Solved Multiple iexplore.exe keeps trying to run

JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by User on Fri 05/30/2014 at 7:18:26.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/30/2014 at 7:28:38.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST.txt log 1 of 3
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by User (administrator) on USER-PC on 30-05-2014 07:31:46
Running from C:\Users\User\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16334368 2009-07-23] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKU\S-1-5-21-3350918055-2160733641-3793535056-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKU\S-1-5-21-3350918055-2160733641-3793535056-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-02] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA2F8E59F2FC0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - 2855B4445CCC405295F7621BB068D8EF URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpn.optelian.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.ca/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\AuthenTec TrueSuite\npffwloplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: CallChannelCollection Class - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\Extensions\{42FD616E-8701-12EE-EBFC-237D964BB679} [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-25]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A210US0&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (CallChannelCollection Class) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03]
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-13]
CHR Extension: (Website Logon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iihnfacppckhlolhipenbiachkjioanm [2013-10-03]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-06]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [iihnfacppckhlolhipenbiachkjioanm] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-03-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-25] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [296776 2012-04-23] (AuthenTec, Inc)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-08-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-04-23] (McAfee, Inc.)
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14243 2013-10-18] ()
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation)
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-25] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================
 
FRST.txt log 2 of 3
==================== One Month Created Files and Folders ========

