Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by Michael Hausman (administrator) on FACING-DOOR on 29-10-2013 18:10:17 Running from C:\Documents and Settings\Michael Hausman\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16132608 2007-04-26] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {C0F51584-E565-4E7A-B2A6-0A6EF42749A4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 208.38.252.3 184.170.172.131 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\sweetpacks-customized-web-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml FF Extension: Word Layers - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\ugnraew@jqhljqmpngx.net FF Extension: Address Bar Search - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF Extension: Adblock Plus - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Word Layers - C:\Program Files\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR HomePage: "homepage": "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-23&ent=hp&u=35113FBBAB97476FB6371452682DE6E7", CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-23&ent=hp&u=35113FBBAB97476FB6371452682DE6E7", "hxxp://www.google.com/" CHR Plugin: ( "name": "Remoting Viewer",) - "path": "internal-remoting-viewer", CHR Plugin: ( "name": "Native Client",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll", No File CHR Plugin: ( "name": "Chrome PDF Viewer",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll", No File CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll", No File CHR Plugin: ( "name": "Coupons Inc., Coupon Printer Manager ",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll", No File CHR Plugin: ( "name": "Coupons Inc., Coupon Printer Manager ",) - "path": "C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll", No File CHR Plugin: ( "name": "Adobe Acrobat",) - "path": "C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll", No File CHR Plugin: ( "name": "Java Deployment Toolkit 6.0.310.5",) - "path": "C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll", No File CHR Plugin: ( "name": "Java(TM) Platform SE 6 U31",) - "path": "C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll", No File CHR Plugin: ( "name": "Microsoft® DRM",) - "path": "C:\Program Files\Windows Media Player\npdrmv2.dll", No File CHR Plugin: ( "name": "Microsoft® DRM",) - "path": "C:\Program Files\Windows Media Player\npwmsdrm.dll", No File CHR Plugin: ( "name": "Windows Media Player Plug-in Dynamic Link Library",) - "path": "C:\Program Files\Windows Media Player\npdsplay.dll", No File CHR Plugin: ( "name": "Google Update",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll", No File CHR Plugin: ( "name": "Microsoft Office 2010",) - "path": "C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL", No File CHR Plugin: ( "name": "Microsoft Office 2010",) - "path": "C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL", No File CHR Plugin: ( "name": "Google Earth Plugin",) - "path": "C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll", No File CHR Extension: (TidyNetwork.com ) - C:\DOCUME~1\MICHAE~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mgioolnkobnhllipnfbnmnhbdpkonapj\5.0.0.0_0 CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-12-07] (Google) S2 MBAMScheduler; C:\Program Files\MBxx\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\MBxx\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2013-10-23] () S3 catchme; \??\C:\ComboFix\catchme.sys [x] S4 hpt3xx; No ImagePath S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\FRST 2013-10-29 18:05 - 2013-10-29 18:05 - 00003074 _____ C:\Documents and Settings\Michael Hausman\Desktop\JRT.txt 2013-10-29 18:02 - 2013-10-29 18:02 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-29 17:54 - 2013-10-29 17:54 - 01033335 _____ (Thisisu) C:\Documents and Settings\Michael Hausman\Desktop\JRT.exe 2013-10-29 17:28 - 2013-10-29 17:49 - 00000000 ____D C:\AdwCleaner 2013-10-29 17:28 - 2013-10-29 17:28 - 01060070 _____ C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe 2013-10-23 18:18 - 2013-10-23 18:18 - 00000000 ___SD C:\ComboFix 2013-10-23 17:49 - 2013-10-23 18:10 - 00103378 _____ C:\Documents and Settings\Michael Hausman\Desktop\OTL.Txt 2013-10-23 17:49 - 2013-10-23 17:49 - 00039250 _____ C:\Documents and Settings\Michael Hausman\Desktop\Extras.Txt 2013-10-23 17:39 - 2013-10-23 17:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe 2013-10-23 17:29 - 2013-10-23 17:29 - 00020834 _____ C:\ComboFix.txt 2013-10-23 17:24 - 2013-10-23 17:24 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-10-23 17:19 - 2013-10-23 17:19 - 00000000 _RSHD C:\cmdcons 2013-10-23 17:19 - 2011-12-01 16:37 - 00000211 _____ C:\Boot.bak 2013-10-23 17:19 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr 2013-10-23 17:14 - 2013-10-23 18:18 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-23 16:50 - 2013-10-23 16:50 - 00001789 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10232013_165005.txt 2013-10-23 16:33 - 2013-10-23 16:34 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys 2013-10-23 16:28 - 2013-10-23 16:28 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\LavasoftStatistics 2013-10-23 16:14 - 2013-10-23 16:47 - 00000000 ____D C:\Program Files\Lavasoft 2013-10-23 16:14 - 2013-10-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection 2013-10-23 16:11 - 2013-10-23 16:12 - 00009301 _____ C:\WINDOWS\KB942288-v3.log 2013-10-23 16:11 - 2013-10-23 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$ 2013-10-23 16:10 - 2013-10-23 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft 2013-10-23 16:10 - 2013-10-23 16:09 - 01724552 _____ C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe 2013-10-23 16:04 - 2013-10-23 16:12 - 00013500 _____ C:\WINDOWS\iis6.