Win7 computer with suspiciously high network usage

[MadameHardy]

I just found out we'd exceeded our (very high) Internet data cap.  I started installing Internet usage checkers on our computers,  and found that one was using far more data than it should (it's unused most of the day.)  I Googled and found Malwarebytes, ran Process Explorer, and found that the computer's having two running instances of csrss.exe wasn't good.

 

Herewith the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by Elizabeth (administrator) on ELIZABETH-PC on 15-06-2014 19:21:44

Running from C:\Users\Elizabeth\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe

(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe

(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe

(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\Procexp\procexp.exe

(Sysinternals - www.sysinternals.com) C:\Users\Elizabeth\AppData\Local\Temp\procexp64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(OldTimer Tools) C:\Users\Elizabeth\Downloads\OTL.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-21] (Microsoft Corporation)

HKU\S-1-5-21-1674408116-3729613793-3804784409-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Elizabeth\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f94c2ef0443247d3a0c0d16f6bccd0f4-8ef3814ccf598f88d202c4ef86d692c3e0fa97ec /CMPID=1113a

HKU\S-1-5-21-1674408116-3729613793-3804784409-1000\...\Run: [sugarSync] => C:\Program Files (x86)\SugarSync\SugarSync.exe [13119328 2014-05-06] (SugarSync, Inc.)

HKU\S-1-5-21-1674408116-3729613793-3804784409-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe [67904 2014-03-05] (MediaMall Technologies, Inc.)

HKU\S-1-5-21-1674408116-3729613793-3804784409-1000\...\Run: [GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

HKU\S-1-5-21-1674408116-3729613793-3804784409-1000\...\Run: [62CF4B14FAA12E534B4ED8B0C8F7755415803ECD._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk

ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk

ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk

ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6822DBB640E6CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={9F6D5DA2-67A9-49B9-A5FE-CAC77D8A26DA}&mid=f94c2ef0443247d3a0c0d16f6bccd0f4-8ef3814ccf598f88d202c4ef86d692c3e0fa97ec〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-22 09:21:04&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}

BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: hxxp://my.yahoo.com/

CHR StartupUrls: "hxxp://mail.google.com/"

CHR Extension: (Google Translate) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-11-22]

CHR Extension: (Text URL Linker) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd [2013-11-22]

CHR Extension: (Duolingo) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-11-22]

CHR Extension: (Angry Birds) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-22]

CHR Extension: (Google Docs) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-22]

CHR Extension: (Google Drive) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-22]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]

CHR Extension: (YouTube) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-22]

CHR Extension: (Webmail Ad Blocker) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2013-11-22]

CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2014-04-28]

CHR Extension: (Remember The Milk) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2013-11-22]

CHR Extension: (Google Search) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-22]

CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-04]

CHR Extension: (Timer) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2013-11-22]

CHR Extension: (Chromebleed) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-13]

CHR Extension: (Camera) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabandfpdnfaojfnelmcgcplhbecchpn [2014-04-13]

CHR Extension: (XKit) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-04-02]

CHR Extension: (MagicScroll eBook Reader) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-11-22]

CHR Extension: (AdBlock) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-22]

CHR Extension: (Hola Better Internet) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-22]

CHR Extension: (Pin It Button) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-03-26]

CHR Extension: (TinEye Reverse Image Search) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-11]

CHR Extension: (Don't Starve) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2013-11-22]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-02-28]

CHR Extension: (PlayOn) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj [2014-02-12]

CHR Extension: (Evernote Web) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-11-22]

CHR Extension: (Google Maps) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-22]

CHR Extension: (Window Close Protector) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-11-22]

CHR Extension: (Ghostery) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-22]

CHR Extension: (Google Play Books) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-11-22]

CHR Extension: (Extensions Update Notifier) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-01-17]

CHR Extension: (Google Wallet) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]

CHR Extension: (Tumblr Savior) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-12-15]

CHR Extension: (Modern New Tab Page) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogllliimbhgmclkgjldeffhjbhaenapo [2014-04-13]

CHR Extension: (Twitter Preview URLs) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijgblonhcagdhfbgjilnpjipmijimmn [2014-01-21]

CHR Extension: (Send from Gmail (by Google)) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-11-22]

CHR Extension: (Gmail) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-22]

CHR HKLM-x32\...\Chrome\Extension: [ienaefcpghbmccojmklhdffdobkbencj] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-01-03]

 