2014-05-30 07:31 - 2014-05-30 07:31 - 00021240 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-30 07:31 - 2014-05-30 07:31 - 00000000 ____D () C:\FRST
2014-05-30 07:28 - 2014-05-30 07:28 - 00000632 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-29 23:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 23:23 - 2014-05-29 23:30 - 00000000 ____D () C:\AdwCleaner
2014-05-29 23:23 - 2014-05-29 23:21 - 02066944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-29 23:21 - 2014-05-29 23:21 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-29 23:21 - 2014-05-29 23:20 - 01327971 _____ () C:\Users\User\Desktop\adwcleaner_3.211.exe
2014-05-29 23:20 - 2014-05-29 23:21 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-29 23:20 - 2014-05-29 23:21 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-05-29 23:20 - 2014-05-29 23:20 - 01327971 _____ () C:\Users\User\Downloads\adwcleaner_3.211.exe
2014-05-29 00:19 - 2014-05-29 00:19 - 00023353 _____ () C:\ComboFix.txt
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Dan\AppData\Local\temp
2014-05-28 21:08 - 2014-05-28 21:13 - 05203612 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-27 23:01 - 2014-05-27 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 22:57 - 2014-05-29 00:05 - 00000000 ____D () C:\VirusFix2
2014-05-27 22:24 - 2014-05-27 22:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1009.exe
2014-05-27 22:19 - 2014-05-27 22:19 - 00001630 _____ () C:\Users\User\Desktop\RKreport[0]_D_05272014_221901.txt
2014-05-27 22:17 - 2014-05-27 22:17 - 00001549 _____ () C:\Users\User\Desktop\RKreport[0]_S_05272014_221732.txt
2014-05-27 22:04 - 2014-05-27 21:53 - 03972608 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-05-27 21:53 - 2014-05-27 21:53 - 00023756 _____ () C:\Users\User\Desktop\dds.txt
2014-05-27 21:52 - 2014-05-27 21:53 - 03972608 _____ () C:\Users\User\Downloads\RogueKiller (1).exe
2014-05-27 00:16 - 2014-05-27 00:16 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-05-27 00:01 - 2014-05-27 00:01 - 00002136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-05-27 00:01 - 2014-05-27 00:01 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-05-27 00:01 - 2014-05-27 00:01 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-05-27 00:00 - 2014-05-27 00:01 - 03379056 _____ () C:\Users\User\Downloads\advisorinstaller.exe
2014-05-26 19:27 - 2014-05-26 19:27 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-26 19:05 - 2014-05-26 19:06 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2014-05-26 06:42 - 2014-05-27 21:53 - 00048924 _____ () C:\Users\User\Desktop\attach.txt
2014-05-26 06:38 - 2014-05-26 06:38 - 00001060 _____ () C:\Users\User\Desktop\malwarebytes.txt
2014-05-26 00:17 - 2014-05-30 07:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:17 - 2014-05-27 22:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 00:17 - 2014-05-26 00:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 00:17 - 2014-05-26 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 00:17 - 2014-05-26 00:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-26 00:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 00:13 - 2014-05-26 00:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 21:25 - 2014-05-25 21:27 - 00854367 _____ () C:\Users\User\Downloads\SecurityCheck.exe
2014-05-25 21:04 - 2014-05-25 21:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-25 19:51 - 2014-05-29 00:19 - 00000000 ____D () C:\Qoobox
2014-05-25 19:51 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-25 19:51 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-25 19:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-25 19:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-25 19:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-25 19:51 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-25 19:51 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-25 19:51 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-25 19:50 - 2014-05-25 20:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 18:08 - 2014-05-27 22:19 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-05-25 17:07 - 2014-05-25 17:07 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 17:07 - 2014-05-25 17:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 17:07 - 2014-05-25 17:07 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-25 17:07 - 2014-05-25 17:07 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-25 17:07 - 2014-05-25 17:07 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 17:07 - 2014-05-25 17:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 17:07 - 2014-05-25 17:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 17:07 - 2014-05-25 17:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 17:07 - 2014-05-25 17:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 17:07 - 2014-05-25 17:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 17:07 - 2014-05-25 17:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-25 16:44 - 2014-05-25 16:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-25 16:44 - 2014-05-25 16:44 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-25 16:44 - 2014-05-25 16:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-25 16:39 - 2014-05-25 17:10 - 00014253 _____ () C:\Windows\IE11_main.log
2014-05-25 14:57 - 2014-05-30 07:14 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-25 14:56 - 2014-05-25 18:02 - 00001417 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-25 14:47 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-25 14:45 - 2014-05-25 14:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 14:45 - 2014-05-25 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-05-25 14:45 - 2014-05-25 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 14:44 - 2014-05-25 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-25 14:38 - 2014-05-25 14:44 - 36818984 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2014-05-25 14:37 - 2014-05-25 14:45 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-25 14:37 - 2014-05-25 14:45 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-25 14:37 - 2014-05-25 14:45 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401043504699
2014-05-25 14:37 - 2014-05-25 14:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401043504699
2014-05-25 14:37 - 2014-05-25 14:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-25 14:37 - 2014-05-25 14:37 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-25 14:37 - 2014-05-25 14:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-25 14:29 - 2014-05-25 14:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 14:29 - 2014-05-25 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\jrzpxmnx.sys
2014-05-25 14:29 - 2014-05-25 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\dildpmqz.sys
2014-05-25 14:16 - 2014-05-25 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 14:15 - 2014-05-25 13:33 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-05-25 13:58 - 2014-05-26 07:17 - 00000000 ____D () C:\VirusFix
2014-05-25 13:52 - 2014-05-25 13:52 - 00448512 _____ (OldTimer Tools) C:\Users\User\Downloads\TFC.exe
2014-05-25 13:51 - 2014-05-25 13:51 - 00410112 _____ (Farbar) C:\Users\User\Downloads\FSS.exe
2014-05-25 13:49 - 2014-05-25 13:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2014-05-25 13:49 - 2014-05-25 13:49 - 01326389 _____ () C:\Users\User\Downloads\adwcleaner_3.210.exe
2014-05-25 13:49 - 2014-05-25 13:49 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-05-25 13:43 - 2014-05-25 13:49 - 05200426 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-05-25 13:39 - 2014-05-25 13:44 - 04745728 _____ (AVAST Software) C:\Users\User\Downloads\aswMBR.exe
2014-05-25 13:38 - 2014-05-25 13:39 - 03972608 _____ () C:\Users\User\Downloads\RogueKiller.exe
2014-05-25 13:33 - 2014-05-25 13:33 - 00688992 _____ (Swearware) C:\Users\User\Downloads\dds.com
2014-05-25 13:31 - 2014-05-25 14:10 - 94714880 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2014-05-23 12:33 - 2014-05-23 12:33 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Adobe
2014-05-23 12:32 - 2014-05-23 12:32 - 00111712 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 12:31 - 2014-05-23 12:32 - 00000000 ____D () C:\Users\Dan\AppData\Local\Toshiba
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan\Documents\Bluetooth
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\KeepSafe
2014-05-23 12:30 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan
2014-05-23 12:30 - 2014-05-23 12:30 - 00000020 ___SH () C:\Users\Dan\ntuser.ini
2014-05-23 12:30 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-23 12:30 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-23 10:16 - 2014-05-23 10:16 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-22 23:45 - 2014-05-22 23:45 - 00044607 _____ () C:\Users\User\Downloads\bootkit_remover.zip
2014-05-22 23:13 - 2014-05-30 07:18 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 17:58 - 2014-05-02 17:58 - 00000054 _____ () C:\Users\User\Documents\HydroOne.txt
 
