Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01 Ran by Derek (administrator) on 09-07-2013 21:20:35 Running from C:\Users\Derek\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SqueezeSvr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe () C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] () HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [cAudioFilterAgent] - c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe [517176 2010-01-29] (Conexant Systems, Inc.) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET) HKLM\...\Winlogon: [userinit] C:\windows\system32\userinit.exe, Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios) HKCU\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [Google Update] - "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-27] (Google Inc.) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [TWebCamera] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk ShortcutTarget: Logitech Media Server Tray Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.) Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe () BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outlook.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://calendar.live.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {52068670-CB31-4545-8202-3088AB4B063C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms} SearchScopes: HKCU - {B69A12D0-7C4A-4ABD-A64C-325D4F89B887} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\searchplugins\dictionary.xml FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Ghostery - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\firefox@ghostery.com FF Extension: Email This! Bookmarklet Extension - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\gmailthis@lazyrussian.com FF Extension: Flagfox - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: Garmin Communicator - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Groowe Search Toolbar - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{268ad77e-cff8-42d7-b479-da60a7b93305} FF Extension: denggb - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\denggb@balandro.net.xpi FF Extension: smarterwiki - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR RestoreOnStartup: "https://mail.google.com/mail/ca/u/0/?shva=1#inbox", "https://www.google.com/calendar/render?tab=mc" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (WOT) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0 CHR Extension: (Atari - Millipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbollfhmapfgngdahcjdbicedcbkkge\1.0_0 CHR Extension: (Yet another flags) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.9.6_0 CHR Extension: (Gmail Offline) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0 CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.9_0 CHR Extension: (Atari - Centipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh\1.0_0 CHR Extension: (AdBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (FlashBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0 CHR Extension: (Atari - Yars' Revenge) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhhgcmlpojjmclpjbbhelmligedpgk\1.0_0 CHR Extension: (Atari - Asteroids) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkamaohjodmnhiehbogggcllkndklok\1.3_0 CHR Extension: (Cloud Reader) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0 CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\1.32_0 CHR Extension: (Atari - Tempest) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdjocancddgfnbhedkaefjdomdcaf\1.0_0 CHR Extension: (Frogger Classic) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnieegbgfhklagjjbacjiidjojeogd\1.1.1_0 CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0 CHR Extension: (Search Center) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\4.0.1_0 CHR Extension: (Glossy Blue) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0 CHR Extension: (ChromeReload) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (World Time Map) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgaenegbjiendodcdhkhgpipfebflhl\1.0.2_0 CHR Extension: (Atari - Missile Command) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg\1.0_0 CHR Extension: (Send from Gmail (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0 ==================== Services (Whitelisted) ================= R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) R2 squeezesvc; C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe [x] ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] () S3 STONEDRV; C:\Windows\System32\Drivers\stonedrv.sys [20656 2009-11-03] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST 2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe 2013-07-09 03:48 - 2013-07-09 03:51 - 00000000 ___SD C:\ComboFix 2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox 2013-07-09 03:48 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe 2013-07-09 03:48 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe 2013-07-09 03:48 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe 2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe 2013-07-08 17:27 - 2013-07-09 08:04 - 00000022 ____A C:\Windows\S.dirmngr 2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt 2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe 2013-07-08 14:37 - 2013-07-08 16:54 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT 2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe 2013-07-07 22:14 - 2013-07-07 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit 2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip 2013-07-07 22:08 - 2013-07-07 22:09 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk 2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer ) C:\Users\Derek\Downloads\erunt-setup.exe 2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-06 23:03 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-06 04:50 - 2013-07-09 20:55 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job 2013-07-06 04:50 - 2013-07-08 04:55 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job 2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk 2013-07-05 06:45 - 2013-07-09 20:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job 2013-07-03 20:43 - 2013-07-03 20:49 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log 2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk 2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip 2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player 2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe 2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip 2013-07-02 21:00 - 2013-07-02 21:22 - 00000000 ____D C:\Users\Derek\Downloads\Coins 2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini 2013-07-02 12:32 - 2009-05-25 19:14 - 00196608 ____N (brother) C:\Windows\SysWOW64\Pdrvinst.dll 2013-07-02 12:32 - 2008-10-23 00:00 - 00111928 ____N (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE 2013-07-02 12:32 - 2007-01-16 00:00 - 00024223 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\brlm03a.dll 2013-07-02 12:32 - 2006-12-21 11:23 - 00176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL 2013-07-02 12:32 - 2004-08-10 01:00 - 00000114 _____ C:\Windows\SysWOW64\brlmw03a.ini 2013-07-02 12:32 - 2004-08-10 00:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll 2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install 2013-07-02 12:29 - 2013-07-02 12:30 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE 2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs 2013-07-01 23:36 - 2013-07-02 00:37 - 00000000 ____D C:\ProgramData\Squeezebox 2013-07-01 23:36 - 2013-07-01 23:37 - 00000000 ____D C:\Program Files (x86)\Squeezebox 2013-07-01 23:35 - 2013-07-01 23:36 - 58564896 ____A (Logitech ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-30 00:02 - 2013-07-09 08:04 - 00036574 ____A C:\Windows\PFRO.log 2013-06-30 00:02 - 2013-07-09 08:04 - 00000784 ____A C:\Windows\setupact.log 2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log 2013-06-27 10:27 - 2013-06-30 03:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee 2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer 2013-06-24 08:10 - 2013-07-08 00:30 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job 2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog 2013-06-24 07:50 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc 2013-06-24 07:49 - 2013-06-24 08:29 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-06-24 07:49 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe 2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe 2013-06-19 21:21 - 2013-06-19 21:22 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv 2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET 2013-06-16 09:27 - 2013-06-16 09:40 - 00000000 ____D C:\Windows\pss 2013-06-15 02:01 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 02:01 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 02:01 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 02:01 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 02:01 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 02:02 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 02:02 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 02:02 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 02:02 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 02:02 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 02:02 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 23:02 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 23:01 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 23:01 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 23:01 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 23:01 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 23:01 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 23:01 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 23:01 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 23:01 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 23:01 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 23:01 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 23:01 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 23:01 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 23:01 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 23:01 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 23:01 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST 2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe 2013-07-09 21:14 - 2012-05-15 10:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-09 20:55 - 2013-07-06 04:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job 2013-07-09 20:50 - 2013-07-05 06:45 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job 2013-07-09 15:24 - 2010-06-23 22:49 - 01412335 ____A C:\Windows\WindowsUpdate.log 2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-09 12:31 - 2010-10-28 18:53 - 00000000 ____D C:\Users\Derek\AppData\Roaming\FileZilla 2013-07-09 08:05 - 2010-10-27 19:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-09 08:04 - 2013-07-08 