WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unwanted pop ups and programs on computer - please help [Solved]

Started by kunash , Jul 02 2014 03:13 AM

This topic is locked

44 replies to this topic

#16 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 02 July 2014 - 11:35 AM

Did you see my reply a few posts back about running Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#17 kunash

Authentic Member

Authentic Member
73 posts

Posted 02 July 2014 - 11:37 AM

I ran malware and everything seemed to go ok - all were quaranteened.

after reboot I opened malware again, and this is the only log I could get.

thank you for your help so far. I will now call it a night

cheers. check again in the morning

Attached Files

mal3.txt 83.87KB 266 downloads

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 02 July 2014 - 11:53 AM

Your daughter has been quite busy :blush:

Ask her if she has a banking account that she accesses online or a credit card that she does online purchases with. Ask her how she would feel if by clicking on anything that shows up that her banking info as far as log on and password and credit card where compromised, how would she feel then. Because what I am seeing what is being removed she is heading in that direction. Just my observation. Besides cleaning computers we like to educate people on keeping safe online.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 kunash

Authentic Member

Authentic Member
73 posts

Posted 03 July 2014 - 12:02 AM

here are the additions and FRST log

thanks

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014

Ran by monthita (administrator) on HOUSE on 03-07-2014 06:58:51

Running from C:\Users\monthita\Desktop

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\Windows\System32\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-08] (RealNetworks, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3474511871-1524528776-1052004353-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)

HKU\S-1-5-21-3474511871-1524528776-1052004353-1001\...\Run: [Facebook Update] => C:\Users\monthita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-01-06] (Facebook Inc.)

Startup: C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1005\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1004\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM - {05C12E4C-6291-43F6-8C07-BBD3B3EF5E18} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {15D811D6-979A-4DA0-9B21-A6E02AEABAEF} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM - {1B0AEC5F-9979-4A64-8A2F-8014547A8D26} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73

SearchScopes: HKCU - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)

BHO-x32: PETN - {6918B055-65BB-46DF-A1EA-18728587BC31} - C:\Users\monthita\AppData\Local\TidyNetwork\petn.dll No File

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport.dll No File

Toolbar: HKCU - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\monthita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\monthita\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: avsoftware.org/safesearch - C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)

FF Plugin HKCU: BearSharePlugin - C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2014-07-02]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013-10-16]

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]

Chrome:

=======

CHR HomePage: hxxp://start.hometab.com/?1=1__PARAM__

CHR StartupUrls: "https://www.google.co.uk/"

CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Google Docs) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]

CHR Extension: (Google Drive) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]

CHR Extension: (YouTube) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]

CHR Extension: (Google Search) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]

CHR Extension: (Google Wallet) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]

CHR Extension: (Gmail) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140701.033\ENG64.SYS [126040 2014-07-02] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140701.033\EX64.SYS [2099288 2014-07-02] (Symantec Corporation)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-15] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-03 06:58 - 2014-07-03 06:59 - 00018989 _____ () C:\Users\monthita\Desktop\FRST.txt

2014-07-03 06:58 - 2014-07-03 06:58 - 00000000 ____D () C:\FRST

2014-07-03 06:57 - 2014-07-03 06:57 - 02083840 _____ (Farbar) C:\Users\monthita\Desktop\FRST64.exe

2014-07-02 18:34 - 2014-07-02 18:34 - 00085885 _____ () C:\Users\monthita\Desktop\mal3.txt

2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal2.txt

2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal.txt

2014-07-02 18:15 - 2014-07-02 18:30 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-02 18:14 - 2014-07-02 18:14 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-02 18:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-02 18:14 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-07-02 18:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-02 18:10 - 2014-07-02 18:10 - 00001877 _____ () C:\Users\monthita\Desktop\AdwCleaner[S6].txt

2014-07-02 17:59 - 2014-07-02 17:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\monthita\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-02 17:54 - 2014-07-02 17:54 - 00001757 _____ () C:\Users\monthita\Desktop\AdwCleaner[S5].txt

