Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
V9 Fallout Cannot Stop Popups and Redirects
Message
<blockquote data-quote="INEEDHELP" data-source="post: 199278" data-attributes="member: 22903"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014</p><p>Ran by Eden (administrator) on EDEN-PC on 24-05-2014 02:03:39</p><p>Running from C:\Users\Eden\Downloads</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a> </p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a> </p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(The Privoxy team - <a href="http://www.privoxy.org" target="_blank">www.privoxy.org</a>) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\spotify.exe</p><p>(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</p><p>(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe</p><p>(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe</p><p>(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe</p><p>(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe</p><p>() C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [] => [X]</p><p>HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)</p><p>HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)</p><p>HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)</p><p>HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)</p><p>HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)</p><p>HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify Web Helper] => C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)</p><p>HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify] => C:\Users\Eden\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd)</p><p>HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [uTorrent] => "C:\Users\Eden\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe" /MINIMIZED</p><p>HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\MountPoints2: E - E:\LaunchU3.exe -a</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>ProxyEnable: Internet Explorer proxy is enabled.</p><p>ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118</p><p>StartMenuInternet: IEXPLORE.EXE - iexplore.exe</p><p>SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ</a></p><p>SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ</a></p><p>SearchScopes: HKCU - {0723DF1D-E97C-424F-92B7-5DA1AC2CF786} URL = <a href="http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20140103,19841,FF26,0,&q={searchTerms}" target="_blank">http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20140103,19841,FF26,0,&q={searchTerms}</a></p><p>SearchScopes: HKCU - {382A6B64-00AC-4218-975C-99220B7AC39D} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en</a></p><p>SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ</a></p><p>BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File</p><p>BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File</p><p>Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\71gquq8y.default-1400903132990</p><p>FF NetworkProxy: "http", "127.0.0.1"</p><p>FF NetworkProxy: "http_port", 8118</p><p>FF NetworkProxy: "ssl", "127.0.0.1"</p><p>FF NetworkProxy: "ssl_port", 8118</p><p>FF NetworkProxy: "type", 1</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()</p><p>FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)</p><p>FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\<a href="mailto:linkfilter@kaspersky.ru">linkfilter@kaspersky.ru</a>_bak [2014-03-29]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:virtualKeyboard@kaspersky.ru">virtualKeyboard@kaspersky.ru</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\<a href="mailto:virtualKeyboard@kaspersky.ru">virtualKeyboard@kaspersky.ru</a></p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:linkfilter@kaspersky.ru">linkfilter@kaspersky.ru</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\<a href="mailto:linkfilter@kaspersky.ru">linkfilter@kaspersky.ru</a></p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://google.com/</p><p>CHR StartupUrls: "hxxp://mysearch.avg.com?cid={F8203DAD-6EF9-4EB1-9023-8E7A9F26FE7C}&mid=4306625bd35d47d2803639d3c9874292-e129cc86e4d8562779785034f6e4baad2b2c1a3e&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-05-17 22:01:17&v=3.0.0.2&pid=wtu&sg=&sap=hp"</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File</p><p>CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)</p><p>CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File</p><p>CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File</p><p>CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File</p><p>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Remoting Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()</p><p>CHR Plugin: (Skype Toolbars) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll No File</p><p>CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)</p><p>CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Eden\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File</p><p>CHR Plugin: (Default Plug-in) - default_plugin No File</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]</p><p>CHR Extension: (Google Wallet) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-05-24] (SurfRight B.V.)