FRST.txt log part 3 of 3
==================== One Month Modified Files and Folders =======

2014-05-30 07:31 - 2014-05-30 07:31 - 00021240 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-30 07:31 - 2014-05-30 07:31 - 00000000 ____D () C:\FRST
2014-05-30 07:31 - 2013-10-01 23:15 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-05-30 07:28 - 2014-05-30 07:28 - 00000632 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-30 07:18 - 2014-05-22 23:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 07:14 - 2014-05-25 14:57 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-30 07:12 - 2014-05-26 00:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 07:12 - 2013-10-03 08:03 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 07:02 - 2009-07-14 00:45 - 00030816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 07:02 - 2009-07-14 00:45 - 00030816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 06:38 - 2013-10-03 08:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 23:35 - 2013-10-02 01:12 - 00323030 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 23:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-29 23:31 - 2010-11-20 23:47 - 00018764 _____ () C:\Windows\PFRO.log
2014-05-29 23:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 23:31 - 2009-07-14 00:51 - 00035082 _____ () C:\Windows\setupact.log
2014-05-29 23:30 - 2014-05-29 23:23 - 00000000 ____D () C:\AdwCleaner
2014-05-29 23:23 - 2013-10-18 21:15 - 00001532 _____ () C:\Windows\phpdesigner.ini
2014-05-29 23:21 - 2014-05-29 23:23 - 02066944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-29 23:21 - 2014-05-29 23:21 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-29 23:21 - 2014-05-29 23:20 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-29 23:21 - 2014-05-29 23:20 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-05-29 23:20 - 2014-05-29 23:21 - 01327971 _____ () C:\Users\User\Desktop\adwcleaner_3.211.exe
2014-05-29 23:20 - 2014-05-29 23:20 - 01327971 _____ () C:\Users\User\Downloads\adwcleaner_3.211.exe
2014-05-29 00:19 - 2014-05-29 00:19 - 00023353 _____ () C:\ComboFix.txt
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-29 00:19 - 2014-05-29 00:19 - 00000000 ____D () C:\Users\Dan\AppData\Local\temp
2014-05-29 00:19 - 2014-05-25 19:51 - 00000000 ____D () C:\Qoobox
2014-05-29 00:16 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 00:05 - 2014-05-27 22:57 - 00000000 ____D () C:\VirusFix2
2014-05-28 22:00 - 2013-10-23 19:10 - 00000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2014-05-28 21:13 - 2014-05-28 21:08 - 05203612 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-27 23:12 - 2014-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 22:57 - 2014-05-26 00:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 22:27 - 2014-05-27 22:24 - 12589848 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1009.exe
2014-05-27 22:19 - 2014-05-27 22:19 - 00001630 _____ () C:\Users\User\Desktop\RKreport[0]_D_05272014_221901.txt
2014-05-27 22:19 - 2014-05-25 18:08 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-05-27 22:17 - 2014-05-27 22:17 - 00001549 _____ () C:\Users\User\Desktop\RKreport[0]_S_05272014_221732.txt
2014-05-27 22:15 - 2013-10-17 23:11 - 00000600 _____ () C:\Users\User\AppData\Roaming\winscp.rnd
2014-05-27 21:53 - 2014-05-27 22:04 - 03972608 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-05-27 21:53 - 2014-05-27 21:53 - 00023756 _____ () C:\Users\User\Desktop\dds.txt
2014-05-27 21:53 - 2014-05-27 21:52 - 03972608 _____ () C:\Users\User\Downloads\RogueKiller (1).exe
2014-05-27 21:53 - 2014-05-26 06:42 - 00048924 _____ () C:\Users\User\Desktop\attach.txt
2014-05-27 00:16 - 2014-05-27 00:16 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-05-27 00:16 - 2013-10-01 23:16 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-05-27 00:01 - 2014-05-27 00:01 - 00002136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-05-27 00:01 - 2014-05-27 00:01 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-05-27 00:01 - 2014-05-27 00:01 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-05-27 00:01 - 2014-05-27 00:00 - 03379056 _____ () C:\Users\User\Downloads\advisorinstaller.exe
2014-05-26 19:27 - 2014-05-26 19:27 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-26 19:06 - 2014-05-26 19:05 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2014-05-26 07:17 - 2014-05-25 13:58 - 00000000 ____D () C:\VirusFix
2014-05-26 06:40 - 2013-11-08 15:58 - 00000000 ____D () C:\bak
2014-05-26 06:38 - 2014-05-26 06:38 - 00001060 _____ () C:\Users\User\Desktop\malwarebytes.txt
2014-05-26 00:17 - 2014-05-26 00:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 00:17 - 2014-05-26 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 00:17 - 2014-05-26 00:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-26 00:17 - 2013-11-08 16:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-05-26 00:17 - 2013-11-08 16:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:15 - 2014-05-26 00:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 21:27 - 2014-05-25 21:25 - 00854367 _____ () C:\Users\User\Downloads\SecurityCheck.exe
2014-05-25 21:04 - 2014-05-25 21:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-25 20:07 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-25 20:06 - 2014-05-25 19:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 18:02 - 2014-05-25 14:56 - 00001417 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-25 17:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-25 17:17 - 2009-07-14 01:13 - 00892956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 17:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-25 17:10 - 2014-05-25 16:39 - 00014253 _____ () C:\Windows\IE11_main.log