2014-07-02 17:21 - 2014-07-02 17:21 - 00001637 _____ () C:\Users\monthita\Desktop\AdwCleaner[S4].txt

2014-07-02 16:57 - 2014-07-02 16:57 - 00001517 _____ () C:\Users\monthita\Desktop\AdwCleaner[S3].txt

2014-07-02 16:42 - 2014-07-02 16:42 - 00001397 _____ () C:\Users\monthita\Desktop\AdwCleaner[S2].txt

2014-07-02 16:27 - 2014-07-02 16:27 - 00001454 _____ () C:\Users\monthita\Desktop\AdwCleaner[S1].txt

2014-07-02 16:02 - 2014-07-02 16:02 - 00026433 _____ () C:\Users\monthita\Desktop\AdwCleaner[S0].txt

2014-07-02 16:02 - 2014-07-02 16:02 - 00000000 ____D () C:\WINDOWS\LastGood

2014-07-02 15:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-07-02 14:57 - 2014-07-02 18:06 - 00000000 ____D () C:\AdwCleaner

2014-07-02 14:55 - 2014-07-02 14:55 - 00016962 _____ () C:\Users\monthita\Desktop\JRT.txt

2014-07-02 14:51 - 2014-07-02 14:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-02 14:49 - 2014-07-02 14:49 - 01016261 _____ (Thisisu) C:\Users\monthita\Desktop\JRT.exe

2014-07-02 14:44 - 2014-07-02 14:44 - 00003053 _____ () C:\Users\monthita\Desktop\aswMBR.txt

2014-07-02 14:44 - 2014-07-02 14:44 - 00000512 _____ () C:\Users\monthita\Desktop\MBR.dat

2014-07-02 14:43 - 2014-07-02 14:43 - 01346519 _____ () C:\Users\monthita\Desktop\AdwCleaner.exe

2014-07-02 14:35 - 2014-07-02 14:35 - 05185536 _____ (AVAST Software) C:\Users\monthita\Desktop\aswmbr[1].exe

2014-07-02 09:21 - 2014-07-02 09:21 - 00015999 _____ () C:\Users\monthita\Desktop\hijackthis.log

2014-07-02 09:17 - 2014-07-02 09:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\monthita\Desktop\HiJackThis.exe

2014-07-02 09:01 - 2014-07-02 09:20 - 00000436 _____ () C:\Users\monthita\Desktop\rrr.txt

2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2014-06-29 15:57 - 2014-06-29 15:57 - 00014143 _____ () C:\Users\bend-_000\Desktop\images

2014-06-28 12:43 - 2014-06-28 12:43 - 00000000 ____D () C:\Users\bend-_000\AppData\Local\Intel_Corporation

2014-06-22 17:54 - 2009-09-30 17:01 - 00000170 ____R () C:\2009-09-30 1700.wpl

2014-06-22 17:03 - 2014-06-22 17:06 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk

2014-06-22 17:03 - 2014-06-22 17:06 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk

2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare

2014-06-22 16:54 - 2014-06-22 16:54 - 00000000 ____D () C:\Users\monthita\AppData\Local\MediaDrug

2014-06-22 16:53 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (2).exe

2014-06-22 16:52 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (1).exe

2014-06-22 16:52 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug.exe

2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (9).jar

2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (8).jar

2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Desktop\Mineshafter-launcher (9).jar

2014-06-21 20:17 - 2014-06-21 20:17 - 00000540 _____ () C:\Users\monthita\Documents\url.htm

2014-06-21 20:03 - 2014-06-21 20:03 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk

2014-06-21 20:03 - 2014-06-21 20:03 - 00001190 _____ () C:\Users\Public\Desktop\PhotoStage Slideshow Producer.lnk

2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Users\monthita\Documents\VideoPad Projects

2014-06-21 20:02 - 2014-06-30 10:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

2014-06-21 20:02 - 2014-06-21 20:02 - 00001278 _____ () C:\Users\Public\Desktop\NCH Software.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001154 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\Users\Public\Desktop\WavePad Sound Editor.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk

2014-06-21 20:02 - 2014-06-21 20:02 - 00001126 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk

2014-06-21 20:00 - 2014-06-21 20:00 - 05800504 _____ (NCH Software) C:\Users\monthita\Downloads\vppsetup.exe

2014-06-21 19:51 - 2014-06-21 19:52 - 122809576 _____ (Movavi) C:\Users\monthita\Downloads\MovaviVideoEditorSetup.exe

2014-06-21 16:16 - 2014-06-30 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective

2014-06-21 16:16 - 2014-06-28 07:14 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters

2014-06-21 12:45 - 2014-06-21 12:45 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (3).zip

2014-06-21 12:43 - 2014-06-21 12:44 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (2).zip

2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3.zip

2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (1).zip

2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\Users\monthita\Downloads\Driver Support

2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support

2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Driver Support

2014-06-21 11:32 - 2014-06-21 11:32 - 00000000 ____D () C:\Program Files (x86)\Driver Support

2014-06-21 08:05 - 2014-07-02 18:25 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC

2014-06-20 16:34 - 2014-06-21 17:06 - 00000000 ____D () C:\Program Files (x86)\Yula

2014-06-17 19:25 - 2014-06-17 19:25 - 00000394 _____ () C:\Users\monthita\Downloads\rrrrrrr.txt

2014-06-15 16:12 - 2014-06-15 16:12 - 00061902 _____ () C:\Users\monthita\Downloads\Eastbourne_Research..pptx

2014-06-13 07:53 - 2014-06-13 07:53 - 00292864 _____ () C:\WINDOWS\Minidump\061314-22234-01.dmp

2014-06-12 20:05 - 2014-06-12 20:05 - 00046376 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\netfilter64.sys

2014-06-11 10:12 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-06-11 10:12 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-06-11 10:12 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-06-11 10:12 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-06-11 10:12 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-06-11 10:12 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-06-11 10:12 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-06-11 10:12 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-06-11 10:12 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-06-11 10:12 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-06-11 10:12 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-06-11 10:12 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-06-11 10:12 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-06-11 10:12 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-06-11 10:12 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-06-11 10:12 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-06-11 10:12 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-06-11 10:12 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-06-11 10:12 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-06-11 10:12 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-06-11 10:12 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-06-11 10:12 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-06-11 10:12 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-06-11 10:12 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-06-11 10:12 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-06-11 10:12 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-06-11 10:12 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-06-11 10:12 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-06-11 10:12 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-06-11 10:12 - 2014-05-10 04:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2014-06-11 10:12 - 2014-05-10 04:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2014-06-11 10:12 - 2014-05-09 00:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

2014-06-11 10:12 - 2014-05-05 05:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-06-11 10:12 - 2014-05-03 08:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-06-11 10:12 - 2014-05-03 05:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-11 10:12 - 2014-05-03 05:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-06-11 10:12 - 2014-05-03 04:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-06-11 10:12 - 2014-05-03 04:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-06-11 10:12 - 2014-04-30 12:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2014-06-11 10:12 - 2014-04-30 04:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2014-06-11 10:12 - 2014-04-03 08:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-06-11 10:12 - 2014-04-03 08:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-06-11 10:12 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-06-11 10:12 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-06-11 10:12 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-06-11 10:12 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-06-11 10:12 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-06-11 10:12 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-06-11 10:12 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-06-11 10:12 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-06-11 10:12 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-06-11 10:12 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-06-11 10:12 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-06-11 10:12 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-06-11 10:11 - 2014-05-19 07:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe

2014-06-11 10:11 - 2014-05-19 07:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe

2014-06-11 10:11 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe

2014-06-11 10:11 - 2014-05-01 14:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe

2014-06-11 10:11 - 2014-05-01 14:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys

2014-06-11 10:11 - 2014-05-01 08:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll

2014-06-11 10:11 - 2014-05-01 08:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll

