014-01-09 11:02 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-17 08:12 - 2013-12-16 13:32 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
2014-03-17 08:12 - 2013-12-16 13:32 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
2014-03-17 08:12 - 2012-03-30 11:09 - 00000430 _____ () C:\WINDOWS\Tasks\SogouImeMgr.job
2014-03-17 08:12 - 2009-12-06 06:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 08:12 - 2009-12-06 06:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 08:12 - 2009-12-05 22:29 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 08:12 - 2009-12-05 22:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 08:12 - 2006-02-28 20:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-14 17:53 - 2014-01-09 11:02 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-14 17:53 - 2009-12-05 22:29 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-14 17:32 - 2014-03-14 12:15 - 00015015 _____ () C:\Documents and Settings\User\Desktop\eurotrac container.xlsx
2014-03-14 17:32 - 2014-03-14 11:37 - 00014512 _____ () C:\Documents and Settings\User\Desktop\MSH ELECTRICAL KUCHING.xlsx
2014-03-14 16:20 - 2014-03-14 16:14 - 00016385 _____ () C:\Documents and Settings\User\Desktop\Container MENLITE KK.xlsx
2014-03-14 15:38 - 2013-12-16 13:33 - 00000438 ____H () C:\WINDOWS\Tasks\Norton Security Scan for User.job
2014-03-14 13:08 - 2014-03-14 12:13 - 00018194 _____ () C:\Documents and Settings\User\Desktop\March Container list.xlsx
2014-03-14 13:08 - 2014-03-06 14:57 - 00054272 _____ () C:\Documents and Settings\User\Desktop\container - 6 3 2014.xls
2014-03-14 12:45 - 2014-03-14 12:45 - 00001779 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001777 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2014-03-14 12:45 - 2014-03-14 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-03-14 12:45 - 2010-08-23 10:48 - 00000000 ____D () C:\Program Files\Google
2014-03-14 12:45 - 2010-08-23 10:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-03-14 11:39 - 2010-08-23 10:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-03-14 08:59 - 2009-12-08 14:11 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-14 08:43 - 2014-03-11 13:42 - 00089641 _____ () C:\WINDOWS\setupapi.log
2014-03-13 18:02 - 2009-12-06 06:18 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-13 17:32 - 2009-12-10 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-13 17:31 - 2014-03-13 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-03-13 17:31 - 2014-03-13 11:54 - 00014552 _____ () C:\WINDOWS\KB2345886.log
2014-03-13 17:31 - 2009-12-06 06:18 - 01081502 _____ () C:\WINDOWS\iis6.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00949960 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00472217 _____ () C:\WINDOWS\ocgen.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00440535 _____ () C:\WINDOWS\tsoc.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00325654 _____ () C:\WINDOWS\comsetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00301710 _____ () C:\WINDOWS\msmqinst.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00196678 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00167075 _____ () C:\WINDOWS\netfxocm.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00066401 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00052889 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00048411 _____ () C:\WINDOWS\tabletoc.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00047942 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 17:31 - 2009-12-06 06:18 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 17:30 - 2014-03-13 17:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-03-13 17:30 - 2009-12-06 06:18 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 17:30 - 2009-12-05 23:15 - 00207367 _____ () C:\WINDOWS\updspapi.log
2014-03-13 17:24 - 2014-03-13 17:24 - 00006515 _____ () C:\WINDOWS\KB961118.log
2014-03-13 17:24 - 2014-03-13 17:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2014-03-13 17:09 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-13 17:09 - 2006-02-28 20:00 - 00000655 _____ () C:\WINDOWS\win.ini
2014-03-13 17:07 - 2014-03-12 16:25 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-03-13 16:58 - 2014-03-13 16:58 - 00013043 _____ () C:\Documents and Settings\User\Desktop\menlitekk1332014.xlsx
2014-03-13 11:54 - 2009-12-05 22:26 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-03-13 11:11 - 2014-03-01 12:20 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-13 08:03 - 2014-03-12 09:29 - 00000000 ____D () C:\WINDOWS\system32\CatRoot2_20143138332