==================== Services (Whitelisted) =================

 

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-10] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()

R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)

S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5425968 2014-03-05] (MediaMall Technologies, Inc.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

R3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [114176 2013-07-22] (ASIX Electronics Corp.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider) [File not signed]

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)

R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-06] ()

R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-15 19:21 - 2014-06-15 19:22 - 00017204 _____ () C:\Users\Elizabeth\Downloads\FRST.txt

2014-06-15 19:21 - 2014-06-15 19:21 - 02081280 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe

2014-06-15 19:21 - 2014-06-15 19:21 - 00000000 ____D () C:\FRST

2014-06-15 19:05 - 2014-06-15 19:05 - 00052736 _____ () C:\Users\Elizabeth\Downloads\Extras.Txt

2014-06-15 19:04 - 2014-06-15 19:04 - 00095254 _____ () C:\Users\Elizabeth\Downloads\OTL.Txt

2014-06-15 18:54 - 2014-06-15 18:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-15 18:54 - 2014-06-15 18:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-15 18:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-15 18:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-15 18:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-15 18:53 - 2014-06-15 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-15 18:50 - 2014-06-15 18:50 - 00380416 _____ () C:\Users\Elizabeth\Downloads\8frw3bx8.exe

2014-06-15 18:49 - 2014-06-15 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Elizabeth\Downloads\OTL.exe

2014-06-15 18:34 - 2014-06-15 19:21 - 00000000 ____D () C:\ProgramData\Bitmeter2

2014-06-15 18:34 - 2014-06-15 18:52 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Bitmeter2

2014-06-15 18:34 - 2014-06-15 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter

2014-06-15 18:34 - 2014-06-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Codebox

2014-06-15 18:33 - 2014-06-15 18:33 - 01360256 _____ () C:\Users\Elizabeth\Downloads\BitMeter2.zip

2014-06-15 18:25 - 2014-06-15 18:25 - 00372376 _____ (AddGadgets.com) C:\Users\Elizabeth\Downloads\NetworkMeterVersion96.exe

2014-06-14 15:00 - 2014-06-14 15:00 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e08.hannibal.torrent

2014-06-14 15:00 - 2014-06-14 15:00 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e07.hannibal.torrent

2014-06-14 14:59 - 2014-06-14 14:59 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e06.hannibal.torrent

2014-06-14 14:59 - 2014-06-14 14:59 - 00019327 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e05.hannibal.torrent

2014-06-13 21:09 - 2014-06-13 21:09 - 00020930 _____ () C:\Users\Elizabeth\Downloads\Mock the Week s13e01.hannibal.torrent

2014-06-11 01:37 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-11 01:37 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 01:37 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-11 01:37 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-11 01:37 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-11 01:37 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-11 01:37 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 01:37 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-11 01:37 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-11 01:37 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-11 01:37 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-11 01:37 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-11 01:37 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-11 01:37 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-11 01:37 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-11 01:37 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-11 01:37 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-11 01:37 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-11 01:37 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-11 01:37 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-11 01:37 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-11 01:37 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-11 01:37 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-11 01:37 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 01:37 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-11 01:37 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 01:37 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-11 01:37 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 01:37 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 01:37 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 01:37 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 01:37 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 01:37 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-11 01:37 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-11 01:37 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-11 01:37 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-11 01:37 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-11 01:36 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-11 01:36 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-11 01:36 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-11 01:36 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-11 01:36 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-11 01:36 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-11 01:36 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-11 01:36 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-11 01:36 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-11 01:36 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 01:36 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-11 01:36 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-11 01:36 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-11 01:36 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-11 01:36 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-11 01:36 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-11 01:36 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-11 01:36 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-11 01:36 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-11 01:36 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-11 01:36 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-11 01:36 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-11 01:36 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-11 01:36 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-11 01:36 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-11 01:36 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-11 01:36 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-11 01:36 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-11 01:36 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-11 01:34 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-11 01:34 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-10 21:05 - 2014-06-10 21:05 - 00000373 _____ () C:\Users\Elizabeth\Documents\googleprob.txt

2014-06-08 20:10 - 2014-06-08 20:10 - 00019487 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e04.hannibal.torrent

2014-06-08 20:09 - 2014-06-08 20:09 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e03.hannibal.torrent

2014-06-08 20:09 - 2014-06-08 20:09 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e03.hannibal (1).torrent