2014-06-11 10:11 - 2014-05-01 07:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll

2014-06-11 10:11 - 2014-05-01 06:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll

2014-06-11 10:11 - 2014-04-30 05:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2014-06-11 10:11 - 2014-04-30 05:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2014-06-11 10:11 - 2014-04-30 04:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2014-06-11 10:11 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2014-06-11 10:11 - 2014-04-18 15:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-06-11 10:11 - 2014-04-18 14:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-06-11 10:11 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll

2014-06-11 10:11 - 2014-04-18 10:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-06-11 10:11 - 2014-04-18 09:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-06-11 10:11 - 2014-04-18 09:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-06-11 10:11 - 2014-04-18 09:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-06-11 10:11 - 2014-04-18 09:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-06-11 10:11 - 2014-04-18 08:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-06-11 10:11 - 2014-04-18 08:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-06-11 10:11 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2014-06-11 10:11 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2014-06-11 10:11 - 2014-04-11 07:13 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2014-06-11 10:11 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2014-06-11 10:11 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

2014-06-11 10:11 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

2014-06-11 10:11 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2014-06-11 10:11 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2014-06-11 10:11 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2014-06-11 10:11 - 2014-04-09 05:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-06-11 10:11 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2014-06-11 10:11 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2014-06-11 10:11 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2014-06-11 10:11 - 2014-04-06 17:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

2014-06-11 10:11 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

2014-06-11 10:11 - 2014-04-06 17:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-06-11 10:11 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2014-06-11 10:11 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys

2014-06-11 10:11 - 2014-04-06 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2014-06-11 10:11 - 2014-04-06 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-06-11 10:11 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

2014-06-11 10:11 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

2014-06-11 10:11 - 2014-04-06 16:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-06-11 10:11 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2014-06-11 10:11 - 2014-04-06 16:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2014-06-11 10:11 - 2014-04-06 15:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-06-11 10:11 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll

2014-06-11 10:11 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

2014-06-11 10:11 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2014-06-11 10:11 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe

2014-06-11 10:11 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll

2014-06-11 10:11 - 2014-04-06 12:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-06-11 10:11 - 2014-04-06 12:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-06-11 10:11 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll

2014-06-11 10:11 - 2014-04-06 12:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2014-06-11 10:11 - 2014-04-06 12:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-06-11 10:11 - 2014-04-06 11:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2014-06-11 10:11 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2014-06-11 10:11 - 2014-04-06 11:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2014-06-11 10:11 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2014-06-11 10:11 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2014-06-11 10:11 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2014-06-11 10:11 - 2014-04-03 09:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-06-11 10:11 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2014-06-11 10:11 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

2014-06-11 10:11 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2014-06-11 10:11 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll

2014-06-11 10:11 - 2014-04-03 04:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2014-06-11 10:11 - 2014-04-03 03:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-06-11 10:11 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-06-11 10:11 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2014-06-11 10:11 - 2014-04-03 03:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-06-11 10:11 - 2014-04-03 03:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-06-11 10:11 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll

2014-06-11 10:11 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll

2014-06-11 10:11 - 2014-04-01 07:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-06-11 10:11 - 2014-03-31 06:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-06-11 10:11 - 2014-03-31 01:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

2014-06-11 10:11 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2014-06-11 10:11 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2014-06-11 10:11 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2014-06-11 10:11 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-06-11 10:11 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-06-11 10:11 - 2014-03-30 23:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-06-11 10:11 - 2014-03-30 22:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-06-11 10:11 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2014-06-11 10:11 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2014-06-11 10:11 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2014-06-11 10:11 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2014-06-11 10:11 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2014-06-11 10:11 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2014-06-11 10:11 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

2014-06-11 10:11 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

2014-06-11 10:11 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2014-06-11 10:11 - 2014-03-24 23:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-06-11 10:11 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2014-06-11 10:11 - 2014-03-20 01:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-06-11 10:11 - 2014-03-20 00:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-06-11 10:11 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll

2014-06-11 10:11 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2014-06-11 10:11 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-06-11 10:11 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll

2014-06-11 10:11 - 2014-03-19 07:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-06-11 10:11 - 2014-03-19 06:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-06-11 10:11 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2014-06-11 10:11 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2014-06-11 10:11 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2014-06-11 10:11 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-06-11 10:11 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2014-06-11 10:11 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2014-06-11 10:11 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2014-06-11 10:11 - 2014-03-19 05:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-06-11 10:11 - 2014-03-18 09:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2014-06-11 10:11 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2014-06-11 10:11 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2014-06-11 10:11 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

2014-06-11 10:11 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

2014-06-11 10:11 - 2014-03-17 04:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2014-06-11 10:11 - 2014-03-17 03:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-06-11 10:11 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2014-06-11 10:11 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll

2014-06-11 10:11 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll

2014-06-11 10:11 - 2014-03-06 13:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-06-11 10:10 - 2014-06-11 10:10 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

2014-06-04 16:06 - 2014-06-04 16:06 - 00135496 _____ () C:\Users\barbi_000\Desktop\VE 2.wve

2014-06-03 17:39 - 2014-06-26 16:55 - 00174592 ___SH () C:\Users\monthita\Downloads\Thumbs.db

2014-06-03 15:15 - 2014-06-21 19:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations

2014-06-03 15:15 - 2014-06-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-06-03 15:15 - 2014-06-21 17:05 - 00000000 ____D () C:\Program Files (x86)\HP

2014-06-03 15:15 - 2014-06-10 16:10 - 00000000 ____D () C:\Users\monthita\AppData\Roaming\HpUpdate

2014-06-03 15:15 - 2014-06-03 15:15 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 5520 series

2014-06-03 15:15 - 2014-06-03 15:15 - 00002268 _____ () C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk

2014-06-03 15:15 - 2014-06-03 15:15 - 00002007 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk

2014-06-03 15:15 - 2014-06-03 15:15 - 00001200 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk

2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\Visan

2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files\HP

2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations

2014-06-03 15:15 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMB111.dll

2014-06-03 15:14 - 2014-06-03 15:14 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-06-03 15:12 - 2014-06-03 15:17 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315 (1).exe

2014-06-03 15:08 - 2014-06-03 15:12 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315.exe

2014-06-03 15:06 - 2014-06-03 15:06 - 00000000 ____D () C:\Users\monthita\AppData\Local\HP

2014-06-03 15:00 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\HP

==================== One Month Modified Files and Folders =======

2014-07-03 06:59 - 2014-07-03 06:58 - 00018989 _____ () C:\Users\monthita\Desktop\FRST.txt

2014-07-03 06:58 - 2014-07-03 06:58 - 00000000 ____D () C:\FRST

2014-07-03 06:57 - 2014-07-03 06:57 - 02083840 _____ (Farbar) C:\Users\monthita\Desktop\FRST64.exe

2014-07-03 06:56 - 2014-04-03 15:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-03 06:56 - 2013-10-18 11:27 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-03 06:56 - 2013-10-18 11:27 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-03 06:55 - 2013-10-15 16:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1001

2014-07-03 06:50 - 2014-05-18 11:13 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1001

2014-07-03 06:50 - 2014-05-10 18:09 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1001

2014-07-03 06:50 - 2014-01-17 16:51 - 00000000 __RDO () C:\Users\monthita\SkyDrive

2014-07-03 06:50 - 2014-01-17 16:46 - 01842495 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-03 06:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-02 20:50 - 2014-03-01 15:45 - 00000956 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1005UA.job

2014-07-02 20:46 - 2014-01-06 12:41 - 00000952 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1001UA.job

2014-07-02 20:14 - 2014-04-05 20:09 - 00000956 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1004UA.job

2014-07-02 20:14 - 2014-04-05 20:09 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1004Core.job

2014-07-02 18:36 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-02 18:34 - 2014-07-02 18:34 - 00085885 _____ () C:\Users\monthita\Desktop\mal3.txt

