Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by milenka21 (administrator) on MILENKA21-TOSH on 06-10-2013 16:26:35 Running from C:\Users\milenka21\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Systweak Inc., (www.systweak.com)) C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe (MyWebSearch.com) C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe () C:\Windows\system32\dmwu.exe () C:\Windows\SysWOW64\jmdp\stij.exe () C:\Windows\SysWOW64\jmdp\stij.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-05-09] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [289888 2013-07-11] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" [461856 2013-07-11] (AVAST Software) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKU\bioly1234\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) AppInit_DLLs: [0 ] () AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [ ] () Startup: C:\Users\bioly1234\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=120519&babsrc=HP_ss_gin2g&mntrId=B84900264DBF5C79 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80137 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80137 URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File URLSearchHook: (No Name) - {a24f3f59-1021-4e02-856c-99d9b4a03d83} - No File URLSearchHook: (No Name) - {796b75f6-6187-47e2-8f1f-c16e059e6e19} - No File URLSearchHook: (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=360&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=360&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {B2596224-EA6A-4CA0-BF1E-CA3C5BAF86E1} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm006YYGB&ptb=IHE1Sh5GIsiM5nqdO0SpRA&psa=&ind=2010112411&ptnrS=ZVxdm006YYGB&si=36602&st=sb&n=77cfe19b&searchfor={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=360&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2644243 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=B84900264DBF5C79 SearchScopes: HKCU - {1C5A6E89-53FD-4D25-9751-EB424C9F872D} URL = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms} SearchScopes: HKCU - {218D75C0-708E-4089-A9F4-094B1CC35F88} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {4A9E77AA-FF0F-4A0C-A864-C17C17C4AAB5} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm006YYGB&ptb=IHE1Sh5GIsiM5nqdO0SpRA&psa=&ind=2010112411&ptnrS=ZVxdm006YYGB&si=36602&st=sb&n=77cfe19b&searchfor={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=360&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2644243 SearchScopes: HKCU - {B2596224-EA6A-4CA0-BF1E-CA3C5BAF86E1} URL = SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80137&lng=en SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6OyM1vXySZ&i=26 BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC) BHO-x32: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - No File BHO-x32: Toolbar BHO - {285028f8-201e-4f8f-827b-7381fc181c3e} - No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Toolbar BHO - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - No File BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No File BHO-x32: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No File BHO-x32: Search Assistant BHO - {73b8e1fd-331f-4c17-8613-8a3034d3b0ca} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Search Assistant BHO - {d5e9b421-c309-41de-9014-800a2adcdeb0} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File Toolbar: HKLM-x32 - No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D2F11D8B-3EB5-4B42-9511-370DBEC707FB} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default FF user.js: detected! => C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\user.js FF SearchEngineOrder.1: Ask.com FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=406&sr=0&q= FF DefaultSearchEngine: Ask.com FF Homepage: user_pref("browser.startup.homepage", ); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @SoccerInferno.com/Plugin - C:\Program Files (x86)\SoccerInferno\bar\1.bin\NPj2Stub.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\askcomsearch.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\my-web-search.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\mywebsearch.xml FF SearchPlugin: C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF Extension: MapsGalaxy - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\39ffxtbr@MapsGalaxy_39.com FF Extension: AppGraffiti - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\AppGraffiti@AppGraffiti.com FF Extension: Babylon - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\ffxtlbr@babylon.com FF Extension: incredibar.com - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\ffxtlbr@incredibar.com FF Extension: No Name - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\inboxcomtoolbar@inbox.com FF Extension: SoccerInferno - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\j2ffxtbr@SoccerInferno.com FF Extension: My Web Search - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\m3ffxtbr@mywebsearch.com FF Extension: FilmFanatic - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\paffxtbr@FilmFanatic.com FF Extension: Vividas player plugin - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\player@vividas.com FF Extension: Searchqu Toolbar - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF Extension: No Name - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: No Name - C:\Users\milenka21\AppData\Roaming\Mozilla\Firefox\Profiles\m6vcdu8x.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.bin FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox\ FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox\ FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin FF HKLM-x32\...\Firefox\Extensions: [paffxtbr@FilmFanatic.com] - C:\Program Files (x86)\FilmFanatic\bar\1.bin FF Extension: FilmFanatic - C:\Program Files (x86)\FilmFanatic\bar\1.bin FF HKLM-x32\...