Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01 Ran by Jon Guren (administrator) on JGUREN0712 on 08-01-2014 21:42:46 Running from C:\Users\Jon Guren\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-04-02] (LogMeIn, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKCU\...\Run: [Google Update] - C:\Users\Jon Guren\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-07-05] (Google Inc.) MountPoints2: {e2380284-ae5f-11e0-bb89-00023f226625} - E:\LaunchU3.exe -a MountPoints2: {f4201c8c-0a9a-11e1-b7ba-806e6f6e6963} - D:\Setup.exe HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\LogMeInRemoteUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\LogMeInRemoteUser.JGUREN0712\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () Startup: C:\Users\Jon Guren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\System32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Jon Guren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Google Update) - C:\Users\Jon Guren\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Jon Guren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR StartMenuInternet: Google Chrome - C:\Users\Jon Guren\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO) R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [127632 2013-01-22] (Kaspersky Lab ZAO) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-13] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-13] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-04-02] (LogMeIn, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [32088 2012-09-13] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644368 2013-01-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-11-23] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-11-16] (Kaspersky Lab ZAO) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-23] (LogMeIn, Inc.) S4 LMIRfsClientNP; No ImagePath U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94992 2013-01-11] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 21:42 - 2014-01-08 21:42 - 01931770 _____ (Farbar) C:\Users\Jon Guren\Downloads\FRST64.exe 2014-01-08 21:42 - 2014-01-08 21:42 - 00010296 _____ C:\Users\Jon Guren\Downloads\FRST.txt 2014-01-08 21:42 - 2014-01-08 21:42 - 00000000 ____D C:\FRST 2014-01-08 16:47 - 2014-01-08 16:46 - 00004852 _____ C:\Users\Jon Guren\Desktop\JRT.txt 2014-01-08 16:37 - 2014-01-08 16:37 - 00000000 ____D C:\Windows\ERUNT 2014-01-08 16:34 - 2014-01-08 16:34 - 01037068 _____ (Thisisu) C:\Users\Jon Guren\Downloads\JRT.exe 2014-01-08 14:21 - 2014-01-08 14:52 - 00011225 _____ C:\Users\Jon Guren\Documents\CEUINVOICEBook1.xlsx 2014-01-04 10:47 - 2014-01-04 10:47 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\YCanPDF 2014-01-04 10:46 - 2014-01-04 10:47 - 00000000 ____D C:\Program Files (x86)\UniPDF 2014-01-04 10:46 - 2014-01-04 10:46 - 00000983 _____ C:\Users\LogMeInRemoteUser.JGUREN0712\Desktop\UniPDF.lnk 2014-01-04 10:46 - 2014-01-04 10:46 - 00000983 _____ C:\Users\Jon Guren\Desktop\UniPDF.lnk 2014-01-04 10:46 - 2014-01-04 10:46 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniPDF 2014-01-04 10:43 - 2014-01-04 10:43 - 04342480 _____ C:\Users\Jon Guren\Downloads\unipdf-installer.zip 2014-01-03 22:46 - 2014-01-03 22:46 - 00000000 ____D C:\Program Files\HijackThis 2014-01-03 22:45 - 2014-01-03 22:45 - 00002994 _____ C:\Windows\System32\Tasks\{C6688C62-D725-47D1-B3EA-9052DDA6133B} 2014-01-02 13:53 - 2014-01-02 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-02 13:53 - 2014-01-02 13:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-02 13:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-02 12:45 - 2014-01-02 13:40 - 00000530 _____ C:\Windows\DtcInstall.log 2014-01-02 11:25 - 2014-01-07 17:18 - 00000000 ____D C:\AdwCleaner 2014-01-02 11:25 - 2014-01-02 11:24 - 01233962 _____ C:\Users\Jon Guren\Downloads\adwcleaner.exe 2014-01-01 18:12 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-01-01 18:12 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-01-01 18:12 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-01-01 18:12 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-01-01 18:10 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-01 18:10 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-01 18:10 