Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Unwanted pop ups and programs on computer - please help [Solved]


  • This topic is locked This topic is locked
44 replies to this topic

#16 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 July 2014 - 11:35 AM

Did you see my reply a few posts back about running Malwarebytes


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#17 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 02 July 2014 - 11:37 AM

I ran malware and everything seemed to go ok - all were quaranteened.

 

after reboot I opened malware again, and this is the only log I could get.

 

thank you for your help so far.  I will now call it a night

 

cheers.  check again in the morning

Attached Files

  • Attached File  mal3.txt   83.87KB   98 downloads


#18 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 July 2014 - 11:53 AM

Your daughter has been quite busy  :blush:

 

Ask her if she has a banking account that she accesses online or a credit card that she does online purchases with.  Ask her how she would feel if by clicking on anything that shows up that her banking info as far as log on and password and credit card where compromised, how would she feel then.  Because what I am seeing what is being removed she is heading in that direction.   Just my observation.  Besides cleaning computers we like to educate people on keeping safe online.

 

 


Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #19 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 03 July 2014 - 12:02 AM

    hi

     

    here are the additions and FRST log

     

    thanks

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
    Ran by monthita (administrator) on HOUSE on 03-07-2014 06:58:51
    Running from C:\Users\monthita\Desktop
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Windows\System32\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-08] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3474511871-1524528776-1052004353-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
    HKU\S-1-5-21-3474511871-1524528776-1052004353-1001\...\Run: [Facebook Update] => C:\Users\monthita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-01-06] (Facebook Inc.)
    Startup: C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1001\User: Group Policy restriction detected <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {05C12E4C-6291-43F6-8C07-BBD3B3EF5E18} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM - {15D811D6-979A-4DA0-9B21-A6E02AEABAEF} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {1B0AEC5F-9979-4A64-8A2F-8014547A8D26} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKCU - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    BHO-x32: PETN - {6918B055-65BB-46DF-A1EA-18728587BC31} - C:\Users\monthita\AppData\Local\TidyNetwork\petn.dll No File
    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport.dll No File
    Toolbar: HKCU - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\monthita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\monthita\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: avsoftware.org/safesearch - C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)
    FF Plugin HKCU: BearSharePlugin - C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2014-07-02]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013-10-16]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]
     
    Chrome: 
    =======
    CHR HomePage: hxxp://start.hometab.com/?1=1__PARAM__
    CHR StartupUrls: "https://www.google.co.uk/"
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
    CHR Extension: (Google Drive) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]
    CHR Extension: (YouTube) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
    CHR Extension: (Google Search) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
    CHR Extension: (Google Wallet) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
    CHR Extension: (Gmail) - C:\Users\monthita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24]
     
