Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Kristiana (administrator) on KRISTIANA-PC on 16-09-2014 20:32:52
Running from C:\Users\Kristiana\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [155752 2010-11-12] (Acer Corp.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4151687038-3744135737-2022761113-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4151687038-3744135737-2022761113-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-4151687038-3744135737-2022761113-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Kristiana\AppData\Roaming\Mozilla\Firefox\Profiles\ztoolbhx.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [
e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-12]
Chrome:
=======
CHR HomePage: Default -> B45FFB178FCBA38138F6ACAF922F7D14B948EEE69E38810764AD0306CB14599F
CHR DefaultSearchKeyword: Default -> E9E650F35F44ADE7A74095E8D6DA56A75492B9AAECDFFB0EFA0AAB3EB98A41C0
CHR DefaultSearchProvider: Default -> A07CD349145D269883A55BBECCB1A1E17D951497BBF2D8900844BD791862B0D7
CHR DefaultSearchURL: Default -> F521C3CD106A16CDAA2C0EEA3C420D912AF2A1922E55F9F81A9570421C127B20
CHR Profile: C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-16]
CHR Extension: (Google Docs) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-16]
CHR Extension: (Google Search) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-16]
CHR Extension: (Google Sheets) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Kristiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-24] () [File not signed]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-12] (Belcarra Technologies) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-09-07] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-07-08] (MediaMall Technologies, Inc.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8204904 2011-07-05] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-16 20:32 - 2014-09-16 20:33 - 00018517 _____ () C:\Users\Kristiana\Downloads\FRST.txt
2014-09-16 20:32 - 2014-09-16 20:32 - 02105856 _____ (Farbar) C:\Users\Kristiana\Downloads\FRST64.exe
2014-09-16 20:32 - 2014-09-16 20:32 - 00000000 ____D () C:\FRST
2014-09-16 20:31 - 2014-09-16 20:31 - 01097728 _____ (Farbar) C:\Users\Kristiana\Downloads\FRST.exe
2014-09-16 20:31 - 2014-09-16 20:31 - 00002091 _____ () C:\Users\Kristiana\Desktop\JRT.txt
2014-09-16 20:26 - 2014-09-16 20:26 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 20:25 - 2014-09-16 20:25 - 01016035 _____ (Thisisu) C:\Users\Kristiana\Downloads\JRT.exe
2014-09-16 20:14 - 2014-09-16 20:15 - 00026826 _____ () C:\Users\Kristiana\Downloads\Download (1).zip
2014-09-16 20:14 - 2014-09-16 20:14 - 00013471 _____ () C:\Users\Kristiana\Downloads\Download.zip
2014-09-16 20:14 - 2014-09-16 20:14 - 00010349 _____ () C:\Users\Kristiana\Downloads\EX+A-2.xlsx
2014-09-16 20:13 - 2014-09-16 20:13 - 00011151 _____ () C:\Users\Kristiana\Downloads\EX+A-1.xlsx
2014-09-16 20:13 - 2014-09-16 20:13 - 00009033 _____ () C:\Users\Kristiana\Downloads\EX+A-4.xlsx
2014-09-16 20:12 - 2014-09-16 20:12 - 00000000 ____D () C:\Users\Kristiana\Documents\School
2014-09-16 19:30 - 2014-09-16 20:21 - 00000000 ____D () C:\AdwCleaner
2014-09-16 19:29 - 2014-09-16 19:29 - 01373475 _____ () C:\Users\Kristiana\Downloads\adwcleaner_3.310.exe
2014-09-13 12:36 - 2014-09-13 12:36 - 00032922 _____ () C:\ComboFix.txt
2014-09-13 12:21 - 2014-09-13 12:21 - 05577449 ____R (Swearware) C:\Users\Kristiana\Downloads\ComboFix.exe
2014-09-11 22:09 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 22:09 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 22:09 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 22:09 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 22:09 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 22:09 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 22:09 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 22:09 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 22:09 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 22:09 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 22:09 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 22:09 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 22:09 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 22:09 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 22:09 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 22:09 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 22:09 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 22:09 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 22:09 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 22:09 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 22:09 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 22:09 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 22:09 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 22:09 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 22:09 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 22:09 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 22:09 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 22:09 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 22:09 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 22:09 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 22:09 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 22:09 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 22:09 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 22:09 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 22:09 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 22:09 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 22:09 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 22:09 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 22:09 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 