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)</p><p>R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)</p><p>R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)</p><p>R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-05-12] ()</p><p>R2 SystemUpdatekb70007; C:\windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()</p><p>R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2014-05-12] ()</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)</p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)</p><p>R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-24] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-05-24 02:02 - 2014-05-24 02:03 - 00000000 ____D () C:\FRST</p><p>2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe</p><p>2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe</p><p>2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe</p><p>2014-05-24 01:54 - 2014-05-24 02:03 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt</p><p>2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt</p><p>2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe</p><p>2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR</p><p>2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat</p><p>2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe</p><p>2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-05-24 00:29 - 2014-05-24 00:32 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe</p><p>2014-05-24 00:28 - 2014-05-24 00:43 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe</p><p>2014-05-24 00:25 - 2014-05-24 00:28 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe</p><p>2014-05-23 23:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll</p><p>2014-05-23 23:35 - 2014-05-24 01:09 - 00000000 ____D () C:\AdwCleaner</p><p>2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group</p><p>2014-05-23 23:15 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys</p><p>2014-05-23 23:14 - 2014-05-23 23:15 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe</p><p>2014-05-23 11:16 - 2014-05-23 11:17 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla</p><p>2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe</p><p>2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software</p><p>2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software</p><p>2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update</p><p>2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program</p><p>2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG</p><p>2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG</p><p>2014-05-16 20:24 - 2014-05-16 20:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}</p><p>2014-05-16 20:24 - 2014-05-16 20:28 - 00000000 ____D () C:\ProgramData\AVG</p><p>2014-05-16 20:21 - 2014-05-16 20:23 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe</p><p>2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys</p><p>2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014</p><p>2014-05-16 18:32 - 2014-05-20 19:43 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk</p><p>2014-05-16 18:32 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software</p><p>2014-05-16 18:30 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\AVG2014</p><p>2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG</p><p>2014-05-16 18:28 - 2014-05-22 20:40 - 00000000 ____D () C:\Program Files (x86)\AVG</p><p>2014-05-16 18:22 - 2014-05-16 18:24 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe</p><p>2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013</p><p>2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe</p><p>2014-05-16 18:12 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll</p><p>2014-05-16 18:12 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb</p><p>2014-05-16 18:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll</p><p>2014-05-16 18:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb</p><p>2014-05-16 18:12 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll</p><p>2014-05-16 18:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll</p><p>2014-05-16 18:11 - 2014-05-22 20:28 - 00000000 ____D () C:\ProgramData\MFAData</p><p>2014-05-16 18:11 - 2014-05-16 18:46 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014</p><p>2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData</p><p>2014-05-16 18:10 - 2014-05-16 18:11 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe</p><p>2014-05-15 11:51 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll</p><p>2014-05-15 11:51 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll</p><p>2014-05-15 11:51 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll</p><p>2014-05-15 11:51 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll</p><p>2014-05-15 11:51 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll</p><p>2014-05-15 11:51 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll</p><p>2014-05-15 11:51 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe</p><p>2014-05-15 11:51 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe</p><p>2014-05-15 11:51 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll</p><p>2014-05-15 11:50 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys</p><p>2014-05-15 11:50 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys</p><p>2014-05-15 11:50 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll</p><p>2014-05-15 11:50 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe</p><p>2014-05-15 11:50 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll</p><p>2014-05-15 11:50 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll</p><p>2014-05-15 11:50 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll</p><p>2014-05-15 11:50 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll</p><p>2014-05-15 11:50 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll</p><p>2014-05-15 11:33 - 2014-05-15 11:34 - 00000000 ____D () C:\504068dbb5a199f51b</p><p>2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys</p><p>2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys</p><p>2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys</p><p>2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys</p><p>2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys</p><p>2014-05-12 20:13 - 2014-05-24 01:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-05-12 20:03 - 2014-05-12 20:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-05-12 20:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys</p><p>2014-05-12 20:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys</p><p>2014-05-12 20:00 - 2014-05-12 20:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe</p><p>2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache</p><p>2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache</p><p>2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe</p><p>2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe</p><p>2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache</p><p>2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe</p><p>2014-05-12 