    ==================== Services (Whitelisted) =================
     
    R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140701.033\ENG64.SYS [126040 2014-07-02] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140701.033\EX64.SYS [2099288 2014-07-02] (Symantec Corporation)
    R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
    S4 SymELAM; C:\Windows\system32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-15] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-07-03 06:58 - 2014-07-03 06:59 - 00018989 _____ () C:\Users\monthita\Desktop\FRST.txt
    2014-07-03 06:58 - 2014-07-03 06:58 - 00000000 ____D () C:\FRST
    2014-07-03 06:57 - 2014-07-03 06:57 - 02083840 _____ (Farbar) C:\Users\monthita\Desktop\FRST64.exe
    2014-07-02 18:34 - 2014-07-02 18:34 - 00085885 _____ () C:\Users\monthita\Desktop\mal3.txt
    2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal2.txt
    2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal.txt
    2014-07-02 18:15 - 2014-07-02 18:30 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-02 18:14 - 2014-07-02 18:14 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-02 18:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-07-02 18:14 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-07-02 18:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-07-02 18:10 - 2014-07-02 18:10 - 00001877 _____ () C:\Users\monthita\Desktop\AdwCleaner[S6].txt
    2014-07-02 17:59 - 2014-07-02 17:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\monthita\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-02 17:54 - 2014-07-02 17:54 - 00001757 _____ () C:\Users\monthita\Desktop\AdwCleaner[S5].txt
    2014-07-02 17:21 - 2014-07-02 17:21 - 00001637 _____ () C:\Users\monthita\Desktop\AdwCleaner[S4].txt
    2014-07-02 16:57 - 2014-07-02 16:57 - 00001517 _____ () C:\Users\monthita\Desktop\AdwCleaner[S3].txt
    2014-07-02 16:42 - 2014-07-02 16:42 - 00001397 _____ () C:\Users\monthita\Desktop\AdwCleaner[S2].txt
    2014-07-02 16:27 - 2014-07-02 16:27 - 00001454 _____ () C:\Users\monthita\Desktop\AdwCleaner[S1].txt
    2014-07-02 16:02 - 2014-07-02 16:02 - 00026433 _____ () C:\Users\monthita\Desktop\AdwCleaner[S0].txt
    2014-07-02 16:02 - 2014-07-02 16:02 - 00000000 ____D () C:\WINDOWS\LastGood
    2014-07-02 15:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
    2014-07-02 14:57 - 2014-07-02 18:06 - 00000000 ____D () C:\AdwCleaner
    2014-07-02 14:55 - 2014-07-02 14:55 - 00016962 _____ () C:\Users\monthita\Desktop\JRT.txt
    2014-07-02 14:51 - 2014-07-02 14:51 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-07-02 14:49 - 2014-07-02 14:49 - 01016261 _____ (Thisisu) C:\Users\monthita\Desktop\JRT.exe
    2014-07-02 14:44 - 2014-07-02 14:44 - 00003053 _____ () C:\Users\monthita\Desktop\aswMBR.txt
    2014-07-02 14:44 - 2014-07-02 14:44 - 00000512 _____ () C:\Users\monthita\Desktop\MBR.dat
    2014-07-02 14:43 - 2014-07-02 14:43 - 01346519 _____ () C:\Users\monthita\Desktop\AdwCleaner.exe
    2014-07-02 14:35 - 2014-07-02 14:35 - 05185536 _____ (AVAST Software) C:\Users\monthita\Desktop\aswmbr[1].exe
    2014-07-02 09:21 - 2014-07-02 09:21 - 00015999 _____ () C:\Users\monthita\Desktop\hijackthis.log
    2014-07-02 09:17 - 2014-07-02 09:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\monthita\Desktop\HiJackThis.exe
    2014-07-02 09:01 - 2014-07-02 09:20 - 00000436 _____ () C:\Users\monthita\Desktop\rrr.txt
    2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
    2014-06-29 15:57 - 2014-06-29 15:57 - 00014143 _____ () C:\Users\bend-_000\Desktop\images
    2014-06-28 12:43 - 2014-06-28 12:43 - 00000000 ____D () C:\Users\bend-_000\AppData\Local\Intel_Corporation
    2014-06-22 17:54 - 2009-09-30 17:01 - 00000170 ____R () C:\2009-09-30 1700.wpl
    2014-06-22 17:03 - 2014-06-22 17:06 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk
    2014-06-22 17:03 - 2014-06-22 17:06 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk
    2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare
    2014-06-22 16:54 - 2014-06-22 16:54 - 00000000 ____D () C:\Users\monthita\AppData\Local\MediaDrug
    2014-06-22 16:53 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (2).exe
    2014-06-22 16:52 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (1).exe
    2014-06-22 16:52 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug.exe
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (9).jar
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (8).jar
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Desktop\Mineshafter-launcher (9).jar
    2014-06-21 20:17 - 2014-06-21 20:17 - 00000540 _____ () C:\Users\monthita\Documents\url.htm
    2014-06-21 20:03 - 2014-06-21 20:03 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
    2014-06-21 20:03 - 2014-06-21 20:03 - 00001190 _____ () C:\Users\Public\Desktop\PhotoStage Slideshow Producer.lnk
    2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Users\monthita\Documents\VideoPad Projects
    2014-06-21 20:02 - 2014-06-30 10:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001278 _____ () C:\Users\Public\Desktop\NCH Software.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001154 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001126 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
    2014-06-21 20:00 - 2014-06-21 20:00 - 05800504 _____ (NCH Software) C:\Users\monthita\Downloads\vppsetup.exe
    2014-06-21 19:51 - 2014-06-21 19:52 - 122809576 _____ (Movavi) C:\Users\monthita\Downloads\MovaviVideoEditorSetup.exe
    2014-06-21 16:16 - 2014-06-30 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    2014-06-21 16:16 - 2014-06-28 07:14 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters
    2014-06-21 12:45 - 2014-06-21 12:45 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (3).zip
    2014-06-21 12:43 - 2014-06-21 12:44 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (2).zip
    2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3.zip
    2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (1).zip
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\Users\monthita\Downloads\Driver Support
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Driver Support
    2014-06-21 11:32 - 2014-06-21 11:32 - 00000000 ____D () C:\Program Files (x86)\Driver Support
    2014-06-21 08:05 - 2014-07-02 18:25 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC
    2014-06-20 16:34 - 2014-06-21 17:06 - 00000000 ____D () C:\Program Files (x86)\Yula
    2014-06-17 19:25 - 2014-06-17 19:25 - 00000394 _____ () C:\Users\monthita\Downloads\rrrrrrr.txt
    2014-06-15 16:12 - 2014-06-15 16:12 - 00061902 _____ () C:\Users\monthita\Downloads\Eastbourne_Research..pptx
    2014-06-13 07:53 - 2014-06-13 07:53 - 00292864 _____ () C:\WINDOWS\Minidump\061314-22234-01.dmp
    2014-06-12 20:05 - 2014-06-12 20:05 - 00046376 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\netfilter64.sys
