Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013 Ran by SuperUser (administrator) on SUPERUSE-8CC609 on 11-12-2013 14:15:26 Running from C:\Documents and Settings\SuperUser\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Reimage®) C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [86016 2005-09-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [AlcWzrd] - C:\WINDOWS\ALCWZRD.EXE [2807808 2005-09-21] (RealTek Semicoductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [igfxhkcmd] - c:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-03] (Intel Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) Startup: C:\Documents and Settings\SuperUser\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11 FireFox: ======== FF ProfilePath: C:\Documents and Settings\SuperUser\Application Data\Mozilla\Firefox\Profiles\ask24z0e.default-1377130079953 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: firefox-autofill - C:\Documents and Settings\SuperUser\Application Data\Mozilla\Firefox\Profiles\ask24z0e.default-1377130079953\Extensions\firefox-autofill@googlegroups.com.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchKeyword: google.com CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Extension: (Google Docs) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Documents and Settings\SuperUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-21] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-11-27] (AVAST Software) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [4019560 2013-11-07] (Reimage®) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.) R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-21] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-11-27] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-21] (AVAST Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [247192 2013-12-01] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-21] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-21] () S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 CX23880; C:\Windows\System32\drivers\cx88vid.sys [160000 2004-04-06] (Conexant Systems, Inc.) R2 CX88ENC; C:\Windows\System32\drivers\cx88enc.sys [295808 2004-04-06] (Conexant Systems, Inc.) R3 CXAVXBAR; C:\Windows\System32\drivers\cxavxbar.sys [9344 2004-04-06] (Conexant Systems, Inc.) R2 CXTUNE; C:\Windows\System32\drivers\CX88TUNE.sys [30720 2004-04-06] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software) R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-06] () S0 oqroput; System32\drivers\vcis.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x] S3 UIUSys; system32\drivers\UIUSys.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-12-11 14:15 - 2013-12-11 14:16 - 00013826 _____ C:\Documents and Settings\SuperUser\Desktop\FRST.txt 2013-12-11 14:13 - 2013-12-11 14:13 - 00000000 ____D C:\FRST 2013-12-11 14:02 - 2013-12-11 14:02 - 00000732 _____ C:\Documents and Settings\SuperUser\Desktop\Shortcut to FRST.exe.lnk 2013-12-11 13:57 - 2013-12-11 13:57 - 01060135 _____ (Farbar) C:\Documents and Settings\SuperUser\Desktop\FRST.exe 2013-12-11 03:20 - 2013-12-11 03:21 - 00015276 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-11 03:20 - 2013-12-11 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-11 03:17 - 2013-12-11 03:17 - 00007662 _____ C:\WINDOWS\KB2904266.log 2013-12-11 03:17 - 2013-12-11 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-11 03:08 - 2013-12-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-11 03:08 - 2013-12-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 _____ C:\WINDOWS\setupact.log 2013-12-10 21:19 - 2013-12-11 03:20 - 00015495 _____ C:\WINDOWS\KB2898715.log 2013-12-10 21:19 - 2013-12-11 03:08 - 00015144 _____ C:\WINDOWS\KB2893984.log 2013-12-10 21:19 - 2013-12-11 03:08 - 00014333 _____ C:\WINDOWS\KB2893294.log 2013-12-10 21:19 - 2013-12-11 03:07 - 00013700 _____ C:\WINDOWS\KB2892075.log 2013-12-07 17:12 - 2013-12-07 17:13 - 05877648 _____ C:\Documents and Settings\SuperUser\Desktop\ophcrack-win32-installer-3.6.0.exe 2013-12-04 17:07 - 2013-12-05 04:04 - 00001755 _____ C:\Documents and Settings\SuperUser\Desktop\Vivitar Experience Image Manager.lnk 2013-12-04 17:07 - 2013-12-04 17:07 - 00000000 ____D C:\Documents and Settings\SuperUser\Start Menu\Programs\Vivitar Experience Image Manager 2013-12-04 07:37 - 2013-12-09 22:06 - 00002284 _____ C:\WINDOWS\setupapi.log 2013-12-04 