\Firefox\Extensions: [j2ffxtbr@SoccerInferno.com] - C:\Program Files (x86)\SoccerInferno\bar\1.bin FF Extension: SoccerInferno - C:\Program Files (x86)\SoccerInferno\bar\1.bin FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HomePage: hxxp://mystart.incredibar.com/?a=6OyM1vXySZ&loc=skw CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/?a=6OyM1vXySZ&loc=skw" CHR DefaultSearchURL: (MyStart) - http://mystart.incredibar.com/?a=6OyM1vXySZ&loc=skw&search={searchTerms} CHR DefaultSuggestURL: (MyStart) - "suggest_url": "" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\SoccerInferno\bar\1.bin\NPj2Stub.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll () CHR Plugin: (Windows Live00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (FLV Runner) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\10.16.100.504_0 CHR Extension: (RealDownloader) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0 CHR Extension: (vshare plugin) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0 CHR Extension: (Skype Click to Call) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (SweetPacks Chrome Extension) - C:\Users\MILENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\milenka21\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch) R2 DSUDiskOptimizer; C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe [691040 2012-08-30] (Systweak Inc., (www.systweak.com)) R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] () R2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [28762 2010-11-24] (MyWebSearch.com) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () S4 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [639280 2012-07-19] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 16:25 - 2013-10-06 16:25 - 00000000 ____D C:\FRST 2013-10-06 16:23 - 2013-10-06 16:23 - 00377856 _____ C:\Users\milenka21\Downloads\sfwdm4vy.exe 2013-10-06 16:22 - 2013-10-06 16:23 - 00602112 _____ (OldTimer Tools) C:\Users\milenka21\Downloads\OTL.exe 2013-10-06 16:22 - 2013-10-06 16:22 - 01954124 _____ (Farbar) C:\Users\milenka21\Downloads\FRST64.exe 2013-10-05 05:59 - 2013-10-05 05:59 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-10-05 05:59 - 2013-10-05 05:59 - 00000000 ____D C:\Windows\system32\ljkb_old 2013-09-29 17:35 - 2013-09-29 20:08 - 00000168 _____ C:\Windows\setupact.log 2013-09-29 17:35 - 2013-09-29 17:35 - 00000000 _____ C:\Windows\setuperr.log 2013-09-29 16:59 - 2013-09-29 16:59 - 00000000 ____D C:\Users\milenka21\AppData\Local\Apps\2.0 2013-09-29 13:14 - 2013-09-29 13:14 - 00000000 ____D C:\Windows\pss 2013-09-21 22:49 - 2012-06-04 13:11 - 2771691520 _____ C:\Users\milenka21\Desktop\Act.of.Valor.2012.AC3.BRRip.720p.XViD.PL.Subbed - TaCa.avi 2013-09-17 20:53 - 2013-09-17 20:53 - 00617444 _____ C:\Users\milenka21\Downloads\zip 2013-09-13 23:16 - 2013-09-13 23:16 - 00003360 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-563923690-1430289891-1657166694-1000 2013-09-13 11:09 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 11:09 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 11:09 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 11:09 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 11:09 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 11:09 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 11:09 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 11:09 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-13 11:09 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-13 11:09 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-13 11:09 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 11:09 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-13 11:09 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-13 11:09 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-13 11:08 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 13:50 - 2013-09-12 13:50 - 00000000 ____D C:\Users\milenka21\Documents\OneNote Notebooks 2013-09-12 12:29 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 12:29 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-12 12:29 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-12 12:29 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-12 12:29 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 12:29 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 12:29 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-12 12:29 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-12 12:29 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-12 12:29 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-12 12:29 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-12 12:29 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-12 12:28 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 12:28 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-12 12:28 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-12 12:28 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 12:28 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 12:28 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-12 12:28 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-12 12:28 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-12 12:28 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-12 12:28 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 12:28 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 12:28 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 12:28 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 12:28 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-12 12:28 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-09 18:36 - 2013-09-09 18:36 - 00003160 _____ C:\Users\milenka21\Downloads\list.txt 2013-09-09 11:50 - 2013-09-09 11:50 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect 2013-09-07 21:32 - 2013-10-04 18:09 - 00002996 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_milenka21 2013-09-07 21:32 - 2013-10-04 18:09 - 00002992 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_milenka21 2013-09-07 21:32 - 2013-10-04 18:09 - 00000386 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_milenka21.job 2013-09-07 21:32 - 2013-10-04 18:09 - 00000382 _____ C:\Windows\Tasks\ReclaimerUpdateXML_milenka21.job 2013-09-07 21:32 - 2013-09-29 20:09 - 00000392 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_milenka21.job 2013-09-07 