    2014-06-11 10:12 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-06-11 10:12 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-06-11 10:12 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-06-11 10:12 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-06-11 10:12 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-06-11 10:12 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-06-11 10:12 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-06-11 10:12 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-06-11 10:12 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-06-11 10:12 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-06-11 10:12 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-06-11 10:12 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-06-11 10:12 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-06-11 10:12 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-06-11 10:12 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-06-11 10:12 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-06-11 10:12 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-06-11 10:12 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-06-11 10:12 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-06-11 10:12 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-06-11 10:12 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-06-11 10:12 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-06-11 10:12 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-06-11 10:12 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-06-11 10:12 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-06-11 10:12 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-06-11 10:12 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-06-11 10:12 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-06-11 10:12 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-06-11 10:12 - 2014-05-10 04:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-06-11 10:12 - 2014-05-10 04:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-06-11 10:12 - 2014-05-09 00:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2014-06-11 10:12 - 2014-05-05 05:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-06-11 10:12 - 2014-05-03 08:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2014-06-11 10:12 - 2014-05-03 05:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-06-11 10:12 - 2014-05-03 05:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-06-11 10:12 - 2014-05-03 04:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-06-11 10:12 - 2014-05-03 04:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-06-11 10:12 - 2014-04-30 12:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-06-11 10:12 - 2014-04-30 04:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-06-11 10:12 - 2014-04-03 08:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-06-11 10:12 - 2014-04-03 08:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-06-11 10:12 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-06-11 10:12 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-06-11 10:12 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-06-11 10:12 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-06-11 10:12 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-06-11 10:12 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-06-11 10:12 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-06-11 10:12 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-06-11 10:12 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-06-11 10:12 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-06-11 10:12 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-06-11 10:12 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-06-11 10:11 - 2014-05-19 07:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
    2014-06-11 10:11 - 2014-05-19 07:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
    2014-06-11 10:11 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
    2014-06-11 10:11 - 2014-05-01 14:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2014-06-11 10:11 - 2014-05-01 14:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
    2014-06-11 10:11 - 2014-05-01 08:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2014-06-11 10:11 - 2014-05-01 08:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2014-06-11 10:11 - 2014-05-01 07:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
    2014-06-11 10:11 - 2014-05-01 06:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
    2014-06-11 10:11 - 2014-04-30 05:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2014-06-11 10:11 - 2014-04-30 05:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2014-06-11 10:11 - 2014-04-30 04:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2014-06-11 10:11 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
    2014-06-11 10:11 - 2014-04-18 15:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-06-11 10:11 - 2014-04-18 14:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-06-11 10:11 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
    2014-06-11 10:11 - 2014-04-18 10:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-06-11 10:11 - 2014-04-18 09:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-06-11 10:11 - 2014-04-18 09:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-06-11 10:11 - 2014-04-18 09:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-06-11 10:11 - 2014-04-18 09:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-06-11 10:11 - 2014-04-18 08:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-06-11 10:11 - 2014-04-18 08:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-06-11 10:11 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2014-06-11 10:11 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2014-06-11 10:11 - 2014-04-11 07:13 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2014-06-11 10:11 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2014-06-11 10:11 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2014-06-11 10:11 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2014-06-11 10:11 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
    2014-06-11 10:11 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2014-06-11 10:11 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
    2014-06-11 10:11 - 2014-04-09 05:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-06-11 10:11 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2014-06-11 10:11 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2014-06-11 10:11 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2014-06-11 10:11 - 2014-04-06 17:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2014-06-11 10:11 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2014-06-11 10:11 - 2014-04-06 17:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-06-11 10:11 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2014-06-11 10:11 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2014-06-11 10:11 - 2014-04-06 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2014-06-11 10:11 - 2014-04-06 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2014-06-11 10:11 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2014-06-11 10:11 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
    2014-06-11 10:11 - 2014-04-06 16:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-06-11 10:11 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2014-06-11 10:11 - 2014-04-06 16:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2014-06-11 10:11 - 2014-04-06 15:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-06-11 10:11 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2014-06-11 10:11 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2014-06-11 10:11 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2014-06-11 10:11 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2014-06-11 10:11 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