2014-03-13 07:53 - 2009-12-06 06:16 - 00000355 __RSH () C:\boot.ini
2014-03-13 07:53 - 2006-02-28 20:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-03-12 17:24 - 2009-12-05 22:29 - 00095440 _____ () C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-12 17:19 - 2014-03-12 17:19 - 00008663 _____ () C:\WINDOWS\WgaNotify.log
2014-03-12 17:19 - 2009-12-05 23:24 - 00048318 _____ () C:\WINDOWS\spupdsvc.log
2014-03-12 17:15 - 2009-12-06 06:17 - 03904496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 17:12 - 2014-03-12 17:12 - 00047839 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047383 _____ () C:\WINDOWS\KB2387149.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00047298 _____ () C:\WINDOWS\KB946648.log
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-03-12 17:12 - 2014-03-11 13:59 - 00058203 _____ () C:\WINDOWS\KB952954.log
2014-03-12 17:12 - 2014-03-11 13:59 - 00056638 _____ () C:\WINDOWS\KB2868626.log
2014-03-12 17:12 - 2014-03-11 13:58 - 00057476 _____ () C:\WINDOWS\KB959426.log
2014-03-12 17:12 - 2009-12-05 22:23 - 00000000 ____D () C:\Program Files\Messenger
2014-03-12 17:11 - 2014-03-12 17:11 - 00047579 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039909 _____ () C:\WINDOWS\KB2659262.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00039118 _____ () C:\WINDOWS\KB2564958.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00037061 _____ () C:\WINDOWS\KB2834886.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-03-12 17:11 - 2014-03-12 16:55 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 17:11 - 2014-03-11 13:57 - 00057628 _____ () C:\WINDOWS\KB2712808.log
2014-03-12 17:11 - 2014-03-11 13:57 - 00057220 _____ () C:\WINDOWS\KB960859.log
2014-03-12 17:11 - 2014-03-11 13:57 - 00052441 _____ () C:\WINDOWS\KB2479943.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00050547 _____ () C:\WINDOWS\KB2478971.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00049789 _____ () C:\WINDOWS\KB2758857.log
2014-03-12 17:11 - 2014-03-11 13:56 - 00048227 _____ () C:\WINDOWS\KB2916036.log
2014-03-12 17:11 - 2014-03-11 13:55 - 00049465 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00040372 _____ () C:\WINDOWS\KB955759.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00039840 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00038287 _____ () C:\WINDOWS\KB975558.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00037378 _____ () C:\WINDOWS\KB2296011.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00036734 _____ () C:\WINDOWS\KB2900986.log
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-12 17:10 - 2014-03-12 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-03-12 17:10 - 2014-03-11 13:55 - 00050461 _____ () C:\WINDOWS\KB2585542.log
2014-03-12 17:10 - 2014-03-11 13:55 - 00049351 _____ () C:\WINDOWS\KB2631813.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00049828 _____ () C:\WINDOWS\KB2691442.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00048852 _____ () C:\WINDOWS\KB2115168.log
2014-03-12 17:10 - 2014-03-11 13:54 - 00046560 _____ () C:\WINDOWS\KB2847311.log
2014-03-12 17:08 - 2014-03-12 17:07 - 00036746 _____ () C:\WINDOWS\KB2378111.log
2014-03-12 17:08 - 2009-12-05 22:24 - 00043638 _____ () C:\WINDOWS\wmsetup.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00037450 _____ () C:\WINDOWS\KB2229593.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00034098 _____ () C:\WINDOWS\KB2834902-v2.log
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961503$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-12 17:07 - 2014-03-11 13:50 - 00048217 _____ () C:\WINDOWS\KB974318.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00047760 _____ () C:\WINDOWS\KB951978.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00047696 _____ () C:\WINDOWS\KB2655992.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00046784 _____ () C:\WINDOWS\KB2443105.log
2014-03-12 17:07 - 2014-03-11 13:50 - 00046776 _____ () C:\WINDOWS\KB969059.log
2014-03-12 17:07 - 2014-03-11 13:49 - 00046934 _____ () C:\WINDOWS\KB2802968.log
2014-03-12 17:07 - 2014-03-11 13:49 - 00046394 _____ () C:\WINDOWS\KB961503.log
2014-03-12 17:07 - 2014-03-11 13:48 - 00045847 _____ () C:\WINDOWS\KB950974.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00035720 _____ () C:\WINDOWS\KB2686509.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00035638 _____ () C:\WINDOWS\KB2485663.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00033986 _____ () C:\WINDOWS\KB2862335.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00032558 _____ () C:\WINDOWS\KB954155.log