12:39 - 2014-05-12 13:02 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm</p><p>2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6}</p><p>2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe</p><p>2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe</p><p>2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe</p><p>2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe</p><p>2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe</p><p>2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe</p><p>2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe</p><p>2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe</p><p>2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe</p><p>2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe</p><p>2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe</p><p>2014-05-11 20:57 - 2014-05-11 20:58 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe</p><p>2014-05-11 19:11 - 2014-05-12 00:19 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp</p><p>2014-05-11 19:11 - 2014-05-11 19:14 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload</p><p>2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp</p><p>2014-05-11 18:22 - 2014-05-11 18:27 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body</p><p>2014-05-11 18:10 - 2014-05-12 00:46 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58</p><p>2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages</p><p>2014-05-11 18:09 - 2014-05-23 23:23 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator</p><p>2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe</p><p>2014-05-11 16:01 - 2014-05-16 18:38 - 00000000 ___SD () C:\windows\system32\CompatTel</p><p>2014-05-06 19:50 - 2014-05-07 10:21 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-05-24 02:03 - 2014-05-24 02:02 - 00000000 ____D () C:\FRST</p><p>2014-05-24 02:03 - 2014-05-24 01:54 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt</p><p>2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe</p><p>2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe</p><p>2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe</p><p>2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt</p><p>2014-05-24 01:44 - 2011-03-23 22:26 - 00000000 ____D () C:\Program Files (x86)\Java</p><p>2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\ProgramData\Adobe</p><p>2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\Program Files (x86)\Adobe</p><p>2014-05-24 01:33 - 2012-05-22 16:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe</p><p>2014-05-24 01:32 - 2011-06-22 18:12 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-05-24 01:24 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI</p><p>2014-05-24 01:22 - 2011-06-22 17:42 - 01211873 _____ () C:\windows\WindowsUpdate.log</p><p>2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Spotify</p><p>2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\Spotify</p><p>2014-05-24 01:18 - 2014-05-12 20:13 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-05-24 01:18 - 2011-06-22 18:12 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR</p><p>2014-05-24 01:17 - 2010-11-20 23:47 - 01105642 _____ () C:\windows\PFRO.log</p><p>2014-05-24 01:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT</p><p>2014-05-24 01:17 - 2009-07-14 00:51 - 00126557 _____ () C:\windows\setupact.log</p><p>2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat</p><p>2014-05-24 01:09 - 2014-05-23 23:35 - 00000000 ____D () C:\AdwCleaner</p><p>2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe</p><p>2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader</p><p>2014-05-24 00:43 - 2014-05-24 00:28 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-05-24 00:32 - 2014-05-24 00:29 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe</p><p>2014-05-24 00:28 - 2014-05-24 00:25 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe</p><p>2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe</p><p>2014-05-23 23:45 - 2013-11-23 17:40 - 00000000 ____D () C:\Users\Eden\Desktop\Old Firefox Data</p><p>2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe</p><p>2014-05-23 23:23 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro</p><p>2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group</p><p>2014-05-23 23:15 - 2014-05-23 23:14 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe</p><p>2014-05-23 11:17 - 2014-05-23 11:16 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla</p><p>2014-05-22 22:54 - 2014-03-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe</p><p>2014-05-22 22:47 - 2011-07-24 00:49 - 00000000 ____D () C:\Users\Eden\AppData\Local\Google</p><p>2014-05-22 20:40 - 2014-05-16 18:28 - 00000000 ____D () C:\Program Files (x86)\AVG</p><p>2014-05-22 20:28 - 2014-05-16 18:11 - 00000000 ____D () C:\ProgramData\MFAData</p><p>2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software</p><p>2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software</p><p>2014-05-20 19:43 - 2014-05-16 18:32 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk</p><p>2014-05-20 19:43 - 2014-05-16 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update</p><p>2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program</p><p>2014-05-16 20:33 - 2014-05-16 20:24 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}</p><p>2014-05-16 20:33 - 2011-07-26 14:30 - 00000000 ____D () C:\Users\Eden\AppData\Local\Downloaded Installations</p><p>2014-05-16 20:33 - 2011-07-26 02:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}</p><p>2014-05-16 20:33 - 2011-06-22 18:06 - 00000000 __HDC () C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}</p><p>2014-05-16 20:28 - 2014-05-16 20:24 - 00000000 ____D () C:\ProgramData\AVG</p><p>2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG</p><p>2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG</p><p>2014-05-16 20:23 - 2014-05-16 20:21 