    2014-06-11 10:11 - 2014-04-06 12:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-06-11 10:11 - 2014-04-06 12:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-06-11 10:11 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2014-06-11 10:11 - 2014-04-06 12:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2014-06-11 10:11 - 2014-04-06 12:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-06-11 10:11 - 2014-04-06 11:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2014-06-11 10:11 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2014-06-11 10:11 - 2014-04-06 11:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2014-06-11 10:11 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2014-06-11 10:11 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2014-06-11 10:11 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2014-06-11 10:11 - 2014-04-03 09:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2014-06-11 10:11 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2014-06-11 10:11 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
    2014-06-11 10:11 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2014-06-11 10:11 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
    2014-06-11 10:11 - 2014-04-03 04:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2014-06-11 10:11 - 2014-04-03 03:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-06-11 10:11 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2014-06-11 10:11 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2014-06-11 10:11 - 2014-04-03 03:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2014-06-11 10:11 - 2014-04-03 03:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2014-06-11 10:11 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
    2014-06-11 10:11 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
    2014-06-11 10:11 - 2014-04-01 07:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2014-06-11 10:11 - 2014-03-31 06:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-06-11 10:11 - 2014-03-31 01:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
    2014-06-11 10:11 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2014-06-11 10:11 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2014-06-11 10:11 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2014-06-11 10:11 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2014-06-11 10:11 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2014-06-11 10:11 - 2014-03-30 23:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-06-11 10:11 - 2014-03-30 22:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-06-11 10:11 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2014-06-11 10:11 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2014-06-11 10:11 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2014-06-11 10:11 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2014-06-11 10:11 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2014-06-11 10:11 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2014-06-11 10:11 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2014-06-11 10:11 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
    2014-06-11 10:11 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
    2014-06-11 10:11 - 2014-03-24 23:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-06-11 10:11 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2014-06-11 10:11 - 2014-03-20 01:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-06-11 10:11 - 2014-03-20 00:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-06-11 10:11 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2014-06-11 10:11 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2014-06-11 10:11 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2014-06-11 10:11 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
    2014-06-11 10:11 - 2014-03-19 07:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
    2014-06-11 10:11 - 2014-03-19 06:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
    2014-06-11 10:11 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2014-06-11 10:11 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2014-06-11 10:11 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2014-06-11 10:11 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2014-06-11 10:11 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2014-06-11 10:11 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2014-06-11 10:11 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
    2014-06-11 10:11 - 2014-03-19 05:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-06-11 10:11 - 2014-03-18 09:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2014-06-11 10:11 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2014-06-11 10:11 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2014-06-11 10:11 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2014-06-11 10:11 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2014-06-11 10:11 - 2014-03-17 04:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2014-06-11 10:11 - 2014-03-17 03:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-06-11 10:11 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2014-06-11 10:11 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
    2014-06-11 10:11 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
    2014-06-11 10:11 - 2014-03-06 13:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2014-06-11 10:10 - 2014-06-11 10:10 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
    2014-06-04 16:06 - 2014-06-04 16:06 - 00135496 _____ () C:\Users\barbi_000\Desktop\VE  2.wve
    2014-06-03 17:39 - 2014-06-26 16:55 - 00174592 ___SH () C:\Users\monthita\Downloads\Thumbs.db
    2014-06-03 15:15 - 2014-06-21 19:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
    2014-06-03 15:15 - 2014-06-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-06-03 15:15 - 2014-06-21 17:05 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-06-03 15:15 - 2014-06-10 16:10 - 00000000 ____D () C:\Users\monthita\AppData\Roaming\HpUpdate
    2014-06-03 15:15 - 2014-06-03 15:15 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
    2014-06-03 15:15 - 2014-06-03 15:15 - 00002268 _____ () C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00002007 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00001200 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\Visan
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files\HP
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
    2014-06-03 15:15 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMB111.dll
    2014-06-03 15:14 - 2014-06-03 15:14 - 00000057 _____ () C:\ProgramData\Ament.ini
    2014-06-03 15:12 - 2014-06-03 15:17 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315 (1).exe
    2014-06-03 15:08 - 2014-06-03 15:12 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315.exe
    2014-06-03 15:06 - 2014-06-03 15:06 - 00000000 ____D () C:\Users\monthita\AppData\Local\HP
    2014-06-03 15:00 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\HP
     