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2014-03-12 17:06 - 2014-03-12 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2014-03-12 17:06 - 2014-03-12 13:42 - 00043516 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 17:06 - 2014-03-11 13:49 - 00043846 _____ () C:\WINDOWS\KB2898715.log
2014-03-12 17:06 - 2014-03-11 13:48 - 00046545 _____ () C:\WINDOWS\KB2481109.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00044499 _____ () C:\WINDOWS\KB975713.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00044236 _____ () C:\WINDOWS\KB2598479.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00043626 _____ () C:\WINDOWS\KB2507938.log
2014-03-12 17:06 - 2014-03-11 13:47 - 00042993 _____ () C:\WINDOWS\KB982132.log
2014-03-12 17:06 - 2014-03-11 13:46 - 00042803 _____ () C:\WINDOWS\KB971657.log
2014-03-12 17:06 - 2014-03-11 13:45 - 00042748 _____ () C:\WINDOWS\KB978338.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00037370 _____ () C:\WINDOWS\KB956572.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00032024 _____ () C:\WINDOWS\KB956844.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00030387 _____ () C:\WINDOWS\KB2904266.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00006814 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-03-12 17:05 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-12 17:05 - 2014-03-12 13:42 - 00041056 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00044755 _____ () C:\WINDOWS\KB2780091.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00039699 _____ () C:\WINDOWS\KB2876217.log
2014-03-12 17:05 - 2014-03-11 13:50 - 00038541 _____ () C:\WINDOWS\KB2864063.log
2014-03-12 17:05 - 2014-03-11 13:47 - 00041366 _____ () C:\WINDOWS\KB979687.log
2014-03-12 17:05 - 2014-03-11 13:45 - 00042142 _____ () C:\WINDOWS\KB974112.log
2014-03-12 17:05 - 2014-03-11 13:44 - 00039612 _____ () C:\WINDOWS\KB2483185.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00031673 _____ () C:\WINDOWS\KB973869.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00030789 _____ () C:\WINDOWS\KB2592799.log
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-03-12 17:04 - 2014-03-12 17:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-03-12 17:04 - 2014-03-11 13:48 - 00037773 _____ () C:\WINDOWS\KB2862152.log
2014-03-12 17:04 - 2014-03-11 13:47 - 00040487 _____ () C:\WINDOWS\KB2719985.log
2014-03-12 17:04 - 2014-03-11 13:46 - 00040163 _____ () C:\WINDOWS\KB952004.log
2014-03-12 17:04 - 2014-03-11 13:46 - 00039272 _____ () C:\WINDOWS\KB975025.log
2014-03-12 17:04 - 2014-03-11 13:44 - 00037927 _____ () C:\WINDOWS\KB974571.log
2014-03-12 17:04 - 2014-03-11 13:44 - 00037499 _____ () C:\WINDOWS\KB973507.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00031407 _____ () C:\WINDOWS\KB941569.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030558 _____ () C:\WINDOWS\KB2535512.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030068 _____ () C:\WINDOWS\KB950762.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00030008 _____ () C:\WINDOWS\KB2807986.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00029304 _____ () C:\WINDOWS\KB2570947.log
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2014-03-12 17:03 - 2014-03-12 17:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2014-03-12 17:03 - 2014-03-11 13:50 - 00038093 _____ () C:\WINDOWS\KB2859537.log
2014-03-12 17:03 - 2014-03-11 13:50 - 00037198 _____ () C:\WINDOWS\KB2876331.log
2014-03-12 17:03 - 2014-03-11 13:49 - 00037127 _____ () C:\WINDOWS\KB2850869.log
2014-03-12 17:03 - 2014-03-11 13:45 - 00037365 _____ () C:\WINDOWS\KB977816.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029747 _____ () C:\WINDOWS\KB973904.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029244 _____ () C:\WINDOWS\KB952287.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00029204 _____ () C:\WINDOWS\KB2868038.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00028819 _____ () C:\WINDOWS\KB2603381.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00027615 _____ () C:\WINDOWS\KB2884256.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00025483 _____ () C:\WINDOWS\KB978695.log
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-03-12 17:02 - 2014-03-12 17:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-03-12 17:02 - 2014-03-11 13:49 - 00038496 _____ () C:\WINDOWS\KB2820917.log
2014-03-12 17:02 - 2014-03-11 13:48 - 00035520 _____ () C:\WINDOWS\KB2893294.log
2014-03-12 17:01 - 2014-03-12 17:01 - 00018599 _____ () C:\WINDOWS\KB952069.log