2014-06-08 13:03 - 2014-06-08 13:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-06-08 13:03 - 2014-06-08 13:03 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-06-08 13:03 - 2014-06-08 13:03 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-06-08 13:03 - 2014-06-08 13:03 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-06-08 13:03 - 2014-06-08 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-06-08 13:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-06-08 13:02 - 2014-06-08 13:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-06-08 13:01 - 2014-06-08 13:02 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Elizabeth\Downloads\spybot-2.3.exe

2014-06-07 17:17 - 2014-06-07 17:17 - 00000000 ____D () C:\Program Files (x86)\Comodo

2014-06-01 13:02 - 2014-06-01 13:02 - 00019720 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e09.hannibal.torrent

2014-06-01 13:01 - 2014-06-01 13:01 - 00019600 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e08.hannibal.torrent

2014-05-30 22:03 - 2014-05-30 22:03 - 00031638 _____ () C:\Users\Elizabeth\Downloads\A Very British Murder with Lucy Worsley - Series 1 (2013) [PDTV (XviD)][sUBS].torrent

2014-05-30 20:37 - 2014-05-30 20:37 - 00021007 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e01.hannibal.torrent

2014-05-30 20:37 - 2014-05-30 20:37 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e02.hannibal.torrent

2014-05-30 20:36 - 2014-05-30 20:36 - 00021642 _____ () C:\Users\Elizabeth\Downloads\Only Connect - series 7 (2013) [PDTV(XviD)].torrent

2014-05-28 19:58 - 2014-05-28 19:58 - 00020252 _____ () C:\Users\Elizabeth\Downloads\The Duchess of Malfi.HD.hannibal.torrent

2014-05-28 19:55 - 2014-05-28 19:59 - 243283968 _____ () C:\Users\Elizabeth\Downloads\IC219.avi

2014-05-28 19:54 - 2014-05-28 19:58 - 243746816 _____ () C:\Users\Elizabeth\Downloads\IC217.avi

2014-05-27 20:43 - 2014-05-27 20:45 - 329862086 _____ () C:\Users\Elizabeth\Downloads\IC215.avi

2014-05-27 20:38 - 2014-05-27 20:40 - 243292160 _____ () C:\Users\Elizabeth\Downloads\IC216.avi

2014-05-27 20:37 - 2014-05-27 20:39 - 244226048 _____ () C:\Users\Elizabeth\Downloads\IC110.avi

2014-05-23 20:57 - 2014-05-23 20:57 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e05.hannibal.torrent

2014-05-23 20:57 - 2014-05-23 20:57 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e04.hannibal.torrent

2014-05-23 20:56 - 2014-05-23 20:56 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e03.hannibal.torrent

2014-05-23 20:56 - 2014-05-23 20:56 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e02.hannibal.torrent

2014-05-23 20:15 - 2014-05-23 20:15 - 00019727 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e01.hannibal.torrent

2014-05-21 19:59 - 2014-05-21 19:59 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\NVIDIA

2014-05-21 19:51 - 2014-05-26 20:19 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\avidemux

2014-05-21 19:51 - 2014-05-21 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64bits)

2014-05-21 19:51 - 2014-05-21 19:51 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits

2014-05-21 19:41 - 2014-05-21 19:43 - 16456460 _____ () C:\Users\Elizabeth\Downloads\avidemux_2.6.8_win64_v2.exe

2014-05-21 19:40 - 2014-05-21 19:42 - 242352128 _____ () C:\Users\Elizabeth\Downloads\IC308.avi

2014-05-21 19:36 - 2014-05-21 19:39 - 243767296 _____ () C:\Users\Elizabeth\Downloads\IC618.avi

2014-05-21 19:33 - 2014-05-21 19:33 - 00001621 _____ () C:\Users\Elizabeth\Desktop\DivX Movies.lnk

2014-05-21 19:33 - 2014-05-21 19:33 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk

2014-05-21 19:32 - 2014-05-21 19:33 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\DivX

2014-05-21 19:32 - 2014-05-21 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-05-21 19:32 - 2014-05-21 19:32 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk

2014-05-21 19:32 - 2014-05-21 19:32 - 00000000 ____D () C:\Program Files\DivX

2014-05-21 19:31 - 2014-05-21 19:33 - 00000000 ____D () C:\ProgramData\DivX

2014-05-21 19:31 - 2014-05-21 19:33 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-05-21 19:31 - 2014-05-21 19:31 - 01001280 _____ (DivX, LLC) C:\Users\Elizabeth\Downloads\DivXWebPlayerInstaller.exe