    ==================== One Month Modified Files and Folders =======
     
    2014-07-03 06:59 - 2014-07-03 06:58 - 00018989 _____ () C:\Users\monthita\Desktop\FRST.txt
    2014-07-03 06:58 - 2014-07-03 06:58 - 00000000 ____D () C:\FRST
    2014-07-03 06:57 - 2014-07-03 06:57 - 02083840 _____ (Farbar) C:\Users\monthita\Desktop\FRST64.exe
    2014-07-03 06:56 - 2014-04-03 15:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-03 06:56 - 2013-10-18 11:27 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-03 06:56 - 2013-10-18 11:27 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-03 06:55 - 2013-10-15 16:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1001
    2014-07-03 06:50 - 2014-05-18 11:13 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1001
    2014-07-03 06:50 - 2014-05-10 18:09 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1001
    2014-07-03 06:50 - 2014-01-17 16:51 - 00000000 __RDO () C:\Users\monthita\SkyDrive
    2014-07-03 06:50 - 2014-01-17 16:46 - 01842495 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-07-03 06:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-07-02 20:50 - 2014-03-01 15:45 - 00000956 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1005UA.job
    2014-07-02 20:46 - 2014-01-06 12:41 - 00000952 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1001UA.job
    2014-07-02 20:14 - 2014-04-05 20:09 - 00000956 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1004UA.job
    2014-07-02 20:14 - 2014-04-05 20:09 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1004Core.job
    2014-07-02 18:36 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-07-02 18:34 - 2014-07-02 18:34 - 00085885 _____ () C:\Users\monthita\Desktop\mal3.txt
    2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal2.txt
    2014-07-02 18:31 - 2014-07-02 18:31 - 00000253 _____ () C:\Users\monthita\Desktop\mal.txt
    2014-07-02 18:30 - 2014-07-02 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-02 18:29 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-07-02 18:28 - 2013-11-14 08:20 - 00194064 _____ () C:\WINDOWS\PFRO.log
    2014-07-02 18:25 - 2014-06-21 08:05 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC
    2014-07-02 18:25 - 2014-02-08 13:16 - 00000000 ____D () C:\Temp
    2014-07-02 18:14 - 2014-07-02 18:14 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-02 18:14 - 2014-07-02 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-02 18:10 - 2014-07-02 18:10 - 00001877 _____ () C:\Users\monthita\Desktop\AdwCleaner[S6].txt
    2014-07-02 18:06 - 2014-07-02 14:57 - 00000000 ____D () C:\AdwCleaner
    2014-07-02 17:59 - 2014-07-02 17:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\monthita\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-02 17:54 - 2014-07-02 17:54 - 00001757 _____ () C:\Users\monthita\Desktop\AdwCleaner[S5].txt
    2014-07-02 17:33 - 2014-01-04 21:26 - 00018944 ___SH () C:\Users\monthita\Documents\Thumbs.db
    2014-07-02 17:33 - 2013-10-15 17:00 - 00233472 ___SH () C:\Users\monthita\Desktop\Thumbs.db
    2014-07-02 17:21 - 2014-07-02 17:21 - 00001637 _____ () C:\Users\monthita\Desktop\AdwCleaner[S4].txt
    2014-07-02 16:57 - 2014-07-02 16:57 - 00001517 _____ () C:\Users\monthita\Desktop\AdwCleaner[S3].txt
    2014-07-02 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-07-02 16:42 - 2014-07-02 16:42 - 00001397 _____ () C:\Users\monthita\Desktop\AdwCleaner[S2].txt
    2014-07-02 16:27 - 2014-07-02 16:27 - 00001454 _____ () C:\Users\monthita\Desktop\AdwCleaner[S1].txt
    2014-07-02 16:25 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
    2014-07-02 16:02 - 2014-07-02 16:02 - 00026433 _____ () C:\Users\monthita\Desktop\AdwCleaner[S0].txt
    2014-07-02 16:02 - 2014-07-02 16:02 - 00000000 ____D () C:\WINDOWS\LastGood
    2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ProtectedSearch
    2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Browser Updater
    2014-07-02 15:51 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\monthita
    2014-07-02 14:55 - 2014-07-02 14:55 - 00016962 _____ () C:\Users\monthita\Desktop\JRT.txt
    2014-07-02 14:51 - 2014-07-02 14:51 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-07-02 14:50 - 2014-03-01 15:45 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1005Core.job
    2014-07-02 14:49 - 2014-07-02 14:49 - 01016261 _____ (Thisisu) C:\Users\monthita\Desktop\JRT.exe
    2014-07-02 14:48 - 2014-02-23 15:30 - 00000000 ____D () C:\ProgramData\hjmofaafdfeodmanjhacbjhlkkkgacfk
    2014-07-02 14:46 - 2014-02-23 15:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-07-02 14:44 - 2014-07-02 14:44 - 00003053 _____ () C:\Users\monthita\Desktop\aswMBR.txt
    2014-07-02 14:44 - 2014-07-02 14:44 - 00000512 _____ () C:\Users\monthita\Desktop\MBR.dat
    2014-07-02 14:43 - 2014-07-02 14:43 - 01346519 _____ () C:\Users\monthita\Desktop\AdwCleaner.exe
    2014-07-02 14:35 - 2014-07-02 14:35 - 05185536 _____ (AVAST Software) C:\Users\monthita\Desktop\aswmbr[1].exe
    2014-07-02 11:46 - 2014-01-06 12:41 - 00000930 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3474511871-1524528776-1052004353-1001Core.job
    2014-07-02 09:21 - 2014-07-02 09:21 - 00015999 _____ () C:\Users\monthita\Desktop\hijackthis.log
    2014-07-02 09:20 - 2014-07-02 09:01 - 00000436 _____ () C:\Users\monthita\Desktop\rrr.txt
    2014-07-02 09:17 - 2014-07-02 09:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\monthita\Desktop\HiJackThis.exe
    2014-07-01 19:19 - 2013-11-05 19:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1004