2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal2.txt

2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal.txt

2014-07-02 18:30 - 2014-07-02 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-02 18:29 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-02 18:28 - 2013-11-14 08:20 - 00194064 _____ () C:\WINDOWS\PFRO.log

2014-07-02 18:25 - 2014-06-21 08:05 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC

2014-07-02 18:25 - 2014-02-08 13:16 - 00000000 ____D () C:\Temp

2014-07-02 18:14 - 2014-07-02 18:14 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-02 18:10 - 2014-07-02 18:10 - 00001877 _____ () C:\Users\monthita\Desktop\AdwCleaner[S6].txt

2014-07-02 18:06 - 2014-07-02 14:57 - 00000000 ____D () C:\AdwCleaner

2014-07-02 17:59 - 2014-07-02 17:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\monthita\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-02 17:54 - 2014-07-02 17:54 - 00001757 _____ () C:\Users\monthita\Desktop\AdwCleaner[S5].txt

2014-07-02 17:33 - 2014-01-04 21:26 - 00018944 ___SH () C:\Users\monthita\Documents\Thumbs.db

2014-07-02 17:33 - 2013-10-15 17:00 - 00233472 ___SH () C:\Users\monthita\Desktop\Thumbs.db

2014-07-02 17:21 - 2014-07-02 17:21 - 00001637 _____ () C:\Users\monthita\Desktop\AdwCleaner[S4].txt

2014-07-02 16:57 - 2014-07-02 16:57 - 00001517 _____ () C:\Users\monthita\Desktop\AdwCleaner[S3].txt

2014-07-02 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-07-02 16:42 - 2014-07-02 16:42 - 00001397 _____ () C:\Users\monthita\Desktop\AdwCleaner[S2].txt

2014-07-02 16:27 - 2014-07-02 16:27 - 00001454 _____ () C:\Users\monthita\Desktop\AdwCleaner[S1].txt

2014-07-02 16:25 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-02 16:02 - 2014-07-02 16:02 - 00026433 _____ () C:\Users\monthita\Desktop\AdwCleaner[S0].txt

2014-07-02 16:02 - 2014-07-02 16:02 - 00000000 ____D () C:\WINDOWS\LastGood

2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ProtectedSearch

2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Browser Updater

2014-07-02 15:51 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\monthita

2014-07-02 14:55 - 2014-07-02 14:55 - 00016962 _____ () C:\Users\monthita\Desktop\JRT.txt

2014-07-02 14:51 - 2014-07-02 14:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-02 14:50 - 2014-03-01 15:45 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1005Core.job

2014-07-02 14:49 - 2014-07-02 14:49 - 01016261 _____ (Thisisu) C:\Users\monthita\Desktop\JRT.exe

2014-07-02 14:48 - 2014-02-23 15:30 - 00000000 ____D () C:\ProgramData\hjmofaafdfeodmanjhacbjhlkkkgacfk

2014-07-02 14:46 - 2014-02-23 15:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-07-02 14:44 - 2014-07-02 14:44 - 00003053 _____ () C:\Users\monthita\Desktop\aswMBR.txt

2014-07-02 14:44 - 2014-07-02 14:44 - 00000512 _____ () C:\Users\monthita\Desktop\MBR.dat

2014-07-02 14:43 - 2014-07-02 14:43 - 01346519 _____ () C:\Users\monthita\Desktop\AdwCleaner.exe

2014-07-02 14:35 - 2014-07-02 14:35 - 05185536 _____ (AVAST Software) C:\Users\monthita\Desktop\aswmbr[1].exe

2014-07-02 11:46 - 2014-01-06 12:41 - 00000930 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1001Core.job

2014-07-02 09:21 - 2014-07-02 09:21 - 00015999 _____ () C:\Users\monthita\Desktop\hijackthis.log

2014-07-02 09:20 - 2014-07-02 09:01 - 00000436 _____ () C:\Users\monthita\Desktop\rrr.txt