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2014-03-12 17:01 - 2014-03-12 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2014-03-12 17:01 - 2014-03-11 13:49 - 00037685 _____ () C:\WINDOWS\KB2757638.log
2014-03-12 17:01 - 2014-03-11 13:48 - 00030875 _____ () C:\WINDOWS\KB2749655.log
2014-03-12 17:01 - 2014-03-11 13:47 - 00031934 _____ () C:\WINDOWS\KB2508429.log
2014-03-12 17:01 - 2014-03-11 13:47 - 00029748 _____ () C:\WINDOWS\KB971029.log
2014-03-12 17:01 - 2014-03-11 13:46 - 00028261 _____ () C:\WINDOWS\KB2506212.log
2014-03-12 17:01 - 2014-03-11 13:45 - 00030109 _____ () C:\WINDOWS\KB2653956.log
2014-03-12 17:01 - 2014-03-11 13:45 - 00029624 _____ () C:\WINDOWS\KB974392.log
2014-03-12 17:01 - 2014-03-11 13:44 - 00036901 _____ () C:\WINDOWS\KB2419632.log
2014-03-12 16:59 - 2009-12-10 15:21 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-12 16:59 - 2009-12-06 06:18 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-12 16:58 - 2014-03-12 16:58 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2014-03-12 16:57 - 2014-03-12 16:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-03-12 16:57 - 2014-03-11 13:46 - 00032934 _____ () C:\WINDOWS\KB977914.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00021170 _____ () C:\WINDOWS\KB2698365.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00019523 _____ () C:\WINDOWS\KB2723135-v2.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00018901 _____ () C:\WINDOWS\KB981997.log
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-03-12 16:56 - 2014-03-12 16:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-03-12 16:56 - 2014-03-11 13:49 - 00026436 _____ () C:\WINDOWS\KB2892075.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00026484 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00025809 _____ () C:\WINDOWS\KB2619339.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00025064 _____ () C:\WINDOWS\KB960803.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024888 _____ () C:\WINDOWS\KB978542.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024851 _____ () C:\WINDOWS\KB2727528.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024765 _____ () C:\WINDOWS\KB978706.log
2014-03-12 16:56 - 2014-03-11 13:43 - 00024759 _____ () C:\WINDOWS\KB979482.log
2014-03-12 16:56 - 2014-03-11 13:42 - 00024365 _____ () C:\WINDOWS\KB973815.log
2014-03-12 16:56 - 2014-03-11 13:36 - 00023525 _____ () C:\WINDOWS\KB979309.log
2014-03-12 16:56 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Outlook Express
2014-03-12 16:56 - 2009-12-05 22:24 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-12 16:55 - 2014-03-12 16:55 - 00017169 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00014801 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-03-12 16:55 - 2014-03-12 16:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2014-03-12 16:55 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2014-03-12 16:55 - 2014-03-11 13:42 - 00026472 _____ () C:\WINDOWS\KB2676562.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00025863 _____ () C:\WINDOWS\KB2509553.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00025761 _____ () C:\WINDOWS\KB2813345.log
2014-03-12 16:55 - 2014-03-11 13:42 - 00021472 _____ () C:\WINDOWS\KB982665.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00018283 _____ () C:\WINDOWS\KB2393802.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00016668 _____ () C:\WINDOWS\KB923561.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014913 _____ () C:\WINDOWS\KB2566454.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00014706 _____ () C:\WINDOWS\KB2661637.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00012513 _____ () C:\WINDOWS\KB2914368.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00011891 _____ () C:\WINDOWS\KB2423089.log
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2014-03-12 16:54 - 2014-03-12 16:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2014-03-12 16:54 - 2014-03-11 13:41 - 00020278 _____ () C:\WINDOWS\KB2620712.log
2014-03-12 16:54 - 2014-03-11 13:41 - 00019789 _____ () C:\WINDOWS\KB2584146.log
2014-03-12 16:54 - 2014-03-11 13:40 - 00020582 _____ () C:\WINDOWS\KB975467.log
2014-03-12 16:54 - 2014-03-11 13:39 - 00021106 _____ () C:\WINDOWS\KB968389.log
2014-03-12 16:36 - 2009-12-05 22:52 - 00000000 ____D () C:\WINDOWS\pss