    2014-07-01 19:13 - 2014-02-22 15:00 - 00000000 __RDO () C:\Users\bend-_000\SkyDrive
    2014-07-01 19:13 - 2013-12-12 17:54 - 00003342 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1004
    2014-07-01 19:13 - 2013-12-12 17:54 - 00003290 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1004
    2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
    2014-06-30 11:20 - 2013-10-16 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-06-30 11:20 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-06-30 11:19 - 2013-10-16 18:10 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-06-30 10:39 - 2014-06-21 20:02 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
    2014-06-30 10:39 - 2014-06-21 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    2014-06-30 10:36 - 2014-03-23 10:24 - 00001188 _____ () C:\Users\monthita\Desktop\Live PC Help.lnk
    2014-06-30 09:41 - 2014-01-23 20:41 - 00000247 _____ () C:\Users\bend-_000\AppData\Roaming\WB.CFG
    2014-06-30 09:40 - 2014-01-17 18:54 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9555003-4FE2-48C4-BF96-9A256319E274}
    2014-06-29 18:23 - 2014-01-01 15:55 - 00000544 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website
    2014-06-29 17:02 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\barbi_000
    2014-06-29 15:57 - 2014-06-29 15:57 - 00014143 _____ () C:\Users\bend-_000\Desktop\images
    2014-06-29 10:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-06-28 17:18 - 2014-01-14 17:19 - 00000000 ____D () C:\Users\bend-_000\AppData\Roaming\.minecraft
    2014-06-28 12:43 - 2014-06-28 12:43 - 00000000 ____D () C:\Users\bend-_000\AppData\Local\Intel_Corporation
    2014-06-28 07:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-06-28 07:17 - 2014-05-17 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 9
    2014-06-28 07:17 - 2014-04-03 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-06-28 07:17 - 2014-01-17 16:39 - 00000000 ____D () C:\Users\bend-_000
    2014-06-28 07:17 - 2013-10-15 17:00 - 00000000 ____D () C:\ProgramData\Norton
    2014-06-28 07:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
    2014-06-28 07:17 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
    2014-06-28 07:17 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
    2014-06-28 07:14 - 2014-06-21 16:16 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters
    2014-06-28 07:14 - 2013-12-08 19:17 - 00000000 ____D () C:\ProgramData\Real
    2014-06-28 07:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
    2014-06-28 06:01 - 2014-03-24 18:37 - 00000000 ____D () C:\Users\monthita\AppData\Local\CrashDumps
    2014-06-26 16:55 - 2014-06-03 17:39 - 00174592 ___SH () C:\Users\monthita\Downloads\Thumbs.db
    2014-06-26 16:30 - 2014-01-19 15:34 - 00000000 __RDO () C:\Users\barbi_000\SkyDrive
    2014-06-24 19:32 - 2013-08-22 15:46 - 00371971 _____ () C:\WINDOWS\setupact.log
    2014-06-23 17:44 - 2014-01-13 20:23 - 00000000 ____D () C:\Users\monthita\AppData\Roaming\.minecraft
    2014-06-22 17:50 - 2013-12-14 18:26 - 00000000 ___RD () C:\Users\monthita\Documents\Notes
    2014-06-22 17:06 - 2014-06-22 17:03 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk
    2014-06-22 17:06 - 2014-06-22 17:03 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk
    2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare
    2014-06-22 17:02 - 2013-10-15 16:29 - 00000000 ____D () C:\Users\monthita\AppData\Local\VirtualStore
    2014-06-22 16:54 - 2014-06-22 16:54 - 00000000 ____D () C:\Users\monthita\AppData\Local\MediaDrug
    2014-06-22 16:53 - 2014-06-22 16:53 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (2).exe
    2014-06-22 16:53 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug (1).exe
    2014-06-22 16:52 - 2014-06-22 16:52 - 00314952 _____ (MediaDrug) C:\Users\monthita\Downloads\mediadrug.exe
    2014-06-22 16:42 - 2013-11-05 18:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3474511871-1524528776-1052004353-1005
    2014-06-22 16:32 - 2014-04-26 09:51 - 00003364 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1005
    2014-06-22 16:32 - 2014-04-26 09:51 - 00003312 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1005
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (9).jar
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Downloads\Mineshafter-launcher (8).jar
    2014-06-22 13:28 - 2014-06-22 13:28 - 00369758 _____ () C:\Users\bend-_000\Desktop\Mineshafter-launcher (9).jar
    2014-06-21 20:17 - 2014-06-21 20:17 - 00000540 _____ () C:\Users\monthita\Documents\url.htm
    2014-06-21 20:03 - 2014-06-21 20:03 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
    2014-06-21 20:03 - 2014-06-21 20:03 - 00001190 _____ () C:\Users\Public\Desktop\PhotoStage Slideshow Producer.lnk
    2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Users\monthita\Documents\VideoPad Projects
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001278 _____ () C:\Users\Public\Desktop\NCH Software.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001154 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
    2014-06-21 20:02 - 2014-06-21 20:02 - 00001126 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
    2014-06-21 20:00 - 2014-06-21 20:00 - 05800504 _____ (NCH Software) C:\Users\monthita\Downloads\vppsetup.exe
    2014-06-21 19:53 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\HP Photo Creations
    2014-06-21 19:52 - 2014-06-21 19:51 - 122809576 _____ (Movavi) C:\Users\monthita\Downloads\MovaviVideoEditorSetup.exe
    2014-06-21 17:15 - 2014-04-21 16:41 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA00B3A8-1B10-44F2-98A8-8E3ECC58B58D}