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe</p><p>2014-05-16 18:46 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014</p><p>2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys</p><p>2014-05-16 18:43 - 2011-07-24 00:48 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2014-05-16 18:43 - 2011-07-24 00:46 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2014-05-16 18:38 - 2014-05-11 16:01 - 00000000 ___SD () C:\windows\system32\CompatTel</p><p>2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014</p><p>2014-05-16 18:33 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\AVG2014</p><p>2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software</p><p>2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG</p><p>2014-05-16 18:24 - 2014-05-16 18:22 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe</p><p>2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013</p><p>2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe</p><p>2014-05-16 18:18 - 2011-08-05 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData</p><p>2014-05-16 18:11 - 2014-05-16 18:10 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe</p><p>2014-05-16 17:57 - 2012-05-22 16:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-05-16 17:57 - 2012-05-22 16:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater</p><p>2014-05-16 17:57 - 2011-09-27 23:23 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-05-15 11:34 - 2014-05-15 11:33 - 00000000 ____D () C:\504068dbb5a199f51b</p><p>2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys</p><p>2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys</p><p>2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys</p><p>2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys</p><p>2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys</p><p>2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys</p><p>2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-05-12 20:04 - 2014-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-05-12 20:04 - 2012-08-19 19:36 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Malwarebytes</p><p>2014-05-12 20:04 - 2012-08-15 12:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-05-12 20:04 - 2012-08-15 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-05-12 20:02 - 2014-05-12 20:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe</p><p>2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache</p><p>2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache</p><p>2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe</p><p>2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe</p><p>2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe</p><p>2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache</p><p>2014-05-12 13:02 - 2014-05-12 12:39 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm</p><p>2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe</p><p>2014-05-12 00:46 - 2014-05-11 18:10 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58</p><p>2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6}</p><p>2014-05-12 00:19 - 2014-05-11 19:11 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp</p><p>2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe</p><p>2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe</p><p>2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe</p><p>2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe</p><p>2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe</p><p>2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe</p><p>2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe</p><p>2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe</p><p>2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe</p><p>2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe</p><p>2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe</p><p>2014-05-11 20:58 - 2014-05-11 20:57 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe</p><p>2014-05-11 20:02 - 2011-06-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-05-11 19:14 - 2014-05-11 19:11 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload</p><p>2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp</p><p>2014-05-11 18:27 - 2014-05-11 18:22 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body</p><p>2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo</p><p>2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator</p><p>2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe</p><p>2014-05-09 02:14 - 2014-05-15 11:51 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll</p><p>2014-05-09 02:11 - 2014-05-15 11:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll</p><p>2014-05-07 23:27 - 2011-06-22 18:12 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-05-07 23:27 - 2011-06-22 18:12 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-05-07 10:21 - 2014-05-06 19:50 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx</p><p>2014-05-06 00:40 - 2014-05-16 18:12 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll</p><p>2014-05-06 00:17 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb</p><p>2014-05-05 23:25 - 2014-05-16 18:12 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll</p><p>2014-05-05 23:07 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb</p><p>2014-05-05 23:00 - 2014-05-16 18:12 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll</p><p>2014-05-05 22:10 - 2014-05-16 18:12 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll</p><p>2014-05-03 22:51 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Eden\AppData\Local\Temp\DseShExt-x64.dll</p><p>C:\Users\Eden\AppData\Local\Temp\DseShExt-x86.dll</p><p>C:\Users\Eden\AppData\Local\Temp\IeSearchProvider7194736947786751926.exe</p><p>C:\Users\Eden\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\Eden\AppData\Local\Temp\SCC.dll</p><p>C:\Users\Eden\AppData\Local\Temp\SDShelEx-win32.dll</p><p>C:\Users\Eden\AppData\Local\Temp\SDShelEx-x64.dll</p><p>C:\Users\Eden\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Eden\AppData\Local\Temp\SpotifyUpgrader.exe</p><p>C:\Users\Eden\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll</p><p>C:\Users\Eden\AppData\Local\Temp\SymCCIS.dll</p><p>C:\Users\Eden\AppData\Local\Temp\updater_uninstall.exe</p><p>C:\Users\Eden\AppData\Local\Temp\_is517D.exe</p><p>C:\Users\Eden\AppData\Local\Temp\_isA57B.