V9 Fallout Cannot Stop Popups and Redirects

I

INEEDHELP

New Member
Thread author
May 24, 2014
6
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by Eden (administrator) on EDEN-PC on 24-05-2014 02:03:39
Running from C:\Users\Eden\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\spotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify Web Helper] => C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify] => C:\Users\Eden\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [uTorrent] => "C:\Users\Eden\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe" /MINIMIZED
HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - {0723DF1D-E97C-424F-92B7-5DA1AC2CF786} URL = http://search.genieo.com/results.ht...Search,20140103,19841,FF26,0,&q={searchTerms}
SearchScopes: HKCU - {382A6B64-00AC-4218-975C-99220B7AC39D} URL = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\71gquq8y.default-1400903132990
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={F8203DAD-6EF9-4EB1-9023-8E7A9F26FE7C}&mid=4306625bd35d47d2803639d3c9874292-e129cc86e4d8562779785034f6e4baad2b2c1a3e&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-05-17 22:01:17&v=3.0.0.2&pid=wtu&sg=&sap=hp"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Eden\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-05-24] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-05-12] ()
R2 SystemUpdatekb70007; C:\windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2014-05-12] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 02:02 - 2014-05-24 02:03 - 00000000 ____D () C:\FRST
2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe
2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe
2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe
2014-05-24 01:54 - 2014-05-24 02:03 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt
2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt
2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe
2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat
2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe
2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader
2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-24 00:29 - 2014-05-24 00:32 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe
2014-05-24 00:28 - 2014-05-24 00:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe
2014-05-24 00:25 - 2014-05-24 00:28 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe
2014-05-23 23:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-23 23:35 - 2014-05-24 01:09 - 00000000 ____D () C:\AdwCleaner
2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe
2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-23 23:15 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-05-23 23:14 - 2014-05-23 23:15 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe
2014-05-23 11:16 - 2014-05-23 11:17 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla
2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update
2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG
2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG
2014-05-16 20:24 - 2014-05-16 20:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-16 20:24 - 2014-05-16 20:28 - 00000000 ____D () C:\ProgramData\AVG
2014-05-16 20:21 - 2014-05-16 20:23 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe
2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014
2014-05-16 18:32 - 2014-05-20 19:43 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-16 18:32 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software
2014-05-16 18:30 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG
2014-05-16 18:28 - 2014-05-22 20:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-16 18:22 - 2014-05-16 18:24 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe
2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013
2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe
2014-05-16 18:12 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 18:12 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 18:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 18:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 18:12 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 18:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 18:11 - 2014-05-22 20:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-16 18:11 - 2014-05-16 18:46 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014
2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData
2014-05-16 18:10 - 2014-05-16 18:11 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-15 11:51 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 11:51 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 11:51 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 11:51 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 11:51 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 11:51 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 11:51 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 11:51 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 11:51 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 11:50 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 11:50 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 11:50 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 11:50 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 11:50 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 11:50 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 11:50 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 11:50 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 11:50 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 11:50 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 11:50 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 11:50 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 11:50 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 11:50 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 11:50 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-15 11:33 - 2014-05-15 11:34 - 00000000 ____D () C:\504068dbb5a199f51b
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-05-12 20:13 - 2014-05-24 01:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 20:03 - 2014-05-12 20:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 20:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 20:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 20:00 - 2014-05-12 20:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache
2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache
2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe
2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe
2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache
2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe
2014-05-12 12:39 - 2014-05-12 13:02 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm
2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6}
2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe
2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe
2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe
2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe
2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe
2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe
2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe
2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe
2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe
2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe
2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe
2014-05-11 20:57 - 2014-05-11 20:58 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe
2014-05-11 19:11 - 2014-05-12 00:19 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp
2014-05-11 19:11 - 2014-05-11 19:14 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload
2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp
2014-05-11 18:22 - 2014-05-11 18:27 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body
2014-05-11 18:10 - 2014-05-12 00:46 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58
2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages
2014-05-11 18:09 - 2014-05-23 23:23 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent
2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator
2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe
2014-05-11 16:01 - 2014-05-16 18:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 19:50 - 2014-05-07 10:21 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx

==================== One Month Modified Files and Folders =======

2014-05-24 02:03 - 2014-05-24 02:02 - 00000000 ____D () C:\FRST
2014-05-24 02:03 - 2014-05-24 01:54 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt
2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe
2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe
2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe
2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt
2014-05-24 01:44 - 2011-03-23 22:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-24 01:33 - 2012-05-22 16:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe
2014-05-24 01:32 - 2011-06-22 18:12 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 01:24 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-24 01:22 - 2011-06-22 17:42 - 01211873 _____ () C:\windows\WindowsUpdate.log
2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Spotify
2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\Spotify
2014-05-24 01:18 - 2014-05-12 20:13 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 01:18 - 2011-06-22 18:12 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-24 01:17 - 2010-11-20 23:47 - 01105642 _____ () C:\windows\PFRO.log
2014-05-24 01:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-24 01:17 - 2009-07-14 00:51 - 00126557 _____ () C:\windows\setupact.log
2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat
2014-05-24 01:09 - 2014-05-23 23:35 - 00000000 ____D () C:\AdwCleaner
2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe
2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader
2014-05-24 00:43 - 2014-05-24 00:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-24 00:32 - 2014-05-24 00:29 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe
2014-05-24 00:28 - 2014-05-24 00:25 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe
2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe
2014-05-23 23:45 - 2013-11-23 17:40 - 00000000 ____D () C:\Users\Eden\Desktop\Old Firefox Data
2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe
2014-05-23 23:23 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent
2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-23 23:15 - 2014-05-23 23:14 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe
2014-05-23 11:17 - 2014-05-23 11:16 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla
2014-05-22 22:54 - 2014-03-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-22 22:47 - 2011-07-24 00:49 - 00000000 ____D () C:\Users\Eden\AppData\Local\Google
2014-05-22 20:40 - 2014-05-16 18:28 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-22 20:28 - 2014-05-16 18:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-05-20 19:43 - 2014-05-16 18:32 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-20 19:43 - 2014-05-16 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update
2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-05-16 20:33 - 2014-05-16 20:24 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-16 20:33 - 2011-07-26 14:30 - 00000000 ____D () C:\Users\Eden\AppData\Local\Downloaded Installations
2014-05-16 20:33 - 2011-07-26 02:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-16 20:33 - 2011-06-22 18:06 - 00000000 __HDC () C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2014-05-16 20:28 - 2014-05-16 20:24 - 00000000 ____D () C:\ProgramData\AVG
2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG
2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG
2014-05-16 20:23 - 2014-05-16 20:21 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe
2014-05-16 18:46 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014
2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-05-16 18:43 - 2011-07-24 00:48 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 18:43 - 2011-07-24 00:46 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 18:38 - 2014-05-11 16:01 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014
2014-05-16 18:33 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG
2014-05-16 18:24 - 2014-05-16 18:22 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe
2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013
2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe
2014-05-16 18:18 - 2011-08-05 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData
2014-05-16 18:11 - 2014-05-16 18:10 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-16 17:57 - 2012-05-22 16:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 17:57 - 2012-05-22 16:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 17:57 - 2011-09-27 23:23 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 11:34 - 2014-05-15 11:33 - 00000000 ____D () C:\504068dbb5a199f51b
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 20:04 - 2014-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 20:04 - 2012-08-19 19:36 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Malwarebytes
2014-05-12 20:04 - 2012-08-15 12:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-12 20:04 - 2012-08-15 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 20:02 - 2014-05-12 20:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache
2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache
2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe
2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe
2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe
2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache
2014-05-12 13:02 - 2014-05-12 12:39 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm
2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe
2014-05-12 00:46 - 2014-05-11 18:10 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58
2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6}
2014-05-12 00:19 - 2014-05-11 19:11 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp
2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe
2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe
2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe
2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe
2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe
2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe
2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe
2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe
2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe
2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe
2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe
2014-05-11 20:58 - 2014-05-11 20:57 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe
2014-05-11 20:02 - 2011-06-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-11 19:14 - 2014-05-11 19:11 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload
2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp
2014-05-11 18:27 - 2014-05-11 18:22 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body
2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages
2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator
2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe
2014-05-09 02:14 - 2014-05-15 11:51 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-15 11:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-07 23:27 - 2011-06-22 18:12 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 23:27 - 2011-06-22 18:12 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 10:21 - 2014-05-06 19:50 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx
2014-05-06 00:40 - 2014-05-16 18:12 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 18:12 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 18:12 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 18:12 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-03 22:51 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache

Some content of TEMP:
====================
C:\Users\Eden\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Eden\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Eden\AppData\Local\Temp\IeSearchProvider7194736947786751926.exe
C:\Users\Eden\AppData\Local\Temp\Quarantine.exe
C:\Users\Eden\AppData\Local\Temp\SCC.dll
C:\Users\Eden\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Eden\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Eden\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Eden\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Eden\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Eden\AppData\Local\Temp\SymCCIS.dll
C:\Users\Eden\AppData\Local\Temp\updater_uninstall.exe
C:\Users\Eden\AppData\Local\Temp\_is517D.exe
C:\Users\Eden\AppData\Local\Temp\_isA57B.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-16 21:32

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I noticed you have more than one antivirus installed. Only one is optimal. Choose whether to uninstall AVG or Microsoft.




Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 122
I

INEEDHELP

New Member
Thread author
May 24, 2014
6
I uninstalled AVG. I don't know if I removed all of AVG though. Attached is the fixlog.
 

Attachments

  • Fixlog.txt
    10.3 KB · Views: 131
I

INEEDHELP

New Member
Thread author
May 24, 2014
6
I also just noticed I have Setup (1,2,3, and 4). exe that keep downloading on Chrome for no apparent reason.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I attached to you fixlist for you, and you used something else. Please don't do anything from other topics, but from this one only...
 
I

INEEDHELP

New Member
Thread author
May 24, 2014
6
I'm really sorry. I am not sure what I did before. I hope I did the right thing this time?
 

Attachments

  • Fixlog.txt
    3.4 KB · Views: 69
I

INEEDHELP

New Member
Thread author
May 24, 2014
6
So far it has been SOO much better! No more annoying popups and redirects. Thank you so much for your help and patience!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,992
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,847
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,850
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top