2014-05-25 17:07 - 2014-05-25 17:07 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 17:07 - 2014-05-25 17:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 17:07 - 2014-05-25 17:07 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-25 17:07 - 2014-05-25 17:07 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-25 17:07 - 2014-05-25 17:07 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-25 17:07 - 2014-05-25 17:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-25 17:07 - 2014-05-25 17:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-25 17:07 - 2014-05-25 17:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-25 17:07 - 2014-05-25 17:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-25 17:07 - 2014-05-25 17:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-25 17:07 - 2014-05-25 17:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-25 17:07 - 2014-05-25 17:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-25 17:07 - 2014-05-25 17:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-25 16:45 - 2014-05-25 16:45 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-05-25 16:45 - 2014-05-25 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-25 16:44 - 2014-05-25 16:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-25 16:44 - 2014-05-25 16:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-25 16:44 - 2014-05-25 16:44 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-25 16:44 - 2014-05-25 16:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-25 15:36 - 2014-05-25 14:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-25 14:50 - 2014-05-25 14:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-25 14:45 - 2014-05-25 14:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 14:45 - 2014-05-25 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-05-25 14:45 - 2014-05-25 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 14:45 - 2014-05-25 14:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-25 14:45 - 2014-05-25 14:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-25 14:45 - 2014-05-25 14:37 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-25 14:44 - 2014-05-25 14:38 - 36818984 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2014-05-25 14:37 - 2014-05-25 14:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401043504699
2014-05-25 14:37 - 2014-05-25 14:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401043504699
2014-05-25 14:37 - 2014-05-25 14:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-25 14:37 - 2014-05-25 14:37 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-25 14:37 - 2014-05-25 14:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-25 14:37 - 2014-05-25 14:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-25 14:33 - 2014-05-25 14:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 14:30 - 2014-03-28 10:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-25 14:29 - 2014-05-25 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\jrzpxmnx.sys
2014-05-25 14:29 - 2014-05-25 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\dildpmqz.sys
2014-05-25 14:16 - 2014-05-25 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 14:10 - 2014-05-25 13:31 - 94714880 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2014-05-25 13:54 - 2014-05-25 13:49 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2014-05-25 13:52 - 2014-05-25 13:52 - 00448512 _____ (OldTimer Tools) C:\Users\User\Downloads\TFC.exe
2014-05-25 13:51 - 2014-05-25 13:51 - 00410112 _____ (Farbar) C:\Users\User\Downloads\FSS.exe
2014-05-25 13:49 - 2014-05-25 13:49 - 01326389 _____ () C:\Users\User\Downloads\adwcleaner_3.210.exe
2014-05-25 13:49 - 2014-05-25 13:49 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-05-25 13:49 - 2014-05-25 13:43 - 05200426 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-05-25 13:44 - 2014-05-25 13:39 - 04745728 _____ (AVAST Software) C:\Users\User\Downloads\aswMBR.exe
2014-05-25 13:39 - 2014-05-25 13:38 - 03972608 _____ () C:\Users\User\Downloads\RogueKiller.exe
2014-05-25 13:33 - 2014-05-25 14:15 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-05-25 13:33 - 2014-05-25 13:33 - 00688992 _____ (Swearware) C:\Users\User\Downloads\dds.com
2014-05-23 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-23 17:15 - 2013-10-03 08:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 15:19 - 2013-10-18 07:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-05-23 15:19 - 2013-10-17 23:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-23 15:19 - 2013-10-17 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-23 15:19 - 2013-10-03 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-23 15:19 - 2013-10-02 01:53 - 00000000 ____D () C:\Windows\AutoKMS
2014-05-23 15:19 - 2013-10-02 01:49 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-05-23 15:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-23 15:18 - 2013-10-17 23:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-05-23 15:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-23 15:14 - 2013-10-04 20:02 - 00000000 ____D () C:\Projects
2014-05-23 12:35 - 2014-04-29 18:41 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-05-23 12:33 - 2014-05-23 12:33 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Adobe
2014-05-23 12:32 - 2014-05-23 12:32 - 00111712 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 12:32 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan\AppData\Local\Toshiba
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan\Documents\Bluetooth
2014-05-23 12:31 - 2014-05-23 12:31 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\KeepSafe
2014-05-23 12:31 - 2014-05-23 12:30 - 00000000 ____D () C:\Users\Dan
2014-05-23 12:30 - 2014-05-23 12:30 - 00000020 ___SH () C:\Users\Dan\ntuser.ini
2014-05-23 12:06 - 2013-10-18 20:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-23 11:47 - 2009-07-14 01:08 - 00014928 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-23 11:38 - 2013-11-09 07:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-23 11:33 - 2013-10-03 08:03 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-23 11:33 - 2013-10-03 08:03 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-23 11:22 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-23 10:17 - 2013-10-18 21:20 - 00000000 ____D () C:\tmp
2014-05-23 10:16 - 2014-05-23 10:16 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-22 23:45 - 2014-05-22 23:45 - 00044607 _____ () C:\Users\User\Downloads\bootkit_remover.zip
2014-05-12 07:26 - 2014-05-26 00:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-11-08 16:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 21:50 - 2013-10-09 20:34 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-05-02 17:58 - 2014-05-02 17:58 - 00000054 _____ () C:\Users\User\Documents\HydroOne.txt
2014-05-01 09:09 - 2013-10-04 20:22 - 00000061 _____ () C:\Users\User\Documents\Freelancer.txt