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p></p><p>LastRegBack: 2014-05-16 21:32</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="INEEDHELP, post: 199278, member: 22903"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014 Ran by Eden (administrator) on EDEN-PC on 24-05-2014 02:03:39 Running from C:\Users\Eden\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (The Privoxy team - [url="http://www.privoxy.org"]www.privoxy.org[/url]) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Eden\AppData\Roaming\Spotify\spotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe () C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X] HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify Web Helper] => C:\Users\Eden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd) HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [Spotify] => C:\Users\Eden\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd) HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\Run: [uTorrent] => "C:\Users\Eden\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe" /MINIMIZED HKU\S-1-5-21-2665622378-4205086823-2081650429-1001\...\MountPoints2: E - E:\LaunchU3.exe -a Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ[/url] SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ[/url] SearchScopes: HKCU - {0723DF1D-E97C-424F-92B7-5DA1AC2CF786} URL = [url]http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20140103,19841,FF26,0,&q={searchTerms}[/url] SearchScopes: HKCU - {382A6B64-00AC-4218-975C-99220B7AC39D} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en[/url] SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ[/url] BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\71gquq8y.default-1400903132990 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\[email]linkfilter@kaspersky.ru[/email]_bak [2014-03-29] FF HKLM-x32\...\Firefox\Extensions: [[email]virtualKeyboard@kaspersky.ru[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email]virtualKeyboard@kaspersky.ru[/email] FF HKLM-x32\...\Firefox\Extensions: [[email]linkfilter@kaspersky.ru[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email]linkfilter@kaspersky.ru[/email] Chrome: ======= CHR HomePage: hxxp://google.com/ CHR StartupUrls: "hxxp://mysearch.avg.com?cid={F8203DAD-6EF9-4EB1-9023-8E7A9F26FE7C}&mid=4306625bd35d47d2803639d3c9874292-e129cc86e4d8562779785034f6e4baad2b2c1a3e&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-05-17 22:01:17&v=3.0.0.2&pid=wtu&sg=&sap=hp" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Skype Toolbars) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Eden\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Google Wallet) - C:\Users\Eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-05-24] (SurfRight B.V.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-05-12] () R2 SystemUpdatekb70007; C:\windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2014-05-12] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-24 02:02 - 2014-05-24 02:03 - 00000000 ____D () C:\FRST 2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe 2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe 2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe 2014-05-24 01:54 - 2014-05-24 02:03 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt 2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt 2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe 2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat 2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe 2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader 2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro 2014-05-24 00:29 - 2014-05-24 00:32 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe 2014-05-24 00:28 - 2014-05-24 00:43 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe 2014-05-24 00:25 - 2014-05-24 00:28 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe 2014-05-23 23:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-23 23:35 - 2014-05-24 01:09 - 00000000 ____D () C:\AdwCleaner 2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe 2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-23 23:15 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys 2014-05-23 23:14 - 2014-05-23 23:15 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe 2014-05-23 11:16 - 2014-05-23 11:17 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla 2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update 2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program 2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG 2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG 2014-05-16 20:24 - 2014-05-16 20:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-05-16 20:24 - 2014-05-16 20:28 - 00000000 ____D () C:\ProgramData\AVG 2014-05-16 20:21 - 2014-05-16 20:23 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe 2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys 2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014 2014-05-16 18:32 - 2014-05-20 19:43 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-16 18:32 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software 2014-05-16 18:30 - 2014-05-16 18:33 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG 2014-05-16 18:28 - 2014-05-22 20:40 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-16 18:22 - 2014-05-16 18:24 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe 2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013 2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe 2014-05-16 18:12 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-16 18:12 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-16 18:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-16 18:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-16 