2014-07-02 09:17 - 2014-07-02 09:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\monthita\Desktop\HiJackThis.exe

2014-07-01 19:19 - 2013-11-05 19:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1004

2014-07-01 19:13 - 2014-02-22 15:00 - 00000000 __RDO () C:\Users\bend-_000\SkyDrive

2014-07-01 19:13 - 2013-12-12 17:54 - 00003342 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1004

2014-07-01 19:13 - 2013-12-12 17:54 - 00003290 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1004

2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2014-06-30 11:20 - 2013-10-16 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-06-30 11:20 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-06-30 11:19 - 2013-10-16 18:10 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-06-30 10:39 - 2014-06-21 20:02 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

2014-06-30 10:39 - 2014-06-21 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective

2014-06-30 10:36 - 2014-03-23 10:24 - 00001188 _____ () C:\Users\monthita\Desktop\Live PC Help.lnk

2014-06-30 09:41 - 2014-01-23 20:41 - 00000247 _____ () C:\Users\bend-_000\AppData\Roaming\WB.CFG

2014-06-30 09:40 - 2014-01-17 18:54 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9555003-4FE2-48C4-BF96-9A256319E274}

2014-06-29 18:23 - 2014-01-01 15:55 - 00000544 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website

2014-06-29 17:02 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\barbi_000

2014-06-29 15:57 - 2014-06-29 15:57 - 00014143 _____ () C:\Users\bend-_000\Desktop\images

2014-06-29 10:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-06-28 17:18 - 2014-01-14 17:19 - 00000000 ____D () C:\Users\bend-_000\AppData\Roaming\.minecraft

2014-06-28 12:43 - 2014-06-28 12:43 - 00000000 ____D () C:\Users\bend-_000\AppData\Local\Intel_Corporation

2014-06-28 07:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-06-28 07:17 - 2014-05-17 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 9

2014-06-28 07:17 - 2014-04-03 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-06-28 07:17 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\bend-_000

2014-06-28 07:17 - 2013-10-15 17:00 - 00000000 ____D () C:\ProgramData\Norton

2014-06-28 07:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-06-28 07:17 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2014-06-28 07:17 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-06-28 07:14 - 2014-06-21 16:16 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters

2014-06-28 07:14 - 2013-12-08 19:17 - 00000000 ____D () C:\ProgramData\Real

2014-06-28 07:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration

2014-06-28 06:01 - 2014-03-24 18:37 - 00000000 ____D () C:\Users\monthita\AppData\Local\CrashDumps

2014-06-26 16:55 - 2014-06-03 17:39 - 00174592 ___SH () C:\Users\monthita\Downloads\Thumbs.db

2014-06-26 16:30 - 2014-01-19 15:34 - 00000000 __RDO () C:\Users\barbi_000\SkyDrive

2014-06-24 19:32 - 2013-08-22 15:46 - 00371971 _____ () C:\WINDOWS\setupact.log

2014-06-23 17:44 - 2014-01-13 20:23 - 00000000 ____D () C:\Users\monthita\AppData\Roaming\.minecraft

2014-06-22 17:50 - 2013-12-14 18:26 - 00000000 ___RD () C:\Users\monthita\Documents\Notes

2014-06-22 17:06 - 2014-06-22 17:03 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk

2014-06-22 17:06 - 2014-06-22 17:03 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk

2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare

2014-06-22 17:02 - 2013-10-15 16:29 - 00000000 ____D () C:\Users\monthita\AppData\Local\VirtualStore

2014-06-22 16:54 - 2014-06-22 16:54 - 00000000 ____D () C:\Users\monthita\AppData\Local\MediaDrug

2014-06-22 16:53 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (2).exe

2014-06-22 16:53 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (1).exe

2014-06-22 16:52 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug.exe

2014-06-22 16:42 - 2013-11-05 18:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1005

2014-06-22 16:32 - 2014-04-26 09:51 - 00003364 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1005

2014-06-22 16:32 - 2014-04-26 09:51 - 00003312 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1005