17:27 - 00000022 ____A C:\Windows\S.dirmngr 2013-07-09 08:04 - 2013-06-30 00:02 - 00036574 ____A C:\Windows\PFRO.log 2013-07-09 08:04 - 2013-06-30 00:02 - 00000784 ____A C:\Windows\setupact.log 2013-07-09 08:04 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-09 03:51 - 2013-07-09 03:48 - 00000000 ___SD C:\ComboFix 2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox 2013-07-09 03:48 - 2012-05-13 13:53 - 00000000 ____D C:\Windows\ERDNT 2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe 2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt 2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe 2013-07-08 16:54 - 2013-07-08 14:37 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT 2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe 2013-07-08 04:55 - 2013-07-06 04:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job 2013-07-08 00:30 - 2013-06-24 08:10 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job 2013-07-07 22:51 - 2013-07-07 22:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit 2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip 2013-07-07 22:09 - 2013-07-07 22:08 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk 2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer ) C:\Users\Derek\Downloads\erunt-setup.exe 2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU 2013-07-06 23:46 - 2013-04-22 22:57 - 00000000 ____D C:\Users\Derek\AppData\Roaming\gnupg 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk 2013-07-03 21:46 - 2010-10-27 18:03 - 00000000 ____D C:\users\Derek 2013-07-03 20:49 - 2013-07-03 20:43 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log 2013-07-03 20:49 - 2009-07-13 19:34 - 77332480 ____A C:\Windows\System32\config\SOFTWARE_tureg_old 2013-07-03 20:49 - 2009-07-13 19:34 - 18874368 ____A C:\Windows\System32\config\SYSTEM_tureg_old 2013-07-03 20:49 - 2009-07-13 19:34 - 00028672 ____A C:\Windows\System32\config\SECURITY_tureg_old 2013-07-03 20:42 - 2009-07-13 19:34 - 00327680 ____A C:\Windows\System32\config\DEFAULT_tureg_old 2013-07-03 20:42 - 2009-07-13 19:34 - 00131072 ____A C:\Windows\System32\config\SAM_tureg_old 2013-07-03 20:29 - 2011-11-04 22:18 - 00000000 ____D C:\Registry Export 2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk 2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip 2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player 2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe 2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip 2013-07-02 21:22 - 2013-07-02 21:00 - 00000000 ____D C:\Users\Derek\Downloads\Coins 2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini 2013-07-02 12:31 - 2010-03-23 18:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install 2013-07-02 12:30 - 2013-07-02 12:29 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE 2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs 2013-07-02 00:37 - 2013-07-01 23:36 - 00000000 ____D C:\ProgramData\Squeezebox 2013-07-01 23:37 - 2013-07-01 23:36 - 00000000 ____D C:\Program Files (x86)\Squeezebox 2013-07-01 23:36 - 2013-07-01 23:35 - 58564896 ____A (Logitech ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-30 03:48 - 2013-06-27 10:27 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-30 03:48 - 2011-04-16 17:51 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-30 03:48 - 2010-03-23 18:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log 2013-06-29 16:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-27 18:50 - 2010-10-28 13:26 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Mozilla 2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\Apple Computer 2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee 2013-06-27 10:19 - 2010-03-23 18:09 - 00000000 ____D C:\ProgramData\Toshiba 2013-06-27 10:19 - 2010-03-23 18:06 - 00000000 ____D C:\Program Files\TOSHIBA 2013-06-27 09:59 - 2013-05-14 11:46 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-06-27 09:58 - 2012-11-26 21:36 - 00000000 ____D C:\Users\Derek\Downloads\Program Updates 2013-06-27 04:15 - 2012-08-01 20:52 - 00000000 ____D C:\Users\Derek\Documents\_NEW DIRECTORIES 2013-06-24 08:29 - 2013-06-24 07:49 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer 2013-06-24 08:12 - 2013-06-24 07:50 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc 2013-06-24 08:12 - 2013-06-24 07:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog 2013-06-24 07:58 - 2010-03-23 17:42 - 00000000 ____D C:\Windows\Panther 2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe 2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe 2013-06-19 21:22 - 2013-06-19 21:21 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv 2013-06-19 12:09 - 2011-12-30 09:32 - 00000263 ____A C:\Users\Derek\AppData\Roaming\Battery Meter_Settings.ini 2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET 2013-06-19 11:30 - 2013-06-06 00:16 - 00000000 ____D C:\ProgramData\AVAST Software 2013-06-19 04:17 - 2012-08-04 20:21 - 00000000 ____D C:\Users\Derek\Pictures2 2013-06-16 09:40 - 2013-06-16 09:27 - 00000000 ____D C:\Windows\pss 2013-06-12 05:14 - 2012-05-15 10:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 05:14 - 2011-08-27 18:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 03:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 02:03 - 2010-10-28 15:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 04:18 - 2012-08-04 21:28 - 00000000 ____D C:\Users\Derek\SerenityBay.com ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 01:36 ==================== End Of Log ============================ Addition.txt