2014-03-12 16:25 - 2014-03-12 16:25 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-03-12 16:25 - 2009-12-10 15:20 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-12 16:24 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-03-12 16:22 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-03-12 15:50 - 2009-12-05 22:51 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-12 15:35 - 2013-12-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 15:35 - 2011-12-30 10:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 09:33 - 2009-12-05 22:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-12 09:29 - 2009-12-06 06:17 - 00000000 ____D () C:\WINDOWS\system32\CatRoot2_201431292917
2014-03-12 08:50 - 2014-03-12 08:50 - 00065566 _____ () C:\ComboFix.txt
2014-03-12 08:50 - 2014-03-12 08:43 - 00000000 ____D () C:\ComboFix
2014-03-12 08:50 - 2014-03-10 09:25 - 00000000 ____D () C:\Qoobox
2014-03-11 16:02 - 2013-12-16 13:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-11 14:46 - 2012-03-30 11:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouPY
2014-03-11 14:42 - 2014-03-07 17:58 - 00000180 _____ () C:\hwsig.log
2014-03-11 14:03 - 2014-03-11 13:49 - 00008340 _____ () C:\WINDOWS\KB2845187.log
2014-03-11 14:03 - 2014-03-11 13:48 - 00008693 _____ () C:\WINDOWS\KB2893984.log
2014-03-11 09:38 - 2014-03-11 09:38 - 00000174 _____ () C:\Documents and Settings\User\defogger_reenable
2014-03-11 09:10 - 2009-12-06 06:17 - 01047179 _____ () C:\WINDOWS\setupapi.log.0.old
2014-03-11 08:23 - 2009-12-06 06:11 - 00000000 ____D () C:\WINDOWS\Help
2014-03-10 10:00 - 2009-12-08 14:13 - 00000000 ____D () C:\UBSSTK94
2014-03-10 09:32 - 2014-03-10 09:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 09:27 - 2014-03-10 09:27 - 00000000 _RSHD () C:\cmdcons
2014-03-08 15:07 - 2014-03-08 14:58 - 00011889 _____ () C:\Documents and Settings\User\Desktop\Book2a.xlsx
2014-03-07 10:22 - 2014-03-07 10:22 - 00000000 ____D () C:\Program Files\ESET
2014-03-07 09:15 - 2009-12-05 22:24 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-05 10:13 - 2014-03-05 10:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 10:09 - 2014-03-05 09:33 - 00000000 ____D () C:\AdwCleaner
2014-03-05 10:09 - 2013-04-02 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\搜狗拼音输入法
2014-03-04 17:57 - 2014-03-04 10:22 - 00227455 _____ () C:\Documents and Settings\User\Desktop\CONTAINA - SCHEDULE.xlsx
2014-03-03 13:59 - 2014-03-03 13:59 - 00000000 __SHD () C:\Documents and Settings\User\IECompatCache
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Skype
2014-03-03 10:28 - 2014-03-03 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-03 10:28 - 2010-08-23 10:47 - 00000000 ___RD () C:\Program Files\Skype
2014-03-03 10:28 - 2010-08-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-03 10:10 - 2014-01-23 08:56 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-03-03 09:58 - 2014-03-03 09:58 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-03 09:57 - 2014-03-03 09:57 - 00000796 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-03 09:57 - 2014-03-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-01 12:26 - 2014-03-10 09:27 - 00000245 _____ () C:\Boot.bak
2014-03-01 12:26 - 2014-01-09 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-01 10:32 - 2014-03-01 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-24 19:46 - 2014-03-12 13:45 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 19:46 - 2009-12-05 22:25 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 19:46 - 2006-02-28 20:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 19:45 - 2014-03-12 13:45 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 19:45 - 2009-12-05 23:14 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 19:45 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 19:45 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 19:45 - 2006-02-28 20:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 19:45 - 2006-02-28 20:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 19:45 - 2006-02-28 20:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 18:54 - 2006-02-28 20:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-24 16:24 - 2006-02-28 20:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 16:24 - 2006-02-28 20:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-20 08:43 - 2014-02-20 08:38 - 00048640 _____ () C:\Documents and Settings\User\Desktop\2002020141_Bong_PriceComfirmation.xls
2014-02-19 14:34 - 2014-02-19 14:34 - 00940794 _____ () C:\WINDOWS\system32\LoopyMusic.wav
2014-02-19 14:34 - 2014-02-19 14:34 - 00146650 _____ () C:\WINDOWS\system32\BuzzingBee.wav
2014-02-17 14:15 - 2013-04-25 11:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 12:20 - 2014-02-17 12:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

i believe that should be all

**Juliet** · 2014-03-17, 13:38

Did you install Youdao?