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00012365 _____ C:\WINDOWS\FaxSetup.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00005912 _____ C:\WINDOWS\ocgen.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00005643 _____ C:\WINDOWS\tsoc.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00004085 _____ C:\WINDOWS\comsetup.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00003838 _____ C:\WINDOWS\msmqinst.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00002478 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00002166 _____ C:\WINDOWS\netfxocm.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00001393 _____ C:\WINDOWS\imsins.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00000850 _____ C:\WINDOWS\MedCtrOC.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00000684 _____ C:\WINDOWS\ocmsn.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00000622 _____ C:\WINDOWS\tabletoc.log 2013-10-23 16:04 - 2013-10-23 16:12 - 00000618 _____ C:\WINDOWS\msgsocm.log 2013-10-23 16:04 - 2013-10-23 16:04 - 00003487 _____ C:\WINDOWS\ie8Uninst.log 2013-10-23 16:04 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setupact.log 2013-10-23 15:55 - 2013-10-23 15:55 - 00001871 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_D_10232013_155532.txt 2013-10-23 15:53 - 2013-10-23 15:53 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\backups 2013-10-22 18:50 - 2013-10-23 16:56 - 00005576 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.log 2013-10-22 18:47 - 2013-10-22 18:47 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe 2013-10-22 18:44 - 2013-10-23 18:02 - 00025004 _____ C:\WINDOWS\setupapi.log 2013-10-22 18:29 - 2013-10-22 18:29 - 00001818 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_182945.txt 2013-10-22 18:28 - 2013-10-22 18:15 - 00008377 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.txt 2013-10-22 18:16 - 2013-10-22 18:16 - 00277360 _____ C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip 2013-10-22 16:54 - 2013-10-22 18:16 - 00277360 _____ C:\MGlogs.zip 2013-10-22 16:54 - 2013-10-22 18:16 - 00000000 ____D C:\MGtools 2013-10-22 16:33 - 2013-10-22 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-22 15:59 - 2013-10-22 15:59 - 00000626 _____ C:\Documents and Settings\All Users\Desktop\MBXX.lnk 2013-10-22 15:59 - 2013-10-22 15:59 - 00000000 ____D C:\Program Files\MBxx 2013-10-22 15:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-10-22 15:56 - 2013-10-22 15:56 - 00001521 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_155629.txt 2013-10-22 15:48 - 2013-10-23 15:55 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\RK_Quarantine 2013-10-22 15:44 - 2013-10-22 15:44 - 01990508 _____ C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe 2013-10-22 15:43 - 2013-10-22 15:43 - 09212696 _____ (SurfRight B.V.) C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe 2013-10-22 15:42 - 2013-10-22 15:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe 2013-10-22 15:41 - 2013-10-22 15:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe 2013-10-22 15:30 - 2013-10-22 15:30 - 00955392 _____ C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe 2013-10-22 15:24 - 2013-10-22 15:24 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\CCleaner 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2013-10-22 15:22 - 2013-10-22 15:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-10-19 17:37 - 2013-10-19 17:37 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Sun 2013-10-19 17:33 - 2013-10-19 17:33 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software 2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\Malwarebytes 2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 17:06 - 2013-10-19 17:05 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-19 17:06 - 2013-10-19 17:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-19 17:06 - 2013-10-19 17:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-19 17:06 - 2013-10-19 17:04 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-19 17:06 - 2013-10-19 17:04 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-19 17:04 - 2013-10-19 17:04 - 00000000 ____D C:\Program Files\Java 2013-10-14 03:19 - 2013-10-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-14 03:18 - 2013-10-14 03:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-14 03:09 - 2013-10-14 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-14 03:05 - 2013-10-22 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-14 03:05 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-13 15:56 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-13 