21:32 - 2013-09-07 21:33 - 00002700 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_milenka21 2013-09-07 21:32 - 2013-09-07 21:32 - 00003640 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_milenka21 2013-09-07 18:29 - 2013-09-07 18:29 - 02828552 _____ (AVAST Software) C:\Users\milenka21\Downloads\avast-browser-cleanup.exe ==================== One Month Modified Files and Folders ======= 2013-10-06 16:26 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:26 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:25 - 2013-10-06 16:25 - 00000000 ____D C:\FRST 2013-10-06 16:23 - 2013-10-06 16:23 - 00377856 _____ C:\Users\milenka21\Downloads\sfwdm4vy.exe 2013-10-06 16:23 - 2013-10-06 16:22 - 00602112 _____ (OldTimer Tools) C:\Users\milenka21\Downloads\OTL.exe 2013-10-06 16:22 - 2013-10-06 16:22 - 01954124 _____ (Farbar) C:\Users\milenka21\Downloads\FRST64.exe 2013-10-06 16:13 - 2010-08-18 18:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-06 16:11 - 2010-09-06 17:27 - 00000000 ___HD C:\Users\milenka21\AppData\Roaming\Skype 2013-10-05 05:59 - 2013-10-05 05:59 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-10-05 05:59 - 2013-10-05 05:59 - 00000000 ____D C:\Windows\system32\ljkb_old 2013-10-05 05:54 - 2012-08-24 19:17 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-05 05:54 - 2012-06-18 23:40 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-10-05 05:49 - 2013-01-30 14:33 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-10-05 05:48 - 2012-09-15 08:52 - 00000000 ____D C:\Windows\SysWOW64\WNLT 2013-10-04 18:21 - 2010-08-18 18:04 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E94306F1-C200-41E3-A7CD-364518272BDF} 2013-10-04 18:09 - 2013-09-07 21:32 - 00002996 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_milenka21 2013-10-04 18:09 - 2013-09-07 21:32 - 00002992 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_milenka21 2013-10-04 18:09 - 2013-09-07 21:32 - 00000386 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_milenka21.job 2013-10-04 18:09 - 2013-09-07 21:32 - 00000382 _____ C:\Windows\Tasks\ReclaimerUpdateXML_milenka21.job 2013-10-04 03:13 - 2010-08-18 18:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 20:09 - 2013-09-07 21:32 - 00000392 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_milenka21.job 2013-09-29 20:08 - 2013-09-29 17:35 - 00000168 _____ C:\Windows\setupact.log 2013-09-29 20:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-29 17:35 - 2013-09-29 17:35 - 00000000 _____ C:\Windows\setuperr.log 2013-09-29 17:26 - 2012-07-19 21:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-09-29 16:59 - 2013-09-29 16:59 - 00000000 ____D C:\Users\milenka21\AppData\Local\Apps\2.0 2013-09-29 16:47 - 2010-04-14 09:12 - 00000000 ____D C:\Program Files (x86)\Toshiba TEMPRO 2013-09-29 16:46 - 2010-04-14 09:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-29 16:41 - 2012-08-29 22:02 - 00079608 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2013-09-29 13:14 - 2013-09-29 13:14 - 00000000 ____D C:\Windows\pss 2013-09-29 13:14 - 2010-08-18 17:52 - 00000000 ___RD C:\Users\milenka21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 12:56 - 2011-03-07 23:33 - 00196608 _____ C:\Windows\system32\Ikeext.etl 2013-09-29 12:54 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\tracing 2013-09-27 22:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-26 03:42 - 2009-07-14 07:13 - 00735524 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-21 00:20 - 2011-08-29 17:17 - 00000000 ____D C:\New folder 2013-09-21 00:15 - 2012-06-11 19:40 - 00000000 ____D C:\Users\milenka21\AppData\Local\CrashDumps 2013-09-20 13:52 - 2011-06-30 20:43 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-17 20:53 - 2013-09-17 20:53 - 00617444 _____ C:\Users\milenka21\Downloads\zip 2013-09-17 15:39 - 2010-04-14 09:12 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-09-17 15:39 - 2010-04-14 09:12 - 00000000 ___HD C:\ProgramData\Skype 2013-09-15 14:21 - 2013-04-11 18:49 - 01762608 _____ C:\Windows\system32\dmwu.exe 2013-09-15 14:16 - 2013-01-30 14:33 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll 2013-09-13 23:16 - 2013-09-13 23:16 - 00003360 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-563923690-1430289891-1657166694-1000 2013-09-13 23:16 - 2013-04-06 15:06 - 00003234 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-563923690-1430289891-1657166694-1000 2013-09-13 23:15 - 2011-07-12 14:28 - 00000000 ____D C:\Program Files (x86)\SiteRanker 2013-09-13 23:14 - 2010-08-18 17:55 - 00000000 ___RD C:\Users\milenka21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-13 23:12 - 2009-07-14 06:45 - 00343552 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-13 11:08 - 2013-08-16 03:04 - 00000000 ____D C:\Windows\system32\MRT 2013-09-13 11:05 - 2011-04-15 00:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-13 11:04 - 2010-04-14 09:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-12 13:50 - 2013-09-12 13:50 - 00000000 ____D C:\Users\milenka21\Documents\OneNote Notebooks 2013-09-10 14:18 - 2010-04-14 09:07 - 00000000 ___HD C:\ProgramData\Adobe 2013-09-10 14:17 - 2010-08-18 18:03 - 00000000 ___HD C:\Users\milenka21\AppData\Roaming\Adobe 2013-09-09 18:36 - 2013-09-09 18:36 - 00003160 _____ C:\Users\milenka21\Downloads\list.txt 2013-09-09 13:17 - 2011-05-08 00:18 - 00000000 ____D C:\Users\milenka21\Desktop\Krystian 2013-09-09 11:50 - 2013-09-09 11:50 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect 2013-09-09 10:52 - 2012-09-15 08:52 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2013-09-09 10:52 - 2012-08-08 20:45 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2013-09-07 21:33 - 2013-09-07 21:32 - 00002700 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_milenka21 2013-09-07 21:32 - 2013-09-07 21:32 - 00003640 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_milenka21 2013-09-07 18:29 - 2013-09-07 18:29 - 02828552 _____ (AVAST Software) C:\Users\milenka21\Downloads\avast-browser-cleanup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-03 03:16 ==================== End Of Log ============================