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-01 18:10 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-01 18:10 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-01 18:10 - 2013-10-25 01:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-01 18:10 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-01 18:10 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-01 18:10 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-01 18:10 - 2013-10-24 23:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-01 18:10 - 2013-10-24 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-01 18:10 - 2013-10-24 22:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-01 18:10 - 2013-10-24 22:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-01 18:10 - 2013-10-24 21:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-01 18:00 - 2014-01-01 18:02 - 00000000 ____D C:\Windows\system32\MRT 2014-01-01 17:14 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-01 17:14 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-01 17:14 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-01-01 17:14 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-01-01 17:14 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-01-01 17:14 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-01-01 17:14 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-01-01 17:14 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-01-01 17:14 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-01 17:14 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-01 17:14 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-01 17:14 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-01 17:11 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-01 17:11 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-01 17:10 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-01 17:10 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-01 17:09 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-01 17:09 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-01 17:09 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-01 17:09 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-01 17:09 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-01 17:08 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-01 17:07 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-01 17:07 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-01 17:07 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-01 17:07 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-01 17:07 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-01-01 17:07 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2014-01-01 17:07 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-01 17:07 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-01 17:06 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-01-01 17:06 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-01-01 17:06 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-01 17:06 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-01 17:06 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-01 17:06 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-01 17:06 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-01 17:06 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-01 17:06 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-01 17:06 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-01 17:06 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-01 17:06 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-01 17:06 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-01 17:06 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-01 17:06 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-01-01 17:06 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-01 17:06 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-01-01 17:06 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-01-01 17:06 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-01 17:06 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-01 11:36 - 2014-01-01 11:36 - 00200780 _____ C:\Users\Jon Guren\AppData\Local\census.cache 2014-01-01 11:36 - 2014-01-01 11:36 - 00102956 _____ C:\Users\Jon