Did you set Chrome home page to CHR HomePage to : start.iplay.com/ ?

~~~~~~~~~~~~~~~~~~~~~~~~~
Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file for analysis:

C:\windows\system32\drivers\csdriver.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
S4 jcjymt;
C:\WINDOWS\system32\lvuwppj.dll
C:\WINDOWS\Tasks\Norton Security Scan for User.job
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post
scan results for csdriver.sys
Fixlog.txt

Please update me on how the computer is at the moment.

**Trancidonia** · 2014-03-18, 03:43

I believe the PC is fix, I have yet come across the sound which Avast! made when it encounter a virus.
Eventho it has longer PC boot up time, comparing to the time before I came to the forum for help.

I didnt install Youdao, maybe it was my Aunt who installed it(accidentally or not), she still uses firefox.
and no i set Google Chrome homepage as empty URL which shows a google search bar, some popular recently visited web tabs and options for which you could pick whether to search google images or uses gmail

the csdriver file is actually a tool for typing chinese characters all the way back from window 98.
but non the less here's the information that i got after the virus total scan

SHA256: 6778e38c32f5fa441befab83a6de944b59129ecf8c139afd7a7cc968fb67a7af
File name: csdriver.sys
Detection ratio: 0 / 49
Analysis date: 2014-03-18 01:59:39 UTC ( 0 minutes ago )

Authenticode signature block
Copyright Copyright (C) Chinese Star Ltd.
Publisher Beijing Chinese Star Cyber Technology Limited
Product csdriver
Original name csdriver.sys
Internal name csdriver.sys
File version 1.00.1000.1
Description CStar Driver

PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-24 01:39:31
Entry Point 0x0000046E
Number of sections 7

Name Virtual address Virtual size Raw size Entropy MD5
.text 736 15818 15840 6.22 1ec3a480a685469d1cd0b9ff62d987f3
.rdata 16576 16279 16288 4.49 72096ce946d1e704c18f0787e5fae7c5
.data 32864 1240 1248 2.46 5e11529959dfb1cbc16392a2d6947e34
CODE_PAG 34112 4 32 0.00 70bc8f4b72a86921468bf8e8441dce51
INIT 34144 608 608 4.98 03ffe1909e8ac63adcf5de2125e241b1
.rsrc 34752 1032 1056 3.20 4a1e5b29552b62b572a87d128c743ff1
.reloc 35808 3480 3488 6.60 6da9975e30f09786ecfb4e79c1c0d02e

PE imports
[+] HAL.dll
KfAcquireSpinLock
KfReleaseSpinLock
[+] ntoskrnl.exe
MmUnmapIoSpace
MmMapIoSpace
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlAnsiStringToUnicodeString
IoCreateDevice
RtlInitUnicodeString
MmProbeAndLockPages
IoDeleteDevice
MmGetPhysicalAddress
DbgPrint
sprintf
ExFreePool
MmIsAddressValid
KeInitializeSpinLock
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages

Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
ExifTool file metadata
SubsystemVersion 5.0
LinkerVersion 5.12
ImageVersion 5.0
FileSubtype 0
FileVersionNumber 1.0.1000.1
UninitializedDataSize 0
LanguageCode English (U.S.)
FileFlagsMask 0x003f
CharacterSet Unicode
InitializedDataSize 22112
FileOS Windows NT 32-bit
MIMEType application/octet-stream
LegalCopyright Copyright (C) Chinese Star Ltd.
FileVersion 1.00.1000.1
TimeStamp 2002:05:24 02:39:31+01:00
FileType Win32 EXE
PEType PE32
InternalName csdriver.sys
FileAccessDate 2014:03:18 02:59:43+01:00
ProductVersion 1.00.1000.1
FileDescription CStar Driver
OSVersion 5.0
FileCreateDate 2014:03:18 02:59:43+01:00
OriginalFilename csdriver.sys
Subsystem Native
MachineType Intel 386 or later, and compatibles
CompanyNameBeijing Chinese Star Cyber Technology Limited
CodeSize 16448
ProductName csdriver
ProductVersionNumber 1.0.1000.1
EntryPoint 0x046e
ObjectFileType Dynamic link library

MD5 0d15988b79de14c0ebf145a12137fec6
SHA1 d2e0a969849d8e32b2b678785fa14910522a2397
SHA256 6778e38c32f5fa441befab83a6de944b59129ecf8c139afd7a7cc968fb67a7af
ssdeep 768:gYAhNB1uSQlKWjmQmlT6aVQlOIQGPfnQoUoobbpKk9cPT5oc9NTfCMnY14:pAhNB1uHlJrmd6aVQwaPfQo/Ybf9CT57
imphash ee3d9ed372851e2ffadaa770c2e8e8e0
File size 39.7 KB ( 40623 bytes )
File type Win32 EXE
Magic literal PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags peexe native

VirusTotal metadata
First submission 2010-01-26 18:23:39 UTC ( 4 years, 1 month ago )
Last submission 2014-03-18 01:59:39 UTC ( 8 minutes ago )
File names csdriver.sys

here are the FRST fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by User at 2014-03-18 10:12:51 Run:3
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
S4 jcjymt;
C:\WINDOWS\system32\lvuwppj.dll
C:\WINDOWS\Tasks\Norton Security Scan for User.job
Reboot:
end
*****************

jcjymt => Service deleted successfully.