2014-05-21 19:30 - 2014-05-21 19:37 - 243724288 _____ () C:\Users\Elizabeth\Downloads\IC329.avi

2014-05-19 10:14 - 2014-05-19 10:14 - 00015521 _____ () C:\Users\Elizabeth\Downloads\Peaky Blinders s01e01.hannibal.mkv.torrent

2014-05-16 20:42 - 2014-05-16 20:42 - 00019840 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e07.hannibal.torrent

2014-05-16 01:32 - 2014-05-16 01:32 - 00289728 _____ () C:\Windows\Minidump\051614-21044-01.dmp

2014-05-16 01:29 - 2014-05-16 01:29 - 00289728 _____ () C:\Windows\Minidump\051614-22994-01.dmp

2014-05-16 01:28 - 2014-05-16 01:28 - 00000000 _____ () C:\Users\Elizabeth\AppData\Local\{0696DE3E-19AF-4D80-8B57-CEB9D467074D}

2014-05-16 01:27 - 2014-05-16 01:27 - 00291792 _____ () C:\Windows\Minidump\051614-27003-01.dmp

 

==================== One Month Modified Files and Folders =======

 

2014-06-15 19:22 - 2014-06-15 19:21 - 00017204 _____ () C:\Users\Elizabeth\Downloads\FRST.txt

2014-06-15 19:22 - 2013-11-20 12:23 - 00000000 ____D () C:\Users\Elizabeth\AppData\Local\Temp

2014-06-15 19:21 - 2014-06-15 19:21 - 02081280 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe

2014-06-15 19:21 - 2014-06-15 19:21 - 00000000 ____D () C:\FRST

2014-06-15 19:21 - 2014-06-15 18:34 - 00000000 ____D () C:\ProgramData\Bitmeter2

2014-06-15 19:18 - 2014-05-04 20:14 - 01442529 _____ () C:\Windows\system32\Drivers\sfi.dat

2014-06-15 19:06 - 2013-11-22 13:33 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-15 19:05 - 2014-06-15 19:05 - 00052736 _____ () C:\Users\Elizabeth\Downloads\Extras.Txt

2014-06-15 19:04 - 2014-06-15 19:04 - 00095254 _____ () C:\Users\Elizabeth\Downloads\OTL.Txt

2014-06-15 18:54 - 2014-06-15 18:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-15 18:54 - 2014-06-15 18:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-15 18:54 - 2014-06-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-15 18:53 - 2014-06-15 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-15 18:52 - 2014-06-15 18:34 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Bitmeter2

2014-06-15 18:50 - 2014-06-15 18:50 - 00380416 _____ () C:\Users\Elizabeth\Downloads\8frw3bx8.exe

2014-06-15 18:49 - 2014-06-15 18:49 - 00602112 _____ (OldTimer Tools) C:\Users\Elizabeth\Downloads\OTL.exe

2014-06-15 18:34 - 2014-06-15 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter

2014-06-15 18:34 - 2014-06-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Codebox

2014-06-15 18:34 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-15 18:33 - 2014-06-15 18:33 - 01360256 _____ () C:\Users\Elizabeth\Downloads\BitMeter2.zip

2014-06-15 18:33 - 2010-08-28 13:59 - 01378637 _____ () C:\Users\Elizabeth\Downloads\BitMeterInstaller.exe

2014-06-15 18:25 - 2014-06-15 18:25 - 00372376 _____ (AddGadgets.com) C:\Users\Elizabeth\Downloads\NetworkMeterVersion96.exe

2014-06-15 17:35 - 2013-11-20 11:06 - 01595351 _____ () C:\Windows\WindowsUpdate.log

2014-06-15 17:29 - 2013-11-22 13:40 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Azureus

2014-06-15 17:10 - 2009-07-13 21:45 - 00019136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-15 17:10 - 2009-07-13 21:45 - 00019136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-15 17:06 - 2013-11-22 13:33 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-15 16:58 - 2013-11-21 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-15 16:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-15 16:58 - 2009-07-13 21:51 - 00021837 _____ () C:\Windows\setupact.log

2014-06-15 16:57 - 2013-11-29 13:00 - 00000000 ____D () C:\ProgramData\MediaMall

2014-06-15 16:49 - 2013-11-20 14:56 - 00237152 _____ () C:\Windows\PFRO.log

2014-06-14 15:00 - 2014-06-14 15:00 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e08.hannibal.torrent