06:21 - 2013-12-04 06:21 - 00000000 ____D C:\Documents and Settings\SuperUser\My Vaults 2013-12-01 18:53 - 2013-12-01 18:53 - 00000000 ____D C:\f66a49fe3914b9771c5ec8ae71a819 2013-12-01 05:46 - 2013-12-11 04:32 - 00001749 _____ C:\Documents and Settings\SuperUser\Desktop\SafeZone Browser.lnk 2013-11-27 14:14 - 2013-11-27 14:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe 2013-11-27 14:13 - 2013-11-27 14:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software 2013-11-27 14:10 - 2013-12-01 05:03 - 00001799 _____ C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk 2013-11-27 14:10 - 2013-12-01 05:03 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk 2013-11-27 14:09 - 2013-12-01 05:02 - 00247192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndis2.sys 2013-11-27 14:07 - 2013-11-27 14:07 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys 2013-11-27 13:53 - 2013-11-27 13:53 - 00000000 ____D C:\01849596f3458a11c4a4 2013-11-23 03:00 - 2013-11-23 03:00 - 00000000 _____ C:\Documents and Settings\SuperUser\Desktop\AdobeAIRInstaller.exe 2013-11-22 03:39 - 2013-11-22 03:39 - 00000000 ____D C:\Documents and Settings\SuperUser\Application Data\AVAST Software 2013-11-21 12:49 - 2013-11-27 14:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2013-11-20 18:05 - 2013-11-20 18:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun 2013-11-15 17:38 - 2013-11-21 10:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 03:21 - 2013-11-14 03:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 03:19 - 2013-12-05 03:09 - 00013727 _____ C:\WINDOWS\KB2900986.log 2013-11-14 03:19 - 2013-11-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 03:16 - 2013-11-14 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 03:16 - 2013-11-14 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 03:14 - 2013-11-14 03:16 - 00012081 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-13 04:07 - 2013-11-14 03:21 - 00016537 _____ C:\WINDOWS\KB2868626.log 2013-11-13 04:06 - 2013-11-14 03:16 - 00015441 _____ C:\WINDOWS\KB2862152.log 2013-11-13 04:06 - 2013-11-14 03:16 - 00014930 _____ C:\WINDOWS\KB2876331.log ==================== One Month Modified Files and Folders ======= 2013-12-11 14:16 - 2013-12-11 14:15 - 00013826 _____ C:\Documents and Settings\SuperUser\Desktop\FRST.txt 2013-12-11 14:13 - 2013-12-11 14:13 - 00000000 ____D C:\FRST 2013-12-11 14:02 - 2013-12-11 14:02 - 00000732 _____ C:\Documents and Settings\SuperUser\Desktop\Shortcut to FRST.exe.lnk 2013-12-11 13:57 - 2013-12-11 13:57 - 01060135 _____ (Farbar) C:\Documents and Settings\SuperUser\Desktop\FRST.exe 2013-12-11 13:51 - 2012-04-16 15:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-11 11:58 - 2012-02-26 12:00 - 01724070 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-11 05:02 - 2013-08-04 08:21 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-12-11 04:32 - 2013-12-01 05:46 - 00001749 _____ C:\Documents and Settings\SuperUser\Desktop\SafeZone Browser.lnk 2013-12-11 04:30 - 2013-08-06 14:59 - 00000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-527237240-682003330-1003.job 2013-12-11 03:39 - 2012-02-26 11:10 - 00000000 ____D C:\WINDOWS\Registration 2013-12-11 03:38 - 2012-02-26 12:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-11 03:38 - 2012-02-26 03:57 - 00271784 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-11 03:38 - 2004-08-10 05:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-11 03:37 - 2012-02-26 12:08 - 00000178 ___SH C:\Documents and Settings\SuperUser\ntuser.ini 2013-12-11 03:37 - 2012-02-26 12:06 - 00032502 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-11 03:21 - 2013-12-11 03:20 - 00015276 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-11 03:21 - 2012-02-26 17:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-12-11 03:21 - 2012-02-26 12:39 - 00297750 _____ C:\WINDOWS\updspapi.log 2013-12-11 03:21 - 2012-02-26 11:10 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-12-11 03:21 - 2012-02-26 03:59 - 01860184 _____ C:\WINDOWS\iis6.log 2013-12-11 03:21 - 2012-02-26 03:59 - 01677863 _____ C:\WINDOWS\FaxSetup.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00842507 _____ C:\WINDOWS\ocgen.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00779947 _____ C:\WINDOWS\tsoc.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00568206 _____ C:\WINDOWS\comsetup.