"C:\WINDOWS\system32\lvuwppj.dll" => File/Directory not found.
C:\WINDOWS\Tasks\Norton Security Scan for User.job => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

**Trancidonia** · 2014-03-18, 03:59

here are the most recent aswMBR scanlog

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-18 10:46:02
-----------------------------
10:46:02.468 OS Version: Windows 5.1.2600 Service Pack 3
10:46:02.468 Number of processors: 2 586 0x170A
10:46:02.468 ComputerName: CINDY UserName: User
10:46:02.750 Initialize success
10:46:05.609 AVAST engine defs: 14031701
10:46:08.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
10:46:08.296 Disk 0 Vendor: WDC_WD1600AAJS-08L7A0 03.03E03 Size: 152627MB BusType: 3
10:46:08.609 Disk 0 MBR read successfully
10:46:08.609 Disk 0 MBR scan
10:46:08.609 Disk 0 Windows XP default MBR code
10:46:08.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:46:08.609 Disk 0 Partition - 00 0F Extended LBA 76308 MB offset 156280320
10:46:08.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76308 MB offset 156280383
10:46:08.625 Disk 0 scanning sectors +312560640
10:46:08.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:46:15.875 Service scanning
10:46:28.109 Modules scanning
10:46:31.109 Disk 0 trace - called modules:
10:46:31.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:46:31.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5fdab8]
10:46:31.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a536f18]
10:46:31.156 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a5a9d98]
10:46:31.359 AVAST engine scan C:\WINDOWS
10:46:45.843 AVAST engine scan C:\WINDOWS\system32
10:48:19.796 AVAST engine scan C:\WINDOWS\system32\drivers
10:48:30.453 AVAST engine scan C:\Documents and Settings\User
10:53:01.031 AVAST engine scan C:\Documents and Settings\All Users
10:54:44.062 Scan finished successfully
10:58:36.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
10:58:36.937 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

**Juliet** · 2014-03-18, 11:30

Then it's good news.

A couple of things to check.

Please run this security check for my review.

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Download HijackThis

Go Here to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

In your next post I need the following
checkup.txt
report from Hijackthis

**Trancidonia** · 2014-03-19, 01:52

here are the checkup.txt

Results of screen317's Security Check version 0.99.80
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 6
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

here are the hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:22 AM, on 19/03/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} (PLUGIN Control) - http://192.168.1.144/IEPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1260026980718
O16 - DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} (HEM Video Decoder) - http://192.168.1.144/vcredist_x86.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DDFB53-6BC9-4B06-8CDE-B73327CE27D9}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11654 bytes

**Juliet** · 2014-03-19, 10:46

Java(TM) 6 Update 6 <-- Uninstall this outdated version

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

~~~~~~~~~~~~~~~`

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

Now reboot the computer to set the registry.

~~~~~~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~~~~~~~~~~

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseack...-disable-java/
and this article (http://www.nbcnews.com/technology/te...late-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/))

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
USAToday
infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

**Trancidonia** · 2014-03-21, 02:41

Thank you Juliet for Everything

I am now going to read through all the links provided.

While at the mean time, and since PC1 i believe is now clean from Viruses.
I will now prep my PC2 for a new thread soon.

Very much appreciated!!

**Juliet** · 2014-03-21, 10:10

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Thread: Win32:Evo-gen virus?

Thread Tools

Display

Tags for this Thread

Posting Permissions