22:09 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 22:09 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 22:09 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 22:09 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 22:09 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 22:09 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 22:09 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 22:09 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 22:09 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 22:09 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 22:09 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 22:09 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 22:09 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 22:09 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 22:09 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 22:09 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 22:09 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 21:58 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 21:58 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 20:11 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 20:11 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 20:11 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 20:11 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 20:11 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 20:11 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 20:11 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 20:11 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 20:11 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 18:36 - 2014-09-10 18:36 - 04859480 _____ () C:\Users\Kristiana\Downloads\RogueKiller.exe
2014-09-09 23:20 - 2014-09-09 23:19 - 00025080 _____ () C:\Users\Kristiana\Desktop\dds.txt
2014-09-09 16:44 - 2014-09-09 16:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-09 16:42 - 2014-09-09 16:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kristiana\Downloads\tdsskiller.exe
2014-09-09 10:19 - 2014-09-09 10:19 - 00688992 ____R (Swearware) C:\Users\Kristiana\Desktop\dds.com
2014-09-09 10:19 - 2014-09-09 10:19 - 00688992 _____ (Swearware) C:\Users\Kristiana\Downloads\dds.com
2014-09-08 19:47 - 2014-09-09 23:20 - 00020130 _____ () C:\Users\Kristiana\Desktop\attach.txt
2014-09-08 18:11 - 2014-09-08 18:11 - 00001245 _____ () C:\Users\Kristiana\Desktop\malware scan.txt
2014-09-07 23:45 - 2014-09-07 23:46 - 05185536 _____ (AVAST Software) C:\Users\Kristiana\Desktop\aswMBR.exe
2014-09-07 21:44 - 2014-09-11 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 21:43 - 2014-09-11 08:23 - 00000000 ____D () C:\Users\Kristiana\Desktop\mbar
2014-09-07 21:33 - 2014-09-07 21:33 - 00005586 _____ () C:\Users\Kristiana\Documents\RKreport_DEL_09072014_213229.log
2014-09-07 20:48 - 2014-09-10 18:36 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-07 20:48 - 2014-09-07 20:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-31 09:58 - 2014-08-31 09:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-08-31 09:58 - 2014-08-31 09:58 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-31 09:58 - 2014-08-31 09:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-31 09:18 - 2014-08-31 09:18 - 00000000 ____D () C:\Windows\pss
2014-08-27 19:00 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:00 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 19:00 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:59 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 19:59 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 19:59 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 19:59 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 19:57 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 19:57 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-20 19:57 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 19:57 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-20 19:57 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 19:57 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-20 19:56 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 19:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-20 19:56 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 19:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 20:08 - 2014-08-19 20:08 - 00280488 _____ () C:\Windows\Minidump\081914-109185-01.dmp
2014-08-18 22:54 - 2014-08-18 22:54 - 00280488 _____ () C:\Windows\Minidump\081814-45177-01.dmp
2014-08-18 09:44 - 2014-08-18 09:44 - 00280488 _____ () C:\Windows\Minidump\081814-42884-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-16 20:33 - 2014-09-16 20:32 - 00018517 _____ () C:\Users\Kristiana\Downloads\FRST.txt
2014-09-16 20:32 - 2014-09-16 20:32 - 02105856 _____ (Farbar) C:\Users\Kristiana\Downloads\FRST64.exe
2014-09-16 20:32 - 2014-09-16 20:32 - 00000000 ____D () C:\FRST
2014-09-16 20:32 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:32 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 20:31 - 2014-09-16 20:31 - 01097728 _____ (Farbar) C:\Users\Kristiana\Downloads\FRST.exe
2014-09-16 20:31 - 2014-09-16 20:31 - 00002091 _____ () C:\Users\Kristiana\Desktop\JRT.txt
2014-09-16 20:31 - 2014-08-08 11:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 20:30 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 20:28 - 2011-11-08 01:43 - 01420574 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 20:27 - 2013-11-05 16:14 - 00000000 ____D () C:\ProgramData\Big Fish
2014-09-16 20:26 - 2014-09-16 20:26 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 20:25 - 2014-09-16 20:25 - 01016035 _____ (Thisisu) C:\Users\Kristiana\Downloads\JRT.exe