18:12 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-16 18:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-16 18:11 - 2014-05-22 20:28 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-16 18:11 - 2014-05-16 18:46 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014 2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData 2014-05-16 18:10 - 2014-05-16 18:11 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe 2014-05-15 11:51 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-15 11:51 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-15 11:51 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-05-15 11:51 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-05-15 11:51 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-05-15 11:51 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-05-15 11:51 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-05-15 11:51 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-05-15 11:51 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-05-15 11:50 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-05-15 11:50 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-05-15 11:50 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-05-15 11:50 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-05-15 11:50 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-05-15 11:50 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-05-15 11:50 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-05-15 11:50 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-05-15 11:50 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-05-15 11:50 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-05-15 11:50 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-05-15 11:50 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2014-05-15 11:50 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll 2014-05-15 11:50 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-05-15 11:50 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-05-15 11:33 - 2014-05-15 11:34 - 00000000 ____D () C:\504068dbb5a199f51b 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys 2014-05-12 20:13 - 2014-05-24 01:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 20:03 - 2014-05-12 20:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-12 20:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 20:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 20:00 - 2014-05-12 20:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache 2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache 2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe 2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe 2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache 2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe 2014-05-12 12:39 - 2014-05-12 13:02 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm 2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6} 2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe 2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe 2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe 2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe 2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe 2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe 2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe 2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe 2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe 2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe 2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe 2014-05-11 20:57 - 2014-05-11 20:58 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe 2014-05-11 19:11 - 2014-05-12 00:19 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp 2014-05-11 19:11 - 2014-05-11 19:14 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload 2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp 2014-05-11 18:22 - 2014-05-11 18:27 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body 2014-05-11 18:10 - 2014-05-12 00:46 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58 2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages 2014-05-11 18:09 - 2014-05-23 23:23 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent 2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator 2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe 2014-05-11 16:01 - 2014-05-16 18:38 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-06 19:50 - 2014-05-07 10:21 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx ==================== One Month Modified Files and Folders ======= 2014-05-24 02:03 - 2014-05-24 02:02 - 00000000 ____D () C:\FRST 2014-05-24 02:03 - 2014-05-24 01:54 - 00021563 _____ () C:\Users\Eden\Downloads\FRST.txt 2014-05-24 02:02 - 2014-05-24 02:02 - 02067456 _____ (Farbar) C:\Users\Eden\Downloads\FRST64.exe 2014-05-24 02:01 - 2014-05-24 02:01 - 01056768 _____ (Farbar) C:\Users\Eden\Downloads\FRST.exe 2014-05-24 01:56 - 2014-05-24 01:56 - 00509424 _____ (a-install) C:\Users\Eden\Downloads\Setup (2).exe 2014-05-24 01:52 - 2014-05-24 01:52 - 00004222 _____ () C:\Users\Eden\Downloads\fixlist.txt 2014-05-24 01:44 - 2011-03-23 22:26 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-24 01:42 - 2011-03-23 22:29 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-05-24 01:33 - 2012-05-22 16:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-24 01:32 - 2014-05-24 01:32 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup (1).exe 2014-05-24 01:32 - 2011-06-22 18:12 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 01:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 01:24 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-24 01:22 - 2011-06-22 17:42 - 01211873 _____ () C:\windows\WindowsUpdate.log 2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Spotify 2014-05-24 01:19 - 2011-11-02 19:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\Spotify 2014-05-24 01:18 - 2014-05-12 20:13 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-24 01:18 - 2011-06-22 18:12 