2014-06-14 15:00 - 2014-06-14 15:00 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e07.hannibal.torrent

2014-06-14 14:59 - 2014-06-14 14:59 - 00019334 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e06.hannibal.torrent

2014-06-14 14:59 - 2014-06-14 14:59 - 00019327 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e05.hannibal.torrent

2014-06-13 21:09 - 2014-06-13 21:09 - 00020930 _____ () C:\Users\Elizabeth\Downloads\Mock the Week s13e01.hannibal.torrent

2014-06-12 21:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-06-12 20:29 - 2013-11-22 19:51 - 00000000 ____D () C:\Users\Elizabeth\AppData\Local\SugarSync

2014-06-12 02:36 - 2014-05-04 20:12 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk

2014-06-12 02:36 - 2014-05-04 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

2014-06-11 09:09 - 2013-11-22 13:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-06-11 03:05 - 2013-11-20 13:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 03:03 - 2013-11-20 13:04 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-11 03:00 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-06-10 21:05 - 2014-06-10 21:05 - 00000373 _____ () C:\Users\Elizabeth\Documents\googleprob.txt

2014-06-08 20:10 - 2014-06-08 20:10 - 00019487 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e04.hannibal.torrent

2014-06-08 20:09 - 2014-06-08 20:09 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e03.hannibal.torrent

2014-06-08 20:09 - 2014-06-08 20:09 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e03.hannibal (1).torrent

2014-06-08 13:08 - 2014-06-08 13:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-06-08 13:05 - 2014-06-08 13:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-06-08 13:03 - 2014-06-08 13:03 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-06-08 13:03 - 2014-06-08 13:03 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-06-08 13:03 - 2014-06-08 13:03 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-06-08 13:03 - 2014-06-08 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-06-08 13:02 - 2014-06-08 13:01 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Elizabeth\Downloads\spybot-2.3.exe

2014-06-08 02:13 - 2014-06-11 01:34 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-08 02:08 - 2014-06-11 01:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-07 17:19 - 2014-05-04 20:14 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll

2014-06-07 17:19 - 2014-05-04 20:11 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll

2014-06-07 17:17 - 2014-06-07 17:17 - 00000000 ____D () C:\Program Files (x86)\Comodo

2014-06-01 13:02 - 2014-06-01 13:02 - 00019720 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e09.hannibal.torrent

2014-06-01 13:01 - 2014-06-01 13:01 - 00019600 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e08.hannibal.torrent

2014-05-30 22:03 - 2014-05-30 22:03 - 00031638 _____ () C:\Users\Elizabeth\Downloads\A Very British Murder with Lucy Worsley - Series 1 (2013) [PDTV (XviD)][sUBS].torrent

2014-05-30 20:37 - 2014-05-30 20:37 - 00021007 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e01.hannibal.torrent

2014-05-30 20:37 - 2014-05-30 20:37 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s08e02.hannibal.torrent

2014-05-30 20:36 - 2014-05-30 20:36 - 00021642 _____ () C:\Users\Elizabeth\Downloads\Only Connect - series 7 (2013) [PDTV(XviD)].torrent