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00519492 _____ C:\WINDOWS\msmqinst.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00345257 _____ C:\WINDOWS\ntdtcsetup.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00310579 _____ C:\WINDOWS\netfxocm.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00216076 _____ C:\WINDOWS\MedCtrOC.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00201966 _____ C:\WINDOWS\plusoc.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00095425 _____ C:\WINDOWS\ehOCGen.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00093684 _____ C:\WINDOWS\ocmsn.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00084847 _____ C:\WINDOWS\msgsocm.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00084798 _____ C:\WINDOWS\tabletoc.log 2013-12-11 03:21 - 2012-02-26 03:59 - 00001393 _____ C:\WINDOWS\imsins.log 2013-12-11 03:20 - 2013-12-11 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-11 03:20 - 2013-12-10 21:19 - 00015495 _____ C:\WINDOWS\KB2898715.log 2013-12-11 03:20 - 2012-02-26 13:26 - 00000000 ____D C:\WINDOWS\ie8updates 2013-12-11 03:20 - 2012-02-26 03:59 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-12-11 03:17 - 2013-12-11 03:17 - 00007662 _____ C:\WINDOWS\KB2904266.log 2013-12-11 03:17 - 2013-12-11 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-11 03:17 - 2012-02-26 16:19 - 00030536 _____ C:\WINDOWS\system32\TZLog.log 2013-12-11 03:14 - 2013-08-01 05:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-11 03:08 - 2013-12-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-11 03:08 - 2013-12-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-11 03:08 - 2013-12-10 21:19 - 00015144 _____ C:\WINDOWS\KB2893984.log 2013-12-11 03:08 - 2013-12-10 21:19 - 00014333 _____ C:\WINDOWS\KB2893294.log 2013-12-11 03:08 - 2012-02-26 13:22 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-11 03:07 - 2013-12-11 03:07 - 00000000 _____ C:\WINDOWS\setupact.log 2013-12-11 03:07 - 2013-12-10 21:19 - 00013700 _____ C:\WINDOWS\KB2892075.log 2013-12-10 19:51 - 2012-04-16 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-10 19:51 - 2012-04-16 15:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-09 22:06 - 2013-12-04 07:37 - 00002284 _____ C:\WINDOWS\setupapi.log 2013-12-09 21:15 - 2013-07-29 19:04 - 00000294 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-527237240-682003330-1003.job 2013-12-08 15:02 - 2013-08-20 14:11 - 00002835 _____ C:\WINDOWS\system32\ScanResults.xml 2013-12-08 14:59 - 2013-11-02 05:19 - 00001056 _____ C:\WINDOWS\system32\SettingsFile 2013-12-07 18:53 - 2012-06-05 00:54 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-12-07 17:13 - 2013-12-07 17:12 - 05877648 _____ C:\Documents and Settings\SuperUser\Desktop\ophcrack-win32-installer-3.6.0.exe 2013-12-05 04:24 - 2013-09-09 10:44 - 00000000 ____D C:\Documents and Settings\SuperUser\Local Settings\Application Data\Vivitar Experience Image Manager 2013-12-05 04:05 - 2013-09-09 10:45 - 00000000 ____D C:\Documents and Settings\SuperUser\Application Data\vlc 2013-12-05 04:04 - 2013-12-04 17:07 - 00001755 _____ C:\Documents and Settings\SuperUser\Desktop\Vivitar Experience Image Manager.lnk 2013-12-05 04:04 - 2013-09-23 12:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow 2013-12-05 04:02 - 2013-09-05 14:05 - 00000000 ____D C:\Program Files\Vivitar Experience Image Manager 2013-12-05 03:09 - 2013-11-14 03:19 - 00013727 _____ C:\WINDOWS\KB2900986.log 2013-12-04 17:07 - 2013-12-04 17:07 - 00000000 ____D C:\Documents and Settings\SuperUser\Start Menu\Programs\Vivitar Experience Image Manager 2013-12-04 13:57 - 2012-02-26 11:10 - 00067773 _____ C:\WINDOWS\wmsetup.log 2013-12-04 12:24 - 2013-09-04 02:17 - 00000000 ____D C:\Documents and Settings\All Users\Documents\PhotoEditor_Log 2013-12-04 12:24 - 2013-09-04 02:17 - 00000000 ____D C:\Documents and Settings\All Users\Documents\PhotoEditor 2013-12-04 07:37 - 2012-02-26 04:02 - 00000309 _____ C:\WINDOWS\wiadebug.log 2013-12-04 06:59 - 2013-04-11 16:17 - 00000000 ____D C:\Program Files\HP 2013-12-04 06:53 - 2012-02-26 03:50 - 00000000 ____D C:\WINDOWS\twain_32 2013-12-04 06:52 - 2012-02-26 11:04 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories 2013-12-04 06:21 - 2013-12-04 06:21 - 00000000 ____D C:\Documents and Settings\SuperUser\My Vaults 2013-12-04 05:12 - 2012-02-26 04:02 - 00000049 _____ C:\WINDOWS\wiaservc.log 2013-12-01 18:53 - 2013-12-01 18:53 - 00000000 ____D C:\f66a49fe3914b9771c5ec8ae71a819 2013-12-01 06:33 - 2012-03-26 21:56 - 00000000 ____D C:\Documents and Settings\SuperUser\Local Settings\Application Data\Adobe 2013-12-01 05:09 - 2013-08-10 05:28 - 00000000 ___RD C:\Documents and Settings\SuperUser\My Documents\HP Photo Creations 2013-12-01 05:03 - 2013-11-27 14:10 - 00001799 _____ C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk 2013-12-01 05:03 - 2013-11-27 14:10 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk 2013-12-01 05:02 - 2013-11-27 14:09 - 00247192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndis2.sys 2013-12-01 04:50 - 2013-09-17 15:27 - 00000000 ____D C:\Documents and Settings\Administrator 2013-12-01 04:50 - 2012-02-26 12:06 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-12-01 04:50 - 2012-02-26 12:05 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-11-27 14:41 - 2013-08-23 03:41 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-11-27 14:14 - 2013-11-27 14:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe 2013-11-27 14:13 - 2013-11-27 14:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVAST Software 2013-11-27 14:10 - 2013-11-21 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2013-11-27 14:08 - 2013-09-10 23:01 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2013-11-27 14:07 - 2013-11-27 14:07 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys 2013-11-27 13:53 - 2013-11-27 13:53 - 00000000 ____D C:\01849596f3458a11c4a4 2013-11-27 13:30 - 2013-09-17 15:27 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-11-23 03:00 - 2013-11-23 03:00 - 00000000 _____ C:\Documents and Settings\SuperUser\Desktop\AdobeAIRInstaller.exe 2013-11-22 17:11 - 2012-02-26 17:09 - 00000000 ____D C:\Program Files\Google 2013-11-22 17:08 - 2013-07-21 19:24 - 00000000 ____D C:\Program Files\Bonjour 2013-11-22 03:39 - 2013-11-22 03:39 - 00000000 ____D C:\Documents and Settings\SuperUser\Application Data\AVAST Software 2013-11-22 03:33 - 2012-04-29 20:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-22 03:13 - 2012-02-26 03:59 - 00565078 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-11-21 12:49 - 2013-08-04 08:21 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus 2013-11-21 12:48 - 2013-08-04 08:21 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-11-21 12:48 - 2013-08-04 08:21 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-11-21 12:48 - 2013-08-04 08:21 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-11-21 12:48 - 2013-08-04 08:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-11-21 12:43 - 2013-08-04 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2013-11-21 12:42 - 2012-02-26 12:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT 2013-11-21 10:25 - 2013-11-15 17:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-20 18:05 - 2013-11-20 18:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun 2013-11-14 03:21 - 2013-11-14 03:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 03:21 - 2013-11-13 04:07 - 00016537 _____ C:\WINDOWS\KB2868626.log 2013-11-14 03:19 - 2013-11-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 03:16 - 2013-11-14 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 03:16 - 2013-11-14 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 03:16 - 2013-11-14 03:14 - 00012081 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-14 03:16 - 2013-11-13 04:06 - 00015441 _____ C:\WINDOWS\KB2862152.log 2013-11-14 03:16 - 2013-11-13 04:06 - 00014930 _____ C:\WINDOWS\KB2876331.log 2013-11-12 19:59 - 2012-02-29 07:10 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imagehlp.dll 2013-11-12 19:59 - 2004-08-10 05:00 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-11-12 18:13 - 2012-02-26 12:42 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe Some content of TEMP: ==================== C:\Documents and Settings\SuperUser\Local Settings\temp\Couponscom.exe C:\Documents and Settings\SuperUser\Local Settings\temp\HitmanPro.exe C:\Documents and Settings\SuperUser\Local Settings\temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\SuperUser\Local Settings\temp\june45pf.dll C:\Documents and Settings\SuperUser\Local Settings\temp\SamsungPhotoEditor.exe C:\Documents and Settings\SuperUser\Local Settings\temp\UNNeroVision.exe C:\Documents and Settings\SuperUser\Local Settings\temp\UNNMP.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================