2014-09-16 20:23 - 2012-06-01 20:54 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 20:23 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 20:23 - 2009-07-13 21:51 - 00143953 _____ () C:\Windows\setupact.log
2014-09-16 20:22 - 2013-02-01 08:05 - 00000000 ____D () C:\Users\Jordyn\AppData\Local\AVG SafeGuard toolbar
2014-09-16 20:22 - 2013-01-30 19:38 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\AVG SafeGuard toolbar
2014-09-16 20:22 - 2010-11-20 20:47 - 00570610 _____ () C:\Windows\PFRO.log
2014-09-16 20:21 - 2014-09-16 19:30 - 00000000 ____D () C:\AdwCleaner
2014-09-16 20:21 - 2013-08-27 10:21 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {22687012-65A6-4BFD-8886-DD80F0F664D7}.job
2014-09-16 20:21 - 2013-08-27 10:21 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {22687012-65A6-4BFD-8886-DD80F0F664D7}.job
2014-09-16 20:18 - 2013-08-27 10:18 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {2D083A89-14E8-437E-B716-4622F5B1E5DF}.job
2014-09-16 20:18 - 2013-08-27 10:18 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {2D083A89-14E8-437E-B716-4622F5B1E5DF}.job
2014-09-16 20:15 - 2014-09-16 20:14 - 00026826 _____ () C:\Users\Kristiana\Downloads\Download (1).zip
2014-09-16 20:14 - 2014-09-16 20:14 - 00013471 _____ () C:\Users\Kristiana\Downloads\Download.zip
2014-09-16 20:14 - 2014-09-16 20:14 - 00010349 _____ () C:\Users\Kristiana\Downloads\EX+A-2.xlsx
2014-09-16 20:13 - 2014-09-16 20:13 - 00011151 _____ () C:\Users\Kristiana\Downloads\EX+A-1.xlsx
2014-09-16 20:13 - 2014-09-16 20:13 - 00009033 _____ () C:\Users\Kristiana\Downloads\EX+A-4.xlsx
2014-09-16 20:12 - 2014-09-16 20:12 - 00000000 ____D () C:\Users\Kristiana\Documents\School
2014-09-16 20:06 - 2012-06-01 20:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 19:48 - 2014-08-15 19:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 19:29 - 2014-09-16 19:29 - 01373475 _____ () C:\Users\Kristiana\Downloads\adwcleaner_3.310.exe
2014-09-16 19:14 - 2012-03-03 18:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-13 12:36 - 2014-09-13 12:36 - 00032922 _____ () C:\ComboFix.txt
2014-09-13 12:36 - 2014-06-25 16:14 - 00000000 ____D () C:\Qoobox
2014-09-13 12:35 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-13 12:21 - 2014-09-13 12:21 - 05577449 ____R (Swearware) C:\Users\Kristiana\Downloads\ComboFix.exe
2014-09-13 02:00 - 2014-08-15 11:45 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\Adobe
2014-09-12 12:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 22:08 - 2012-07-29 10:20 - 00775522 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 22:07 - 2013-08-14 18:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 21:59 - 2013-02-25 19:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 17:52 - 2013-09-11 16:51 - 00000000 ____D () C:\Users\Jordyn\AppData\Roaming\SoftGrid Client
2014-09-11 08:23 - 2014-09-07 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-11 08:23 - 2014-09-07 21:43 - 00000000 ____D () C:\Users\Kristiana\Desktop\mbar
2014-09-10 18:36 - 2014-09-10 18:36 - 04859480 _____ () C:\Users\Kristiana\Downloads\RogueKiller.exe
2014-09-10 18:36 - 2014-09-07 20:48 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-09 23:20 - 2014-09-08 19:47 - 00020130 _____ () C:\Users\Kristiana\Desktop\attach.txt
2014-09-09 23:19 - 2014-09-09 23:20 - 00025080 _____ () C:\Users\Kristiana\Desktop\dds.txt
2014-09-09 19:31 - 2014-08-08 11:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 19:31 - 2014-08-08 11:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 19:31 - 2014-08-08 11:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 16:46 - 2009-07-13 22:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 16:44 - 2014-09-09 16:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-09 16:43 - 2014-09-09 16:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kristiana\Downloads\tdsskiller.exe
2014-09-09 10:19 - 2014-09-09 10:19 - 00688992 ____R (Swearware) C:\Users\Kristiana\Desktop\dds.com
2014-09-09 10:19 - 2014-09-09 10:19 - 00688992 _____ (Swearware) C:\Users\Kristiana\Downloads\dds.com
2014-09-09 10:12 - 2012-01-22 22:19 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\CrashDumps
2014-09-08 18:11 - 2014-09-08 18:11 - 00001245 _____ () C:\Users\Kristiana\Desktop\malware scan.txt
2014-09-07 23:46 - 2014-09-07 23:45 - 05185536 _____ (AVAST Software) C:\Users\Kristiana\Desktop\aswMBR.exe
2014-09-07 21:43 - 2014-08-15 19:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 21:33 - 2014-09-07 21:33 - 00005586 _____ () C:\Users\Kristiana\Documents\RKreport_DEL_09072014_213229.log
2014-09-07 20:50 - 2012-08-20 08:37 - 00257024 ___SH () C:\Users\Kristiana\Documents\Thumbs.db
2014-09-07 20:48 - 2014-09-07 20:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-05 11:04 - 2011-12-29 21:26 - 00000000 ____D () C:\Users\Kristiana
2014-09-05 10:53 - 2009-06-17 19:26 - 00000000 ____D () C:\Users\Kristiana\Documents\Dell Webcam Center
2014-09-03 12:19 - 2014-06-22 20:49 - 00007612 _____ () C:\Users\Kristiana\AppData\Local\Resmon.ResmonCfg
2014-09-01 19:29 - 2011-07-26 23:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-01 19:28 - 2011-07-26 23:34 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-01 19:06 - 2012-01-26 21:08 - 00000000 ____D () C:\Users\Public\Documents\bigfish
2014-09-01 19:03 - 2012-01-08 18:13 - 00000000 ____D () C:\Users\Jordyn
2014-08-31 09:59 - 2014-08-31 09:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-08-31 09:58 - 2014-08-31 09:58 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-31 09:58 - 2014-08-31 09:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-31 09:58 - 2011-11-08 02:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-31 09:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-31 09:56 - 2012-01-26 16:44 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\Facebook