2014-05-30 03:21 - 2014-06-11 01:36 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-30 03:02 - 2014-06-11 01:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-30 03:02 - 2014-06-11 01:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-05-30 02:45 - 2014-06-11 01:36 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-30 02:39 - 2014-06-11 01:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-30 02:39 - 2014-06-11 01:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-30 02:38 - 2014-06-11 01:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-05-30 02:28 - 2014-06-11 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-30 02:27 - 2014-06-11 01:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-30 02:24 - 2014-06-11 01:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-30 02:21 - 2014-06-11 01:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-05-30 02:21 - 2014-06-11 01:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-30 02:20 - 2014-06-11 01:36 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-30 02:18 - 2014-06-11 01:37 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 02:11 - 2014-06-11 01:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-05-30 02:08 - 2014-06-11 01:36 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-30 02:06 - 2014-06-11 01:37 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-30 02:02 - 2014-06-11 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-30 01:55 - 2014-06-11 01:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-05-30 01:49 - 2014-06-11 01:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-30 01:46 - 2014-06-11 01:36 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-30 01:44 - 2014-06-11 01:36 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-30 01:44 - 2014-06-11 01:36 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-30 01:43 - 2014-06-11 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 01:42 - 2014-06-11 01:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-05-30 01:38 - 2014-06-11 01:37 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 01:35 - 2014-06-11 01:36 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-30 01:34 - 2014-06-11 01:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-30 01:33 - 2014-06-11 01:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-30 01:30 - 2014-06-11 01:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-30 01:29 - 2014-06-11 01:37 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-30 01:28 - 2014-06-11 01:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-30 01:27 - 2014-06-11 01:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 01:24 - 2014-06-11 01:36 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-05-30 01:23 - 2014-06-11 01:36 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-30 01:16 - 2014-06-11 01:37 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 01:10 - 2014-06-11 01:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-05-30 01:06 - 2014-06-11 01:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-30 01:04 - 2014-06-11 01:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 01:02 - 2014-06-11 01:37 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-30 00:56 - 2014-06-11 01:36 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-30 00:56 - 2014-06-11 01:36 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-30 00:54 - 2014-06-11 01:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-30 00:50 - 2014-06-11 01:36 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-05-30 00:49 - 2014-06-11 01:37 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-30 00:43 - 2014-06-11 01:36 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-30 00:40 - 2014-06-11 01:36 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-30 00:30 - 2014-06-11 01:37 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-30 00:21 - 2014-06-11 01:36 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-30 00:15 - 2014-06-11 01:37 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-30 00:13 - 2014-06-11 01:36 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-30 00:13 - 2014-06-11 01:36 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-28 19:59 - 2014-05-28 19:55 - 243283968 _____ () C:\Users\Elizabeth\Downloads\IC219.avi

2014-05-28 19:58 - 2014-05-28 19:58 - 00020252 _____ () C:\Users\Elizabeth\Downloads\The Duchess of Malfi.HD.hannibal.torrent

2014-05-28 19:58 - 2014-05-28 19:54 - 243746816 _____ () C:\Users\Elizabeth\Downloads\IC217.avi

2014-05-27 20:45 - 2014-05-27 20:43 - 329862086 _____ () C:\Users\Elizabeth\Downloads\IC215.avi

2014-05-27 20:40 - 2014-05-27 20:38 - 243292160 _____ () C:\Users\Elizabeth\Downloads\IC216.avi

2014-05-27 20:39 - 2014-05-27 20:37 - 244226048 _____ () C:\Users\Elizabeth\Downloads\IC110.avi

2014-05-26 20:19 - 2014-05-21 19:51 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\avidemux

2014-05-23 20:57 - 2014-05-23 20:57 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e05.hannibal.torrent

2014-05-23 20:57 - 2014-05-23 20:57 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e04.hannibal.torrent

2014-05-23 20:56 - 2014-05-23 20:56 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e03.hannibal.torrent

2014-05-23 20:56 - 2014-05-23 20:56 - 00019567 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e02.hannibal.torrent

2014-05-23 20:15 - 2014-05-23 20:15 - 00019727 _____ () C:\Users\Elizabeth\Downloads\Only Connect s09e01.hannibal.torrent

2014-05-21 19:59 - 2014-05-21 19:59 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\NVIDIA

2014-05-21 19:51 - 2014-05-21 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64bits)

2014-05-21 19:51 - 2014-05-21 19:51 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits

2014-05-21 19:43 - 2014-05-21 19:41 - 16456460 _____ () C:\Users\Elizabeth\Downloads\avidemux_2.6.8_win64_v2.exe

2014-05-21 19:42 - 2014-05-21 19:40 - 242352128 _____ () C:\Users\Elizabeth\Downloads\IC308.avi

2014-05-21 19:39 - 2014-05-21 19:36 - 243767296 _____ () C:\Users\Elizabeth\Downloads\IC618.avi

2014-05-21 19:37 - 2014-05-21 19:30 - 243724288 _____ () C:\Users\Elizabeth\Downloads\IC329.avi

2014-05-21 19:33 - 2014-05-21 19:33 - 00001621 _____ () C:\Users\Elizabeth\Desktop\DivX Movies.lnk

2014-05-21 19:33 - 2014-05-21 19:33 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk

2014-05-21 19:33 - 2014-05-21 19:32 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\DivX

2014-05-21 19:33 - 2014-05-21 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-05-21 19:33 - 2014-05-21 19:31 - 00000000 ____D () C:\ProgramData\DivX