15:50 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-13 15:50 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-13 15:50 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-10 12:53 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-10 12:53 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-10-10 12:53 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-10-10 09:35 - 2013-10-10 09:35 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-09 17:52 - 2013-10-09 17:52 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-04 18:25 - 2013-10-05 13:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-02 08:03 - 2013-10-02 08:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$ 2013-10-01 19:03 - 2009-01-09 15:19 - 01089593 ____C C:\WINDOWS\system32\dllcache\ntprint.cat 2013-10-01 13:15 - 2013-10-04 18:50 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-10-01 13:14 - 2013-10-01 13:14 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-10-01 13:11 - 2013-10-01 13:13 - 00000000 ____D C:\167a519225d4cebdda00b125f9f169 2013-10-01 13:11 - 2008-07-06 08:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll 2013-10-01 13:11 - 2008-07-06 08:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll 2013-10-01 13:11 - 2008-07-06 08:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll 2013-10-01 13:11 - 2008-07-06 08:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll 2013-10-01 13:11 - 2008-07-06 08:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll 2013-10-01 13:11 - 2008-07-06 08:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll 2013-10-01 13:11 - 2008-07-06 06:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe 2013-09-29 14:33 - 2013-09-29 14:36 - 00001423 _____ C:\WINDOWS\system32\InstallUtil.InstallLog 2013-09-29 14:29 - 2013-10-14 09:37 - 00000884 __RSH C:\Documents and Settings\Michael Hausman\ntuser.pol 2013-09-29 14:29 - 2013-09-29 14:29 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2013-09-29 14:26 - 2013-09-29 14:26 - 00000778 _____ C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Program Files\Flash Player Pro 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\Michael Hausman\My Documents\Flash Player Pro 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro 2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Program Files\uPlayer 2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uPlayer 2013-09-29 13:14 - 2013-07-04 03:12 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll 2013-09-29 13:14 - 2013-07-04 03:12 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll 2013-09-29 13:14 - 2013-07-04 03:12 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll 2013-09-29 13:14 - 2013-07-04 03:11 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll 2013-09-29 13:14 - 2013-07-04 03:11 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll 2013-09-29 13:14 - 2013-07-04 03:11 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest 2013-09-29 13:12 - 2013-09-29 13:12 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Word Layers ==================== One Month Modified Files and Folders ======= 2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\FRST 2013-10-29 18:07 - 2012-08-09 13:28 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB46E3CA-FBBA-4812-BCDB-FCA6DE1C49A5}.job 2013-10-29 18:05 - 2013-10-29 18:05 - 00003074 _____ C:\Documents and Settings\Michael Hausman\Desktop\JRT.txt 2013-10-29 18:03 - 2011-12-20 19:13 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-29 18:02 - 2013-10-29 18:02 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-29 17:54 - 2013-10-29 17:54 - 01033335 _____ (Thisisu) C:\Documents and Settings\Michael Hausman\Desktop\JRT.exe 2013-10-29 17:52 - 2013-02-22 11:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-29 17:52 - 2011-12-01 16:41 - 01819959 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-29 17:50 - 2011-12-20 19:13 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-29 17:50 - 2011-12-01 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-29 17:50 - 2011-12-01 11:08 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-29 17:50 - 2011-12-01 11:08 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-29 17:50 - 2001-08-23 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-29 17:49 - 2013-10-29 17:28 - 00000000 ____D C:\AdwCleaner 2013-10-29 17:49 - 2011-12-01 16:17 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-29 17:49 - 2011-12-01 16:17 - 00000178 ___SH C:\Documents and Settings\Michael Hausman\ntuser.ini 2013-10-29 17:34 - 2011-12-01 18:44 - 00001018 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003UA.job 2013-10-29 17:28 - 2013-10-29 17:28 - 01060070 _____ C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe 2013-10-29 02:34 - 2011-12-01 18:44 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003Core.job 2013-10-25 17:11 - 2011-12-01 16:17 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-10-23 18:18 - 2013-10-23 18:18 - 00000000 ___SD C:\ComboFix 2013-10-23 18:18 - 2013-10-23 17:14 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-23 18:18 - 2011-12-01 16:13 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-10-23 