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 00:01

==================== End Of Log ============================
 
Addition.txt log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by User at 2014-05-30 07:32:28
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.302.109 - ALPS ELECTRIC CO., LTD.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{DB7812C8-D23E-41B4-B655-4C3D93662EBD}) (Version: 5.2.2.62 - AuthenTec, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java(TM) 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 37 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416037FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Development Kit 6 Update 37 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160370}) (Version: 1.6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.129 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{4C5FFB59-6222-45CA-9257-EFB93D5E1756}) (Version: 5.1.26 - Oracle Corporation)
MySQL Connector Net 6.7.4 (HKLM-x32\...\{D6952EDA-6AC4-4480-A060-BD6025B15BAD}) (Version: 6.7.4 - Oracle)
MySQL Connector/ODBC 5.2 (HKLM\...\{6F4E90AC-3B32-4631-A9E5-5CC0186CA97B}) (Version: 5.2.6 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{D5080D2C-37D0-4701-B74D-4A7449584E6D}) (Version: 5.6.14 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation)
MySQL For Excel 1.1.3 (HKLM-x32\...\{F8D0595A-C8F0-40FF-8246-AA655EF0A3BA}) (Version: 1.1.3 - Oracle)
MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle)
MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PHP Designer 2005 3.0.6 (HKLM-x32\...\PHP Designer 2005) (Version: 3.0.6 - MPSOFTWARE)
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.63.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.63.02 - RICOH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
WampServer 2.2 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-1 - BitNami)