    2014-06-21 17:06 - 2014-06-20 16:34 - 00000000 ____D () C:\Program Files (x86)\Yula
    2014-06-21 17:06 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
    2014-06-21 17:05 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-06-21 17:05 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-06-21 17:05 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\SystemSockets
    2014-06-21 17:05 - 2014-04-21 11:03 - 00000000 ____D () C:\Program Files\Bonjour
    2014-06-21 17:05 - 2014-04-21 11:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-06-21 17:05 - 2014-01-04 22:00 - 00000000 ____D () C:\Users\monthita\AppData\Local\Unity
    2014-06-21 17:05 - 2014-01-04 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPlanet Software Assistant
    2014-06-21 17:05 - 2014-01-04 21:41 - 00000000 ____D () C:\Program Files\SafeSearch
    2014-06-21 17:05 - 2014-01-04 21:41 - 00000000 ____D () C:\Program Files (x86)\SoftPlanet Software Assistant
    2014-06-21 17:05 - 2014-01-04 21:41 - 00000000 ____D () C:\Program Files (x86)\Minecraft
    2014-06-21 17:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-06-21 17:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-06-21 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-06-21 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
    2014-06-21 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-06-21 17:05 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
    2014-06-21 17:00 - 2014-01-06 12:41 - 00000000 ____D () C:\Users\monthita\AppData\Local\Facebook
    2014-06-21 17:00 - 2013-10-18 11:27 - 00000000 ____D () C:\Users\monthita\AppData\Local\Google
    2014-06-21 16:58 - 2013-10-18 11:27 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-06-21 12:45 - 2014-06-21 12:45 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (3).zip
    2014-06-21 12:44 - 2014-06-21 12:43 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (2).zip
    2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3.zip
    2014-06-21 12:42 - 2014-06-21 12:42 - 05127324 _____ () C:\Users\monthita\Downloads\Faithful_3 (1).zip
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\Users\monthita\Downloads\Driver Support
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
    2014-06-21 11:33 - 2014-06-21 11:33 - 00000000 ____D () C:\ProgramData\Driver Support
    2014-06-21 11:32 - 2014-06-21 11:32 - 00000000 ____D () C:\Program Files (x86)\Driver Support
    2014-06-20 16:25 - 2014-01-04 21:41 - 00000000 ____D () C:\Users\monthita\AppData\Local\SoftPlanet
    2014-06-17 19:25 - 2014-06-17 19:25 - 00000394 _____ () C:\Users\monthita\Downloads\rrrrrrr.txt
    2014-06-17 07:55 - 2014-01-19 15:37 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCF9724F-3AE1-4AFF-8497-F8C6BAD2F6FF}
    2014-06-17 06:51 - 2013-10-18 11:27 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-17 06:51 - 2013-10-18 11:27 - 00003650 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-17 06:11 - 2014-03-25 19:04 - 00000000 ____D () C:\Users\barbi_000\AppData\Local\CrashDumps
    2014-06-16 07:49 - 2014-02-14 19:33 - 00003342 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3474511871-1524528776-1052004353-1005
    2014-06-16 07:49 - 2014-02-14 19:33 - 00003290 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3474511871-1524528776-1052004353-1005
    2014-06-15 16:12 - 2014-06-15 16:12 - 00061902 _____ () C:\Users\monthita\Downloads\Eastbourne_Research..pptx
    2014-06-13 07:53 - 2014-06-13 07:53 - 00292864 _____ () C:\WINDOWS\Minidump\061314-22234-01.dmp
    2014-06-13 07:53 - 2014-05-12 17:23 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-06-13 07:53 - 2013-11-19 15:37 - 718183704 _____ () C:\WINDOWS\MEMORY.DMP
    2014-06-12 20:05 - 2014-06-12 20:05 - 00046376 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\netfilter64.sys
    2014-06-11 16:27 - 2013-08-22 15:44 - 00411192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-06-11 12:31 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-06-11 12:31 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-06-11 12:31 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-06-11 10:20 - 2014-01-28 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-11 10:10 - 2014-06-11 10:10 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
    2014-06-10 16:10 - 2014-06-03 15:15 - 00000000 ____D () C:\Users\monthita\AppData\Roaming\HpUpdate
    2014-06-04 16:06 - 2014-06-04 16:06 - 00135496 _____ () C:\Users\barbi_000\Desktop\VE  2.wve
    2014-06-03 16:08 - 2014-01-31 21:03 - 00000000 ____D () C:\ProgramData\TEMP
    2014-06-03 15:17 - 2014-06-03 15:12 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315 (1).exe
    2014-06-03 15:15 - 2014-06-03 15:15 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
    2014-06-03 15:15 - 2014-06-03 15:15 - 00002268 _____ () C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00002007 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00001200 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\ProgramData\Visan
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files\HP
    2014-06-03 15:15 - 2014-06-03 15:15 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
    2014-06-03 15:15 - 2014-06-03 15:00 - 00000000 ____D () C:\ProgramData\HP
    2014-06-03 15:14 - 2014-06-03 15:14 - 00000057 _____ () C:\ProgramData\Ament.ini
    2014-06-03 15:12 - 2014-06-03 15:08 - 65452952 _____ () C:\Users\monthita\Downloads\PS5520_1315.exe
    2014-06-03 15:06 - 2014-06-03 15:06 - 00000000 ____D () C:\Users\monthita\AppData\Local\HP
     