18:10 - 2013-10-23 17:49 - 00103378 _____ C:\Documents and Settings\Michael Hausman\Desktop\OTL.Txt 2013-10-23 18:02 - 2013-10-22 18:44 - 00025004 _____ C:\WINDOWS\setupapi.log 2013-10-23 17:49 - 2013-10-23 17:49 - 00039250 _____ C:\Documents and Settings\Michael Hausman\Desktop\Extras.Txt 2013-10-23 17:39 - 2013-10-23 17:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe 2013-10-23 17:29 - 2013-10-23 17:29 - 00020834 _____ C:\ComboFix.txt 2013-10-23 17:26 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini 2013-10-23 17:25 - 2011-12-01 11:06 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak 2013-10-23 17:25 - 2011-12-01 11:06 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak 2013-10-23 17:25 - 2011-12-01 11:05 - 29097984 _____ C:\WINDOWS\system32\config\software.bak 2013-10-23 17:25 - 2011-12-01 11:05 - 05505024 _____ C:\WINDOWS\system32\config\system.bak 2013-10-23 17:25 - 2011-12-01 11:05 - 00524288 _____ C:\WINDOWS\system32\config\default.bak 2013-10-23 17:24 - 2013-10-23 17:24 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-10-23 17:19 - 2013-10-23 17:19 - 00000000 _RSHD C:\cmdcons 2013-10-23 17:19 - 2011-12-01 11:05 - 00000327 __RSH C:\boot.ini 2013-10-23 16:56 - 2013-10-22 18:50 - 00005576 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.log 2013-10-23 16:53 - 2011-12-01 18:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2013-10-23 16:50 - 2013-10-23 16:50 - 00001789 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10232013_165005.txt 2013-10-23 16:47 - 2013-10-23 16:14 - 00000000 ____D C:\Program Files\Lavasoft 2013-10-23 16:34 - 2013-10-23 16:33 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys 2013-10-23 16:28 - 2013-10-23 16:28 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\LavasoftStatistics 2013-10-23 16:14 - 2013-10-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection 2013-10-23 16:12 - 2013-10-23 16:11 - 00009301 _____ C:\WINDOWS\KB942288-v3.log 2013-10-23 16:12 - 2013-10-23 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$ 2013-10-23 16:12 - 2013-10-23 16:04 - 00013500 _____ C:\WINDOWS\iis6.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00012365 _____ C:\WINDOWS\FaxSetup.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00005912 _____ C:\WINDOWS\ocgen.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00005643 _____ C:\WINDOWS\tsoc.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00004085 _____ C:\WINDOWS\comsetup.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00003838 _____ C:\WINDOWS\msmqinst.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00002478 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00002166 _____ C:\WINDOWS\netfxocm.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00000850 _____ C:\WINDOWS\MedCtrOC.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00000684 _____ C:\WINDOWS\ocmsn.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00000622 _____ C:\WINDOWS\tabletoc.log 2013-10-23 16:12 - 2013-10-23 16:04 - 00000618 _____ C:\WINDOWS\msgsocm.log 2013-10-23 16:12 - 2011-12-01 11:03 - 00000000 ____D C:\WINDOWS\system32\mui 2013-10-23 16:10 - 2013-10-23 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft 2013-10-23 16:09 - 2013-10-23 16:10 - 01724552 _____ C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe 2013-10-23 16:04 - 2013-10-23 16:04 - 00003487 _____ C:\WINDOWS\ie8Uninst.log 2013-10-23 16:04 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setupact.log 2013-10-23 15:55 - 2013-10-23 15:55 - 00001871 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_D_10232013_155532.txt 2013-10-23 15:55 - 2013-10-22 15:48 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\RK_Quarantine 2013-10-23 15:53 - 2013-10-23 15:53 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\backups 2013-10-22 18:47 - 2013-10-22 18:47 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe 2013-10-22 18:29 - 2013-10-22 18:29 - 00001818 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_182945.txt 2013-10-22 18:16 - 2013-10-22 18:16 - 00277360 _____ C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip 2013-10-22 18:16 - 2013-10-22 16:54 - 00277360 _____ C:\MGlogs.zip 2013-10-22 18:16 - 2013-10-22 16:54 - 00000000 ____D C:\MGtools 2013-10-22 18:15 - 2013-10-22 18:28 - 00008377 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.txt 2013-10-22 16:53 - 2013-10-22 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-22 16:21 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-22 15:59 - 2013-10-22 15:59 - 00000626 _____ C:\Documents and Settings\All Users\Desktop\MBXX.lnk 2013-10-22 15:59 - 2013-10-22 15:59 - 00000000 ____D C:\Program Files\MBxx 2013-10-22 15:56 - 2013-10-22 15:56 - 00001521 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_155629.txt 2013-10-22 15:46 - 2011-12-01 16:17 - 00000000 ____D C:\Documents and Settings\Michael Hausman 2013-10-22 15:44 - 2013-10-22 15:44 - 01990508 _____ C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe 2013-10-22 15:43 - 2013-10-22 15:43 - 09212696 _____ (SurfRight B.V.) C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe 2013-10-22 15:42 - 2013-10-22 15:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe 2013-10-22 15:40 - 2013-10-22 15:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe 2013-10-22 15:38 - 2011-12-01 17:10 - 00000000 __SHD C:\Documents and Settings\Michael Hausman\UserData 2013-10-22 15:30 - 2013-10-22 15:30 - 00955392 _____ C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe 2013-10-22 15:27 - 2013-01-21 14:37 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-22 15:24 - 2013-10-22 15:24 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\CCleaner 2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2013-10-22 15:22 - 2013-10-22 15:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-10-19 17:37 - 2013-10-19 17:37 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Sun 2013-10-19 17:37 - 2011-12-01 16:15 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2013-10-19 17:33 - 2013-10-19 17:33 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software 2013-10-19 17:28 - 2013-02-14 04:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$ 2013-10-19 17:22 - 2011-12-01 18:47 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-10-19 17:14 - 2011-12-01 16:14 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT 2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\Malwarebytes 2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 17:05 - 2013-10-19 17:06 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-19 17:04 - 2013-10-19 17:06 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-19 17:04 - 2013-10-19 17:06 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-19 17:04 - 2013-10-19 17:06 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-19 17:04 - 2013-10-19 17:06 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-19 17:04 - 2013-10-19 17:04 - 00000000 ____D C:\Program Files\Java 2013-10-15 03:32 - 2011-12-17 18:15 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-14 13:47 - 2011-12-01 19:46 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2013-10-14 13:46 - 2011-12-01 19:46 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-10-14 09:37 - 2013-09-29 14:29 - 00000884 __RSH C:\Documents and Settings\Michael Hausman\ntuser.pol 2013-10-14 03:41 - 2011-12-01 11:06 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-14 03:25 - 2011-12-01 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-14 03:22 - 2011-12-01 11:07 - 00543352 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-14 03:19 - 2013-10-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-14 03:18 - 2013-10-14 03:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-14 03:14 - 2013-07-17 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-14 03:11 - 2011-12-01 18:18 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-14 03:09 - 2013-10-14 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-14 03:05 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-14 03:05 - 2011-12-01 18:26 - 00000000 ____D C:\WINDOWS\ie8updates 2013-10-10 09:35 - 2013-10-10 09:35 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-09 17:52 - 2013-10-09 17:52 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-09 17:52 - 2012-03-31 08:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-09 17:52 - 2012-01-13 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-06 13:38 - 2012-07-03 16:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-05 13:40 - 2013-10-04 18:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-04 18:50 - 2013-10-01 13:15 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-10-04 18:11 - 2011-12-01 16:46 - 00070368 _____ C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-10-02 08:03 - 2013-10-02 08:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$ 2013-10-01 13:14 - 2013-10-01 13:14 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-10-01 13:14 - 2011-12-01 18:46 - 00000000 ____D C:\Program Files\MSBuild 2013-10-01 13:13 - 2013-10-01 13:11 - 00000000 ____D C:\167a519225d4cebdda00b125f9f169 2013-10-01 13:13 - 2011-12-01 11:03 - 00000000 ____D C:\WINDOWS\system32\spool 2013-09-29 15:52 - 2011-12-02 15:00 - 00000240 _____ C:\WINDOWS\Brownie.ini 2013-09-29 15:51 - 2011-12-02 15:01 - 00000012 _____ C:\WINDOWS\BRVIDEO.INI 2013-09-29 14:48 - 2011-12-09 18:41 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uTorrent 2013-09-29 14:36 - 2013-09-29 14:33 - 00001423 _____ C:\WINDOWS\system32\InstallUtil.InstallLog 2013-09-29 14:29 - 2013-09-29 14:29 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2013-09-29 14:28 - 2011-12-01 16:17 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-09-29 14:26 - 2013-09-29 14:26 - 00000778 _____ C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Program Files\Flash Player Pro 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\Michael Hausman\My Documents\Flash Player Pro 2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro 2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Program Files\uPlayer 2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uPlayer 2013-09-29 13:12 - 2013-09-29 13:12 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Word Layers Some content of TEMP: ==================== C:\Documents and Settings\Michael Hausman\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================