==================== Restore Points =========================

25-05-2014 17:43:19 BadVirusExplorer
25-05-2014 18:24:06 Windows Modules Installer
25-05-2014 18:35:20 avast! antivirus system restore point
25-05-2014 18:48:16 Windows Modules Installer
25-05-2014 20:42:51 Windows Modules Installer
25-05-2014 23:00:09 BeforeComboFix
28-05-2014 02:23:31 PostRogueKiller

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-05-25 20:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14D9F0B0-A373-4A74-9D06-FDFBBFE988E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {253911EB-107A-4F9A-A668-00504322B196} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30B80A5A-66C6-4DD3-94B1-C14BD3E1E538} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4EFDA951-60DF-4457-8FA4-28C3D4437483} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {65A07B7F-69BF-4D95-B120-583B573F0618} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {807F47FD-CB78-4CC2-ACE7-DD1C81A74515} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-10-02] ()
Task: {DC3A5887-041B-47BB-8952-C47A994BCF5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03] (Google Inc.)
Task: {E7B87C31-8F96-4077-97BD-8EB53F025787} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F1A98C37-7F90-4FA0-AC6F-812A6ABCCC31} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-25] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-18 07:58 - 2013-10-08 05:49 - 00176640 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2013-10-18 07:59 - 2012-08-14 09:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2012-04-23 02:12 - 2012-04-23 02:12 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-04-23 02:11 - 2012-04-23 02:11 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-04 20:20 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-30 03:32 - 2014-05-30 03:32 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14053000\algo.dll
2012-10-01 21:37 - 2012-10-01 21:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-25 14:37 - 2014-05-25 14:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: wampapache => 3
MSCONFIG\Services: wampmysqld => 3
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: KeepSafe => "C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" /startup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: Intel(R) 82567LM Gigabit Network Connection
Description: Intel(R) 82567LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1yexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-05-25 19:59:56.538
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-25 19:59:56.507
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 4027.23 MB
Available physical RAM: 2601.21 MB
Total Pagefile: 8052.63 MB
Available Pagefile: 6237.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:170.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 64B5CA91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Looks good.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Checkup.txt log
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Java(TM) 6 Update 14
Java 7 Update 45
Java version out of Date!
Adobe Reader XI
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.116
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
FSS.txt log
Farbar Service Scanner Version: 21-05-2014
Ran by User (administrator) on 30-05-2014 at 23:15:27
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Ok all done, I forgot to disable my antivirus on running ESetScan but it seemed to work ok anyway, log is below:

C:\cnet_CallGraphSetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
 
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thanks very much, really appreciated.
I am actually a Java programmer and I think I will skip the upgrading to latest version part as I configured to use the current version (another 1.7 version) in a lot of places and would be a pain to change it. I also think it's unlikely that having a slightly more minor version of Java would make any difference security-wise, unless you feel strongly otherwise?
I'll wait for your response and then clean up the tools and do other suggestions.

Thanks again,
Dan
 
Outdated Java may be dangerous but if it's necessary for your job I can't force you to update :)
 
Hi,
Sorry to bother you again, I think all is fine on my system in terms of malware, it's just I got that "Windows is not genuine" message back again - is it ok if I just run the previous instructions? They are below just to refresh your memory:

1) Click the Start button
2) Type: CMD.exe in the start search field
3) Right-Click on CMD.exe and select Run as Administrator
4) Type: net stop sppsvc (it may ask you if you are sure, select yes)
5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
6) Type: rename tokens.dat tokens.bar

7) Type: cd %windir%\system32

8) Type: net start sppsvc

9) Type: slui.exe
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
540
Mark Fuller
M
Shawn Knight
Bad actors are tempting T-Mobile employees with cash rewards to perform SIM swaps
Replies
12
Views
113
BuckarooBonzaii
B

Latest posts

Back