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-24 01:17 - 2014-05-24 01:17 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-24 01:17 - 2010-11-20 23:47 - 01105642 _____ () C:\windows\PFRO.log 2014-05-24 01:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-24 01:17 - 2009-07-14 00:51 - 00126557 _____ () C:\windows\setupact.log 2014-05-24 01:16 - 2014-05-24 01:16 - 00003416 ____N () C:\bootsqm.dat 2014-05-24 01:09 - 2014-05-23 23:35 - 00000000 ____D () C:\AdwCleaner 2014-05-24 01:07 - 2014-05-24 01:07 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210(1).exe 2014-05-24 00:43 - 2014-05-24 00:43 - 00001712 _____ () C:\windows\system32\.crusader 2014-05-24 00:43 - 2014-05-24 00:28 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-24 00:32 - 2014-05-24 00:32 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-05-24 00:32 - 2014-05-24 00:32 - 00000000 ____D () C:\Program Files\HitmanPro 2014-05-24 00:32 - 2014-05-24 00:29 - 10971424 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro_x64.exe 2014-05-24 00:28 - 2014-05-24 00:25 - 10094400 _____ (SurfRight B.V.) C:\Users\Eden\Downloads\HitmanPro.exe 2014-05-24 00:27 - 2014-05-24 00:27 - 00509240 _____ (a-install) C:\Users\Eden\Downloads\Setup.exe 2014-05-23 23:45 - 2013-11-23 17:40 - 00000000 ____D () C:\Users\Eden\Desktop\Old Firefox Data 2014-05-23 23:34 - 2014-05-23 23:34 - 01326389 _____ () C:\Users\Eden\Downloads\adwcleaner_3.210.exe 2014-05-23 23:23 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\uTorrent 2014-05-23 23:15 - 2014-05-23 23:15 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Users\Eden\AppData\Local\VS Revo Group 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-05-23 23:15 - 2014-05-23 23:15 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-23 23:15 - 2014-05-23 23:14 - 07921688 _____ (VS Revo Group ) C:\Users\Eden\Downloads\RevoUninProSetup259.exe 2014-05-23 11:17 - 2014-05-23 11:16 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 22:54 - 2014-05-22 22:54 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Mozilla 2014-05-22 22:54 - 2014-03-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-22 22:53 - 2014-05-22 22:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-22 22:53 - 2014-05-22 22:53 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-22 22:51 - 2014-05-22 22:51 - 00282928 _____ (Mozilla) C:\Users\Eden\Downloads\Firefox Setup Stub 29.0.1.exe 2014-05-22 22:47 - 2011-07-24 00:49 - 00000000 ____D () C:\Users\Eden\AppData\Local\Google 2014-05-22 20:40 - 2014-05-16 18:28 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-22 20:28 - 2014-05-16 18:11 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-05-20 19:43 - 2014-05-16 18:32 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-20 19:43 - 2014-05-16 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-16 20:34 - 2014-05-16 20:34 - 00003856 _____ () C:\windows\System32\Tasks\ScanSoft Background Update 2014-05-16 20:34 - 2014-05-16 20:34 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program 2014-05-16 20:33 - 2014-05-16 20:24 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-05-16 20:33 - 2011-07-26 14:30 - 00000000 ____D () C:\Users\Eden\AppData\Local\Downloaded Installations 2014-05-16 20:33 - 2011-07-26 02:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2014-05-16 20:33 - 2011-06-22 18:06 - 00000000 __HDC () C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F} 2014-05-16 20:28 - 2014-05-16 20:24 - 00000000 ____D () C:\ProgramData\AVG 2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG 2014-05-16 20:25 - 2014-05-16 20:25 - 00000000 ____D () C:\Users\Eden\AppData\Local\AVG 2014-05-16 20:23 - 2014-05-16 20:21 - 70431144 _____ (AVG) C:\Users\Eden\Downloads\avg_tuh_stf_all_2014_423_24c4.exe 2014-05-16 18:46 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2014 2014-05-16 18:43 - 2014-05-16 18:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys 2014-05-16 18:43 - 2011-07-24 00:48 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 18:43 - 2011-07-24 00:46 - 00000000 ___RD () C:\Users\Eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 18:38 - 2014-05-11 16:01 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-16 18:34 - 2014-05-16 18:34 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\AVG2014 2014-05-16 18:33 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-16 18:32 - 2014-05-16 18:32 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\TuneUp Software 2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ___HD () C:\$AVG 2014-05-16 18:24 - 2014-05-16 18:22 - 150896968 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_x86_all_2014_4577a7359.exe 2014-05-16 18:20 - 2014-05-16 18:20 - 00000000 ____D () C:\Users\Eden\AppData\Local\Avg2013 2014-05-16 18:19 - 2014-05-16 18:19 - 01565744 _____ () C:\Users\Eden\Downloads\AVG_Remover_en.exe 2014-05-16 18:18 - 2011-08-05 14:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-16 18:11 - 2014-05-16 18:11 - 00000000 ____D () C:\Users\Eden\AppData\Local\MFAData 2014-05-16 18:11 - 2014-05-16 18:10 - 04485528 _____ (AVG Technologies) C:\Users\Eden\Downloads\avg_free_stb_all_2014_4577_cnet.exe 2014-05-16 17:57 - 2012-05-22 16:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-05-16 17:57 - 2012-05-22 16:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-05-16 17:57 - 2011-09-27 23:23 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 11:34 - 2014-05-15 11:33 - 00000000 ____D () C:\504068dbb5a199f51b 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys 2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 20:04 - 2014-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-12 20:04 - 2012-08-19 19:36 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Malwarebytes 2014-05-12 20:04 - 2012-08-15 12:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-12 20:04 - 2012-08-15 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 20:02 - 2014-05-12 20:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eden\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-12 13:43 - 2014-05-12 13:43 - 00272901 _____ () C:\Users\Eden\AppData\Local\census.cache 2014-05-12 13:43 - 2014-05-12 13:43 - 00082456 _____ () C:\Users\Eden\AppData\Local\ars.cache 2014-05-12 13:39 - 2014-05-12 13:39 - 00000010 _____ () C:\Users\Eden\AppData\Local\sponge.last.runtime.cache 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\wuauclt.