Guren\AppData\Local\ars.cache 2014-01-01 10:47 - 2012-06-05 02:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys 2014-01-01 10:41 - 2014-01-01 10:41 - 00000036 _____ C:\Users\Jon Guren\AppData\Local\housecall.guid.cache 2013-12-31 18:40 - 2013-12-31 18:40 - 00000389 _____ C:\Users\Jon Guren\Desktop\FREE Games.url 2013-12-31 17:15 - 2013-12-31 17:15 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies 2013-12-31 17:13 - 2013-12-31 18:40 - 00000200 _____ C:\Windows\wininit.ini 2013-12-31 16:43 - 2013-12-31 16:44 - 05130273 _____ C:\Users\Jon Guren\Downloads\cdr.zip 2013-12-31 14:22 - 2013-12-31 14:26 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\Nero 2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ___HD C:\Windows\PIF 2013-12-26 11:09 - 2013-12-26 11:09 - 00457606 _____ C:\Users\Jon Guren\Downloads\Old Country, The Chord Chart.htm 2013-12-26 11:01 - 2013-12-26 11:01 - 00000000 _____ C:\Users\Jon Guren\Downloads\download.htm 2013-12-23 15:25 - 2013-12-23 15:25 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-19 16:32 - 2013-12-19 16:32 - 00127488 _____ C:\Users\Jon Guren\Downloads\saceu - Site Introduction (1).ppt 2013-12-19 16:31 - 2013-12-19 16:31 - 00127488 _____ C:\Users\Jon Guren\Downloads\saceu - Site Introduction.ppt 2013-12-18 16:41 - 2014-01-08 16:19 - 00000000 ____D C:\Users\Jon Guren\Documents\CEU 2013-12-09 16:33 - 2013-12-09 16:32 - 00739648 _____ (SlimWare Utilities, Inc.) C:\Users\Jon Guren\Downloads\DriverUpdate-setup.exe ==================== One Month Modified Files and Folders ======= 2014-01-08 21:42 - 2014-01-08 21:42 - 01931770 _____ (Farbar) C:\Users\Jon Guren\Downloads\FRST64.exe 2014-01-08 21:42 - 2014-01-08 21:42 - 00010296 _____ C:\Users\Jon Guren\Downloads\FRST.txt 2014-01-08 21:42 - 2014-01-08 21:42 - 00000000 ____D C:\FRST 2014-01-08 21:21 - 2013-02-12 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2014-01-08 20:58 - 2012-07-05 15:30 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222413103-211547994-1546449017-1001UA.job 2014-01-08 20:55 - 2012-07-05 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-08 19:58 - 2012-07-05 15:30 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-222413103-211547994-1546449017-1001Core.job 2014-01-08 19:12 - 2011-11-09 01:25 - 01216104 _____ C:\Windows\WindowsUpdate.log 2014-01-08 17:05 - 2012-07-05 15:11 - 00000000 ____D C:\Users\Jon Guren\Documents\MARY'Smisc 2014-01-08 16:46 - 2014-01-08 16:47 - 00004852 _____ C:\Users\Jon Guren\Desktop\JRT.txt 2014-01-08 16:37 - 2014-01-08 16:37 - 00000000 ____D C:\Windows\ERUNT 2014-01-08 16:34 - 2014-01-08 16:34 - 01037068 _____ (Thisisu) C:\Users\Jon Guren\Downloads\JRT.exe 2014-01-08 16:19 - 2013-12-18 16:41 - 00000000 ____D C:\Users\Jon Guren\Documents\CEU 2014-01-08 14:52 - 2014-01-08 14:21 - 00011225 _____ C:\Users\Jon Guren\Documents\CEUINVOICEBook1.xlsx 2014-01-08 12:10 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-08 12:10 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-08 12:07 - 2009-07-14 00:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 12:03 - 2012-07-05 15:58 - 00000000 ____D C:\ProgramData\LogMeIn 2014-01-08 12:02 - 2013-02-12 14:39 - 00016856 _____ C:\Windows\setupact.log 2014-01-08 12:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 17:18 - 2014-01-02 11:25 - 00000000 ____D C:\AdwCleaner 2014-01-04 10:47 - 2014-01-04 10:47 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\YCanPDF 2014-01-04 10:47 - 2014-01-04 10:46 - 00000000 ____D C:\Program Files (x86)\UniPDF 2014-01-04 10:46 - 2014-01-04 10:46 - 00000983 _____ C:\Users\LogMeInRemoteUser.JGUREN0712\Desktop\UniPDF.lnk 2014-01-04 10:46 - 2014-01-04 10:46 - 00000983 _____ C:\Users\Jon Guren\Desktop\UniPDF.lnk 2014-01-04 10:46 - 2014-01-04 10:46 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniPDF 2014-01-04 10:43 - 2014-01-04 10:43 - 04342480 _____ C:\Users\Jon Guren\Downloads\unipdf-installer.zip 2014-01-03 22:46 - 2014-01-03 22:46 - 00000000 ____D C:\Program Files\HijackThis 2014-01-03 22:45 - 2014-01-03 22:45 - 00002994 _____ C:\Windows\System32\Tasks\{C6688C62-D725-47D1-B3EA-9052DDA6133B} 2014-01-03 22:35 - 2013-02-12 14:39 - 00028128 _____ C:\Windows\PFRO.log 2014-01-03 15:24 - 2012-12-11 17:03 - 00000000 ____D C:\Users\Jon Guren\Documents\JON'S