2014-05-21 19:33 - 2014-05-21 19:31 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-05-21 19:32 - 2014-05-21 19:32 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk

2014-05-21 19:32 - 2014-05-21 19:32 - 00000000 ____D () C:\Program Files\DivX

2014-05-21 19:31 - 2014-05-21 19:31 - 01001280 _____ (DivX, LLC) C:\Users\Elizabeth\Downloads\DivXWebPlayerInstaller.exe

2014-05-19 10:14 - 2014-05-19 10:14 - 00015521 _____ () C:\Users\Elizabeth\Downloads\Peaky Blinders s01e01.hannibal.mkv.torrent

2014-05-16 20:42 - 2014-05-16 20:42 - 00019840 _____ () C:\Users\Elizabeth\Downloads\Have I Got News For You s47e07.hannibal.torrent

2014-05-16 01:32 - 2014-05-16 01:32 - 00289728 _____ () C:\Windows\Minidump\051614-21044-01.dmp

2014-05-16 01:32 - 2013-11-20 11:03 - 457800814 _____ () C:\Windows\MEMORY.DMP

2014-05-16 01:32 - 2013-11-20 11:03 - 00000000 ____D () C:\Windows\Minidump

2014-05-16 01:29 - 2014-05-16 01:29 - 00289728 _____ () C:\Windows\Minidump\051614-22994-01.dmp

2014-05-16 01:28 - 2014-05-16 01:28 - 00000000 _____ () C:\Users\Elizabeth\AppData\Local\{0696DE3E-19AF-4D80-8B57-CEB9D467074D}

2014-05-16 01:27 - 2014-05-16 01:27 - 00291792 _____ () C:\Windows\Minidump\051614-27003-01.dmp

 

Some content of TEMP:

====================

C:\Users\Elizabeth\AppData\Local\Temp\i4jdel0.exe

C:\Users\Elizabeth\AppData\Local\Temp\procexp64.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-06-08 00:40

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by Elizabeth at 2014-06-15 19:22:32

Running from C:\Users\Elizabeth\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

 

==================== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.7 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )

BitMeter (HKLM-x32\...\BitMeter) (Version:  - )

Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )

COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)

GeekBuddy (HKLM\...\{3FFD7EE1-7D2D-4F57-ADF7-914CE0CAC616}) (Version: 4.13.104 - Comodo Security Solutions Inc)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden

PlayLater (HKLM-x32\...\{5ABDB125-7725-40B6-A1E3-B7D8BFFAA303}) (Version: 1.4.15 - MediaMall Technologies, Inc.)

PlayOn (HKLM-x32\...\{9489257A-CED5-45E7-8D16-7B20A2E48744}) (Version: 3.8.14 - MediaMall Technologies, Inc.)

ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden

ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L30 - PFU)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)

SugarSync (HKLM-x32\...\SugarSync) (Version: 2.0.46.127183 - SugarSync, Inc.)

TP-LINK TL-WDN3200 Driver (HKLM-x32\...\{C0C6BCBC-0884-4C66-B5EF-0B7668FE2B10}) (Version: 1.1.0 - TP-LINK)

TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.1.0 - TP-LINK)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)

 

==================== Restore Points  =========================

 

Could not list Restore Points. Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {10BAFF3E-ADA7-43E9-887F-1E01814BECAE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {16B1E1E2-F6E5-4D63-B77D-F2477BF7CA4E} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {1CAC9922-FA1A-41EC-BD5C-74AF661B3A58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {6978169E-B576-442D-AC70-E8E29EB148F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {85240FD8-3568-418A-A29F-B04ED39BFFC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {9E01E993-01F3-455E-89B9-2C1922DD028E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)

Task: {A7D96285-F4C3-4DD0-8CE3-D40A2B81BEAD} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {B4853E33-2F02-4CB8-BFD4-14578B5FBF43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)

Task: {DFD6C514-934E-4B91-8E50-31F5272B9061} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-11-15 19:07 - 2014-05-06 11:03 - 00301920 _____ () C:\Program Files (x86)\SugarSync\x64\SugarSyncVFSNamespace64.dll

2013-12-30 14:45 - 2012-02-23 12:09 - 00838656 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Users\Elizabeth\Downloads\avg_remover_stf_x64_2014_4116.exe:BDU

AlternateDataStreams: C:\Users\Elizabeth\Downloads\cav_installer.exe:BDU

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/04/2014 02:34:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume SugarSync Drive was not defragmented because an error was encountered: Incorrect function. (0x80070001)