2014-08-31 09:36 - 2012-07-29 10:21 - 00000000 ____D () C:\Users\Kristiana\AppData\Roaming\SoftGrid Client
2014-08-31 09:21 - 2013-09-06 13:21 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\Akamai
2014-08-31 09:18 - 2014-08-31 09:18 - 00000000 ____D () C:\Windows\pss
2014-08-31 09:11 - 2012-10-09 15:38 - 00000000 ____D () C:\Users\Kristiana\AppData\Local\Backup Assistant Plus
2014-08-28 11:05 - 2013-12-16 16:52 - 00000000 ____D () C:\Users\Barbara
2014-08-28 08:17 - 2013-09-20 12:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 03:18 - 2009-07-13 21:45 - 00516952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 19:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-25 17:52 - 2012-08-27 13:08 - 04096000 ___SH () C:\Users\Kristiana\Downloads\Thumbs.db
2014-08-22 19:07 - 2014-08-27 19:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 19:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:08 - 2014-08-19 20:08 - 00280488 _____ () C:\Windows\Minidump\081914-109185-01.dmp
2014-08-19 20:08 - 2013-11-18 21:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 20:07 - 2013-11-18 21:57 - 402310958 _____ () C:\Windows\MEMORY.DMP
2014-08-19 11:05 - 2014-09-11 22:09 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 10:39 - 2014-09-11 22:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 02:06 - 2014-01-15 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-18 22:54 - 2014-08-18 22:54 - 00280488 _____ () C:\Windows\Minidump\081814-45177-01.dmp
2014-08-18 16:01 - 2014-09-11 22:09 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 15:29 - 2014-09-11 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 15:29 - 2014-09-11 22:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 15:26 - 2014-09-11 22:09 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 15:20 - 2014-09-11 22:09 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 15:19 - 2014-09-11 22:09 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 15:15 - 2014-09-11 22:09 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 15:15 - 2014-09-11 22:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 15:14 - 2014-09-11 22:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 15:14 - 2014-09-11 22:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 15:08 - 2014-09-11 22:09 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 15:08 - 2014-09-11 22:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 15:08 - 2014-09-11 22:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 15:05 - 2014-09-11 22:09 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 15:03 - 2014-09-11 22:09 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 15:03 - 2014-09-11 22:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 15:03 - 2014-09-11 22:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 14:57 - 2014-09-11 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:56 - 2014-09-11 22:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:51 - 2014-09-11 22:09 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:46 - 2014-09-11 22:09 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 14:45 - 2014-09-11 22:09 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:45 - 2014-09-11 22:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:44 - 2014-09-11 22:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:44 - 2014-09-11 22:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:42 - 2014-09-11 22:09 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:40 - 2014-09-11 22:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:39 - 2014-09-11 22:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:39 - 2014-09-11 22:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:39 - 2014-09-11 22:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:38 - 2014-09-11 22:09 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-09-11 22:09 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 14:36 - 2014-09-11 22:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-09-11 22:09 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 14:27 - 2014-09-11 22:09 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:25 - 2014-09-11 22:09 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:25 - 2014-09-11 22:09 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:23 - 2014-09-11 22:09 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:23 - 2014-09-11 22:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 14:22 - 2014-09-11 22:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:19 - 2014-09-11 22:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:17 - 2014-09-11 22:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:17 - 2014-09-11 22:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:16 - 2014-09-11 22:09 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:15 - 2014-09-11 22:09 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:15 - 2014-09-11 22:09 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:09 - 2014-09-11 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:08 - 2014-09-11 22:09 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:07 - 2014-09-11 22:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 13:55 - 2014-09-11 22:09 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 13:46 - 2014-09-11 22:09 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 13:38 - 2014-09-11 22:09 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 13:38 - 2014-09-11 22:09 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 13:36 - 2014-09-11 22:09 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 09:44 - 2014-08-18 09:44 - 00280488 _____ () C:\Windows\Minidump\081814-42884-01.dmp
Some content of TEMP:
====================
C:\Users\Kristiana\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 17:24
==================== End Of Log ============================