LETTERS 2014-01-03 15:11 - 2012-07-05 15:14 - 00000000 ____D C:\Users\Jon Guren\AppData\Local\VirtualStore 2014-01-02 18:01 - 2012-07-05 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-02 13:53 - 2014-01-02 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-02 13:53 - 2014-01-02 13:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-02 13:40 - 2014-01-02 12:45 - 00000530 _____ C:\Windows\DtcInstall.log 2014-01-02 12:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2014-01-02 11:24 - 2014-01-02 11:25 - 01233962 _____ C:\Users\Jon Guren\Downloads\adwcleaner.exe 2014-01-01 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2014-01-01 21:32 - 2012-07-05 15:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-01 21:32 - 2012-07-05 15:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2014-01-01 21:32 - 2009-07-13 23:45 - 00343352 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-01 18:02 - 2014-01-01 18:00 - 00000000 ____D C:\Windows\system32\MRT 2014-01-01 11:36 - 2014-01-01 11:36 - 00200780 _____ C:\Users\Jon Guren\AppData\Local\census.cache 2014-01-01 11:36 - 2014-01-01 11:36 - 00102956 _____ C:\Users\Jon Guren\AppData\Local\ars.cache 2014-01-01 10:41 - 2014-01-01 10:41 - 00000036 _____ C:\Users\Jon Guren\AppData\Local\housecall.guid.cache 2013-12-31 19:21 - 2012-07-05 15:10 - 00000000 ____D C:\Users\Jon Guren 2013-12-31 19:10 - 2012-10-19 21:27 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\PowerCinema 2013-12-31 19:10 - 2012-07-06 11:08 - 00000000 ____D C:\Users\LogMeInRemoteUser.JGUREN0712 2013-12-31 19:10 - 2012-07-05 15:14 - 00000000 ____D C:\Users\Jon Guren\AppData\Local\PowerCinema 2013-12-31 19:10 - 2012-07-05 15:11 - 00000000 ___RD C:\Users\Jon Guren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-31 19:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-31 19:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-12-31 19:09 - 2011-07-20 07:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-31 19:08 - 2012-07-05 13:14 - 00000000 __RHD C:\MSOCache 2013-12-31 18:40 - 2013-12-31 18:40 - 00000389 _____ C:\Users\Jon Guren\Desktop\FREE Games.url 2013-12-31 18:40 - 2013-12-31 17:13 - 00000200 _____ C:\Windows\wininit.ini 2013-12-31 17:15 - 2013-12-31 17:15 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies 2013-12-31 16:44 - 2013-12-31 16:43 - 05130273 _____ C:\Users\Jon Guren\Downloads\cdr.zip 2013-12-31 14:26 - 2013-12-31 14:22 - 00000000 ____D C:\Users\Jon Guren\AppData\Roaming\Nero 2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ___HD C:\Windows\PIF 2013-12-26 11:09 - 2013-12-26 11:09 - 00457606 _____ C:\Users\Jon Guren\Downloads\Old Country, The Chord Chart.htm 2013-12-26 11:01 - 2013-12-26 11:01 - 00000000 _____ C:\Users\Jon Guren\Downloads\download.htm 2013-12-23 15:31 - 2012-07-05 15:11 - 00000000 ____D C:\Users\Jon Guren\AppData\Local\Adobe 2013-12-23 15:25 - 2013-12-23 15:25 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-12-23 15:25 - 2011-07-20 07:17 - 00000000 ____D C:\ProgramData\Adobe 2013-12-23 15:25 - 2011-07-20 07:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-19 16:32 - 2013-12-19 16:32 - 00127488 _____ C:\Users\Jon Guren\Downloads\saceu - Site Introduction (1).ppt 2013-12-19 16:31 - 2013-12-19 16:31 - 00127488 _____ C:\Users\Jon Guren\Downloads\saceu - Site Introduction.ppt 2013-12-13 12:18 - 2012-07-06 11:06 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2013-12-13 12:17 - 2012-07-06 11:06 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2013-12-13 12:17 - 2012-07-06 11:06 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2013-12-13 12:17 - 2012-07-06 11:06 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2013-12-10 20:56 - 2012-07-05 15:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-10 20:56 - 2012-07-05 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-10 20:56 - 2011-07-20 07:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-09 16:32 - 2013-12-09 16:33 - 00739648 _____ (SlimWare Utilities, Inc.) C:\Users\Jon Guren\Downloads\DriverUpdate-setup.exe Some content of TEMP: ==================== C:\Users\Jon Guren\AppData\Local\Temp\EE63.exe C:\Users\Jon Guren\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 13:51 ==================== End Of Log ============================