Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Alicia (administrator) on ALICIA-HP on 10-05-2014 13:15:26
Running from C:\Users\Alicia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2552856 2014-04-21] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777 --CMPID 0913a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {43ac5068-5432-11e2-959b-2c768ae29f07} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {aec6d3b1-4fa5-11e2-941b-2c768ae29f07} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {b285fc39-4d00-11e2-ba06-2c768ae29f07} - F:\MotorolaDeviceManagerSetup.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20120205,17118,0,18,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
crossriderapp1950@crossrider.com] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-02-02]
Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL:
http://mysearch.avg.com/search?cid=...ng=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]
CHR Extension: (RewardsArcade Suite) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 vToolbarUpdater3.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\ToolbarUpdater.exe [1801240 2014-04-21] (AVG Secure Search)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-21] (AVG Technologies)
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-10 13:15 - 2014-05-10 13:16 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:14 - 2014-05-10 13:15 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-09 20:18 - 2014-05-10 13:15 - 00000000 ____D () C:\FRST
2014-05-09 10:15 - 2014-05-09 10:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:15 - 2014-05-09 10:12 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:57 - 2014-05-09 09:58 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:57 - 2014-05-09 09:51 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:57 - 2014-05-09 09:47 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:57 - 2014-05-09 09:47 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:36 - 2014-05-09 09:47 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-03 11:52 - 2014-05-09 09:59 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 11:49 - 2014-05-10 13:13 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 10:05 - 2014-04-22 06:13 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-21 10:05 - 2014-04-22 06:09 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:03 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-21 10:04 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-11 08:55 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 08:55 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 08:55 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 08:55 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 08:55 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 08:55 - 2013-12-24 09:42 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 08:53 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 08:08 - 2014-04-10 08:28 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== One Month Modified Files and Folders =======
2014-05-10 17:12 - 2012-01-14 16:15 - 00000000 ____D () C:\Users\Alicia
2014-05-10 13:16 - 2014-05-10 13:15 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:15 - 2014-05-10 13:14 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-10 13:15 - 2014-05-09 20:18 - 00000000 ____D () C:\FRST
2014-05-10 13:13 - 2014-05-03 11:49 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 13:13 - 2009-07-14 00:51 - 00084048 _____ () C:\Windows\setupact.log
2014-05-09 13:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-09 10:13 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:12 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:59 - 2014-05-03 11:52 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 09:58 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:51 - 2014-05-09 09:57 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:47 - 2014-05-09 09:57 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:47 - 2014-05-09 09:57 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:47 - 2014-05-09 09:36 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:41 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 11:57 - 2012-01-14 13:21 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{406271A2-5C4F-4B73-A93B-115D35C5CAA7}
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 13:02 - 2011-04-09 17:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-04-29 17:13 - 2013-08-13 17:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 17:09 - 2010-11-20 23:47 - 00360316 _____ () C:\Windows\PFRO.log
2014-04-28 16:06 - 2012-04-01 09:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-26 10:19 - 2014-02-19 17:49 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAlicia
2014-04-22 06:13 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-22 06:10 - 2012-01-24 19:35 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\Skype
2014-04-22 06:09 - 2014-04-21 10:05 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-21 10:03 - 2014-04-21 10:05 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-13 18:34 - 2012-01-30 15:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-12 19:17 - 2014-04-02 17:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-04-12 18:59 - 2013-08-13 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 18:46 - 2013-08-13 19:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 12:18 - 2011-04-09 17:13 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-04-10 08:28 - 2014-04-10 08:08 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 06:51
==================== End Of Log ============================