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\winlogon.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\TODDSrv.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\taskhost.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\spoolsv.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\smss.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\services.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsm.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\lsass.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxtray.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxsrvc.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxpers.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\igfxext.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\hkcmd.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\Eap3Host.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\dwm.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\csrss.exe 2014-05-12 13:16 - 2014-05-12 13:16 - 00000000 _____ () C:\windows\SysWOW64\conhost.exe 2014-05-12 13:03 - 2014-05-12 13:03 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher (1).exe 2014-05-12 13:03 - 2014-05-12 13:03 - 00000036 _____ () C:\Users\Eden\AppData\Local\housecall.guid.cache 2014-05-12 13:02 - 2014-05-12 12:39 - 05047250 _____ () C:\Users\Eden\Documents\Electron Microscopy Micrograph Atlas.pptm 2014-05-12 12:52 - 2014-05-12 12:52 - 02055784 _____ (Trend Micro Inc.) C:\Users\Eden\Downloads\HousecallLauncher.exe 2014-05-12 00:46 - 2014-05-11 18:10 - 00000000 ____D () C:\ProgramData\3befce80dbcb1c58 2014-05-12 00:45 - 2014-05-12 00:45 - 00003124 _____ () C:\windows\System32\Tasks\{894ACF05-351A-4F33-81D3-AD030D3C0CD6} 2014-05-12 00:19 - 2014-05-11 19:11 - 00017684 ____H () C:\Users\Eden\Documents\~WRL4020.tmp 2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (11).exe 2014-05-11 21:13 - 2014-05-11 21:13 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (10).exe 2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (9).exe 2014-05-11 21:12 - 2014-05-11 21:12 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (8).exe 2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (7).exe 2014-05-11 21:11 - 2014-05-11 21:11 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (6).exe 2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (5).exe 2014-05-11 21:10 - 2014-05-11 21:10 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (4).exe 2014-05-11 21:02 - 2014-05-11 21:02 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (3).exe 2014-05-11 21:01 - 2014-05-11 21:01 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (2).exe 2014-05-11 20:59 - 2014-05-11 20:59 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup (1).exe 2014-05-11 20:58 - 2014-05-11 20:57 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Eden\Downloads\DriverUpdate-setup.exe 2014-05-11 20:02 - 2011-06-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-11 19:14 - 2014-05-11 19:11 - 04979144 _____ (Systweak Inc ) C:\Users\Eden\Downloads\Unconfirmed 703594.crdownload 2014-05-11 19:11 - 2014-05-11 19:11 - 00013291 ____H () C:\Users\Eden\Documents\~WRL0208.tmp 2014-05-11 18:27 - 2014-05-11 18:22 - 00000000 ____D () C:\Users\Eden\Downloads\Beachbody - Rockin' Body 2014-05-11 18:10 - 2014-05-11 18:10 - 00000000 ____D () C:\Users\Eden\AppData\Local\Packages 2014-05-11 18:09 - 2014-05-11 18:09 - 02270232 _____ () C:\Users\Eden\Downloads\download(1).exe 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Guest 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Roaming\Wise 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Eden\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-05-11 18:09 - 2014-05-11 18:09 - 00000000 ____D () C:\Users\Administrator 2014-05-11 18:08 - 2014-05-11 18:08 - 02270232 _____ () C:\Users\Eden\Downloads\download.exe 2014-05-09 02:14 - 2014-05-15 11:51 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-09 02:11 - 2014-05-15 11:51 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-07 23:27 - 2011-06-22 18:12 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-07 23:27 - 2011-06-22 18:12 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-07 10:21 - 2014-05-06 19:50 - 00268497 _____ () C:\Users\Eden\Documents\MI798.pptx 2014-05-06 00:40 - 2014-05-16 18:12 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-06 00:17 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-05 23:25 - 2014-05-16 18:12 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-05 23:07 - 2014-05-16 18:12 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-05 23:00 - 2014-05-16 18:12 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-05-05 22:10 - 2014-05-16 18:12 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-05-03 22:51 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache Some content of TEMP: ==================== C:\Users\Eden\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Eden\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Eden\AppData\Local\Temp\IeSearchProvider7194736947786751926.exe C:\Users\Eden\AppData\Local\Temp\Quarantine.exe C:\Users\Eden\AppData\Local\Temp\SCC.dll C:\Users\Eden\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Eden\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Eden\AppData\Local\Temp\SkypeSetup.exe C:\Users\Eden\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Eden\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Eden\AppData\Local\Temp\SymCCIS.dll C:\Users\Eden\AppData\Local\Temp\updater_uninstall.exe C:\Users\Eden\AppData\Local\Temp\_is517D.exe C:\Users\Eden\AppData\Local\Temp\_isA57B.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-16 21:32 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