    Some content of TEMP:
    ====================
    C:\Users\monthita\AppData\Local\Temp\Quarantine.exe
    C:\Users\monthita\AppData\Local\Temp\System.Data.SQLite.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-07-02 07:21
     
    ==================== End Of Log ============================

    Attached Files



    #20 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 July 2014 - 04:50 AM

    Hi

     

    BearShare <-- Any form of File Sharing is dangerous, your downloading that file from an unknown source and not all but most contain malware of one form or another. Its like playing Russian Roulette malwarewise
     
    Driver Detective  <-- You should stay away from programs like this, if a driver needs to be updated you should go right to the manufacturer to get the latest and safest update
     
    Here is a fix using FRST, post the log from the fix and then run a new scan with FRST, there was so much to remove I may have missed an entry or two
     
     

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
     
    Start
    (Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3474511871-1524528776-1052004353-1001\User: Group Policy restriction detected <======= ATTENTION
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...dd-944a026cda73
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {05C12E4C-6291-43F6-8C07-BBD3B3EF5E18} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM - {15D811D6-979A-4DA0-9B21-A6E02AEABAEF} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {1B0AEC5F-9979-4A64-8A2F-8014547A8D26} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    SearchScopes: HKCU - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...dd-944a026cda73
    BHO-x32: PETN - {6918B055-65BB-46DF-A1EA-18728587BC31} - C:\Users\monthita\AppData\Local\TidyNetwork\petn.dll No File
    Toolbar: HKLM - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport.dll No File
    Toolbar: HKCU - FindWide Toolbar - {C82F7DC7-1240-4BA9-8ADF-6B1E5FA33E44} - C:\Program Files (x86)\TNT2\Profiles\10811\passport64.dll No File
    FF Plugin HKCU: avsoftware.org/safesearch - C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)
    FF Plugin HKCU: BearSharePlugin - C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    2014-06-22 17:03 - 2014-06-22 17:06 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk
    2014-06-22 17:03 - 2014-06-22 17:06 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk
    2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare
    2014-06-21 16:16 - 2014-06-30 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
    2014-06-21 08:05 - 2014-07-02 18:25 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC
    2014-06-20 16:34 - 2014-06-21 17:06 - 00000000 ____D () C:\Program Files (x86)\Yula
    2014-07-02 18:25 - 2014-06-21 08:05 - 00000000 ____D () C:\Users\monthita\AppData\Local\Weather_Warnings_LLC
    2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ProtectedSearch
    2014-07-02 15:51 - 2014-05-11 10:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Browser Updater
    2014-06-22 17:06 - 2014-06-22 17:03 - 00001052 _____ () C:\Users\monthita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk
    2014-06-22 17:06 - 2014-06-22 17:03 - 00001022 _____ () C:\Users\monthita\Desktop\BearShare.lnk
    2014-06-22 17:02 - 2014-06-22 17:02 - 00000000 ____D () C:\Users\monthita\AppData\Local\BearShare
    C:\Users\monthita\AppData\Local\Temp\Quarantine.exe
    FindWide.com (HKCU\...\{045D8031-346B-4281-8965-BC5DE407DBA8}) (Version:  - FindWide.com) <==== ATTENTION
    SafeSearch (HKLM\...\SafeSearch_is1) (Version: 0.9.2.0 - AVSoftware Ltd.)
    Task: {0FB53990-65C8-4D7A-9092-73FC3DC7C09E} - \APSnotifierPP3 No Task File <==== ATTENTION
    Task: {0FCE197E-6ADA-4BA9-A156-430B118A376A} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
    Task: {1A88BA37-0152-411E-85A7-27211B18F093} - \APSnotifierPP1 No Task File <==== ATTENTION
    Task: {24489230-9A0A-4FDE-B9B2-09853EDF99BF} - System32\Tasks\SSVerify => C:\Program Files\SafeSearch\se.exe [2013-03-09] ()
    Task: {2BB6E13F-500A-4CE7-96AD-8E1D9CDA7533} - \9e285c54-9c32-4c09-beef-692005cadfc1-5 No Task File <==== ATTENTION
    Task: {3302EA79-50CB-495D-9E1D-56FFAA342EBB} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {3FB17ED2-147D-4C8D-99EA-5546226526C7} - \MySearchDial No Task File <==== ATTENTION
    Task: {4014620C-0CEA-42CA-ACBC-BA198E5E0E8C} - \9e285c54-9c32-4c09-beef-692005cadfc1-1 No Task File <==== ATTENTION
    Task: {484CB181-334D-4D39-BBA3-2C4ABB75668A} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
    Task: {4BBB3624-80E0-48D2-BAD0-3F07531DF0A8} - \pricemeterwatcher No Task File <==== ATTENTION
    Task: {4D045BC2-B1B4-42E8-A174-4560976E5D46} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {6822AD0E-1146-4221-97B6-EA2A33C207FE} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
    Task: {8D7721C4-FDDA-40FD-9973-D06A173928EF} - \9e285c54-9c32-4c09-beef-692005cadfc1-4 No Task File <==== ATTENTION
    Task: {AF2A329E-4ED6-4318-BA94-37C855F94C56} - \pricemeterdownloader No Task File <==== ATTENTION
    Task: {B52CDFA5-8E7A-432B-8104-E31CB886C5B5} - \9e285c54-9c32-4c09-beef-692005cadfc1-2 No Task File <==== ATTENTION
    Task: {C45477F0-EE28-4EE4-B7A1-5A1AD68174A2} - \9e285c54-9c32-4c09-beef-692005cadfc1-6 No Task File <==== ATTENTION
    Task: {F8FAE1E5-4A6F-4FCA-98FE-BE22E7DCFB1B} - \APSnotifierPP2 No Task File <==== ATTENTION
    Task: {FF5EC95D-32ED-4ED0-9E25-B3B4935815E4} - \9e285c54-9c32-4c09-beef-692005cadfc1-7 No Task File <==== ATTENTION
    Hosts:
    End
     

     

     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #21 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 03 July 2014 - 06:21 AM

    thanks for reply, I will get onto that when I get home from school run in about 3 hours



    #22 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 July 2014 - 06:24 AM

    OK, forgot to mention when you run a new scan with FRST, be sure the check the addition box so I can see a new addition.txt as well


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #23 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 03 July 2014 - 08:58 AM

    hi

     

    ok here we go, thank you

    Attached Files



    #24 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 July 2014 - 09:27 AM

    I'll look this over in a bit, do you have the log from the fix


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #25 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 July 2014 - 09:54 AM

    It should be close to FRST/64 ....Fixlog.txt


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #26 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 July 2014 - 11:11 AM

    I am not sure you ran the fix correctly as both the new FRST/64 and Addition logs show nothing was removed.  If you have fixlist.txt on your desktop, delete it even if there are more than one, then go back to my reply for the fix and create a new fixlist.txt and make sure its saved right next to FRST/64 or the fix wont work.  Then open FRST/64 and just click on FIX


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #27 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 03 July 2014 - 11:35 PM

    hi

     

    sorry about that.  not sure why it was wrong.

     

    I hope this is ok. 

     

    thanks

    Attached Files



    #28 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 03 July 2014 - 11:47 PM

    hi

     

    I know what I did.  I pressed scan instead of fix - my bad.

     

    I forgot to run additions - do you want me to do another scan now so I can get the addition log?

     

     

    Attached Files



    #29 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,200 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 July 2014 - 03:33 AM

    Yes, please do,  want to make sure all we removed is gone


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #30 kunash

    kunash

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 04 July 2014 - 10:53 AM

    here is the frst and addition log

     

     

    thanks

    Attached Files


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users