 

Error: (06/01/2014 05:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000223e0

Faulting process id: 0x1950

Faulting application start time: 0xGoogleUpdate.exe0

Faulting application path: GoogleUpdate.exe1

Faulting module path: GoogleUpdate.exe2

Report Id: GoogleUpdate.exe3

 

Error: (05/28/2014 08:20:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: dragon_updater.exe, version: 0.0.0.0, time stamp: 0x535051dd

Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f

Exception code: 0xc0000005

Fault offset: 0x00039342

Faulting process id: 0x71c

Faulting application start time: 0xdragon_updater.exe0

Faulting application path: dragon_updater.exe1

Faulting module path: dragon_updater.exe2

Report Id: dragon_updater.exe3

 

Error: (05/28/2014 02:58:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume SugarSync Drive was not defragmented because an error was encountered: Incorrect function. (0x80070001)

 

Error: (05/26/2014 05:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000223e0

Faulting process id: 0x3310

Faulting application start time: 0xGoogleUpdate.exe0

Faulting application path: GoogleUpdate.exe1

Faulting module path: GoogleUpdate.exe2

Report Id: GoogleUpdate.exe3

 

Error: (05/23/2014 05:14:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000223e0

Faulting process id: 0x2d28

Faulting application start time: 0xGoogleUpdate.exe0

Faulting application path: GoogleUpdate.exe1

Faulting module path: GoogleUpdate.exe2

Report Id: GoogleUpdate.exe3

 

Error: (05/22/2014 05:12:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x0002ff47

Faulting process id: 0x1618

Faulting application start time: 0xGoogleUpdate.exe0

Faulting application path: GoogleUpdate.exe1

Faulting module path: GoogleUpdate.exe2

Report Id: GoogleUpdate.exe3

 

Error: (05/21/2014 07:33:08 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/21/2014 07:32:44 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (05/21/2014 03:29:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume SugarSync Drive was not defragmented because an error was encountered: Incorrect function. (0x80070001)

 

 

System errors:

=============

Error: (06/15/2014 04:59:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (06/15/2014 04:59:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MediaMall Server service to connect.

 

Error: (06/15/2014 04:50:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (06/15/2014 04:50:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 

%%1053

 

Error: (06/15/2014 04:50:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

 

Error: (06/11/2014 03:26:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (06/11/2014 03:25:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1053

 

Error: (06/11/2014 03:25:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

Error: (06/11/2014 03:25:49 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (06/10/2014 09:09:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

 

Microsoft Office Sessions:

=========================

Error: (06/04/2014 02:34:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: SugarSync DriveIncorrect function. (0x80070001)

 

Error: (06/01/2014 05:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0195001cf7df66fa1b850C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll9be8c830-e9ea-11e3-a3d9-0000000000a9

 

Error: (05/28/2014 08:20:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: dragon_updater.exe0.0.0.0535051ddole32.dll6.1.7601.175144ce7b96fc00000050003934271c01cf70e1628fb760C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exeC:\Windows\syswow64\ole32.dll2a2075c0-e6e0-11e3-a3d9-0000000000a9

 

Error: (05/28/2014 02:58:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: SugarSync DriveIncorrect function. (0x80070001)

 

Error: (05/26/2014 05:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0331001cf793f7124ee60C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll9f533f60-e534-11e3-a3d9-0000000000a9

 

Error: (05/23/2014 05:14:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e02d2801cf76e3f1c643b0C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll6400bc70-e2d8-11e3-a3d9-0000000000a9

 

Error: (05/22/2014 05:12:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c00000050002ff47161801cf761ac75e5870C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlldf728250-e20e-11e3-a3d9-0000000000a9

 

Error: (05/21/2014 07:33:08 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll

 

Error: (05/21/2014 07:32:44 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

 

Error: (05/21/2014 03:29:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: SugarSync DriveIncorrect function. (0x80070001)

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 56%

Total physical RAM: 3838.55 MB

Available physical RAM: 1663.7 MB

Total Pagefile: 7675.28 MB

Available Pagefile: 4617.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:501.46 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6FE17F47)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

Note:  I uninstalled Vuze after I got to the end of the instructions and saw the warning.  There are now no (or should be no) peer-to-peer apps running.

 

[gringo_pr]

Hello

Sorry for the delay and would like to know if you still need our help

Gringo

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!