Jump to content

Malware still present


ZoeS
 Share

Recommended Posts

I must have picked up some virus somewhere as stuff is popping up when I browse, and when I click on links other windows to advertisements will pop up.  I ran AVG, SystemCare and finally Maleware Bytes, but I'm still infected.  Any advice would be very appreciated!

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.15.2
Run by Zoe at 10:05:08 on 2013-10-25
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.7988.5086 [GMT -4:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\dashost.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\RfBtnSvc64.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\qualitink\updatequalitink.exe
C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
C:\Users\Zoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uURLSearchHooks: KeyBar 1.13 Toolbar: {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files (x86)\KeyBar_1.13\prxtbKeyB.dll
mURLSearchHooks: KeyBar 1.13 Toolbar: {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files (x86)\KeyBar_1.13\prxtbKeyB.dll
mWinlogon: Userinit = userinit.exe,
BHO: MRI_DISABLED - <orphaned>
BHO: KeyBar 1.13 Toolbar: {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files (x86)\KeyBar_1.13\prxtbKeyB.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: qualitink: {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: KeyBar 1.13 Toolbar: {02edb56b-9b33-435b-b7df-b2843273a694} - C:\Program Files (x86)\KeyBar_1.13\prxtbKeyB.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\Zoe\AppData\Local\Pokki\Engine\Launcher.dll",RunLaunchPlatform
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series" /EF "HKCU"
uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zoe\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRunOnce: [Application Restart #4] C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Zoe\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] <no file>
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Zoe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Zoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MRI_DI~1\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-System: DisableCAD = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723}\343594D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723}\35471627265736B6370275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723}\74C6F62616C63557964756 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723}\74C6F62616C6D456564796E676 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{7595F9EE-3572-46C0-B147-5C8F6A92F723}\A5F65696071646 : DHCPNameServer = 206.47.201.246 207.231.231.254
TCP: Interfaces\{CD4F3FD0-9A9A-44D3-9962-C8E494CE9232} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E5D3F8AD-61A0-41BA-8C9F-54D7ACC5B210} : DHCPNameServer = 206.47.201.246 207.231.231.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: {11111111-1111-1111-1111-110311551178} - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\



FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Zoe\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Zoe\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-16 15:26; ascsurfingprotection@iobit.com; C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-10-04 21:01; firefox@qualitink.net; C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\extensions\firefox@qualitink.net.xpi
FF - ExtSQL: 2013-10-22 09:55; {02edb56b-9b33-435b-b7df-b2843273a694}; C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-8 31544]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\Drivers\CSCrySec.sys [2013-3-5 85048]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-25 645952]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-10-23 17720]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-30 252728]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [2013-3-5 66104]
R1 kl2;kl2;C:\Windows\System32\Drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2011-3-10 29488]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-9-16 574272]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-1-28 227456]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-8-24 2435728]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-11-25 348784]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-3-14 135824]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-11-25 90992]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-25 2457232]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-23 335168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-25 166720]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-8-23 259136]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-11 1907896]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-11-25 93296]
R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-10-24 75584]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-25 365376]
R2 Update qualitink;Update qualitink;C:\Program Files (x86)\qualitink\updatequalitink.exe [2013-10-4 65312]
R2 Util qualitink;Util qualitink;C:\Program Files (x86)\qualitink\bin\utilqualitink.exe [2013-10-23 65312]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-6-5 89168]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-10-16 266240]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-6-5 346192]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-6-5 115280]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-6-5 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-6-5 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-6-5 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-6-5 136424]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-5 581200]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-9-5 658576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-11-25 319856]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-25 342528]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2009-11-2 22544]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-11-25 26736]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-11-25 288256]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-25 683664]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-3-5 23552]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2012-9-10 22528]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-10-24 18:33:21    --------    d-----w-    C:\Users\Zoe\AppData\Roaming\Malwarebytes
2013-10-24 18:33:10    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-24 18:33:08    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-24 18:33:08    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 14:04:48    --------    d-----w-    C:\Users\Zoe\AppData\Roaming\AVG2014
2013-10-24 14:04:00    --------    d-----w-    C:\Users\Zoe\AppData\Roaming\TuneUp Software
2013-10-24 14:03:31    --------    d--h--w-    C:\$AVG
2013-10-24 14:03:31    --------    d-----w-    C:\ProgramData\AVG2014
2013-10-24 14:02:46    --------    d-----w-    C:\Program Files (x86)\AVG
2013-10-24 13:58:35    --------    d--h--w-    C:\ProgramData\Common Files
2013-10-24 13:58:35    --------    d-----w-    C:\Users\Zoe\AppData\Local\MFAData
2013-10-24 13:58:35    --------    d-----w-    C:\Users\Zoe\AppData\Local\Avg2014
2013-10-24 13:58:35    --------    d-----w-    C:\ProgramData\MFAData
2013-10-23 20:59:45    17720    ----a-w-    C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-10-22 16:42:11    315568    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10222.bin
2013-10-22 13:56:21    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-10-22 13:56:17    --------    d-----w-    C:\ProgramData\Conduit
2013-10-22 13:56:16    --------    d-----w-    C:\Users\Zoe\AppData\Local\Conduit
2013-10-22 13:56:16    --------    d-----w-    C:\Program Files (x86)\KeyBar_1.13
2013-10-22 13:56:00    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2013-10-22 13:55:52    --------    d-----w-    C:\Users\Zoe\AppData\Roaming\SearchProtect
2013-10-22 13:55:20    --------    d-----w-    C:\Program Files (x86)\qualitink
2013-10-22 13:54:46    --------    d-----w-    C:\Program Files (x86)\TornTV.com
2013-10-22 13:50:53    --------    d-----w-    C:\ProgramData\WinterSoft
2013-10-22 13:50:42    --------    d-----w-    C:\Users\Zoe\AppData\Local\Programs
2013-10-22 13:50:06    --------    d-----w-    C:\ProgramData\InstallMate
2013-10-16 15:19:36    --------    d-----w-    C:\Users\Zoe\AppData\Roaming\ControlCenter4
2013-10-16 15:13:40    --------    d-----w-    C:\Brother
2013-10-16 15:13:37    --------    d-----w-    C:\ProgramData\ControlCenter4
2013-10-16 15:13:37    --------    d-----w-    C:\Program Files (x86)\Browny02
2013-10-16 15:13:36    --------    d-----w-    C:\Program Files (x86)\ControlCenter4
2013-10-16 15:13:11    73728    ------w-    C:\Windows\SysWow64\BrDctF2.dll
2013-10-16 15:13:11    5120    ------w-    C:\Windows\SysWow64\BrDctF2S.dll
2013-10-16 15:13:11    5120    ------w-    C:\Windows\SysWow64\BrDctF2L.dll
2013-10-16 15:13:11    245760    ------w-    C:\Windows\SysWow64\NSSearch.dll
2013-10-16 15:13:08    180224    ------w-    C:\Windows\SysWow64\BroSNMP.dll
2013-10-16 15:09:57    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-10-15 15:02:59    356352    ----a-w-    C:\Windows\SysWow64\SettingSync.dll
2013-10-15 15:02:59    225280    ----a-w-    C:\Windows\System32\mbsmsapi.dll
2013-10-15 15:02:59    158208    ----a-w-    C:\Windows\SysWow64\mbsmsapi.dll
2013-10-15 15:02:59    128512    ----a-w-    C:\Windows\System32\SettingSyncInfo.dll
2013-10-15 15:02:47    566784    ----a-w-    C:\Windows\System32\wvc.dll
2013-10-15 15:02:47    462336    ----a-w-    C:\Windows\System32\sysmon.ocx
2013-10-15 15:02:47    399360    ----a-w-    C:\Windows\SysWow64\sysmon.ocx
2013-10-15 15:02:47    1374208    ----a-w-    C:\Windows\System32\wdc.dll
2013-10-15 15:02:47    1245696    ----a-w-    C:\Windows\SysWow64\wdc.dll
2013-10-15 15:02:46    437248    ----a-w-    C:\Windows\SysWow64\wvc.dll
2013-10-10 16:03:22    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 16:03:22    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:17:49    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-10-01 15:48:50    91544    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-10-01 14:44:15    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-10-01 14:42:28    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-10-01 14:39:29    --------    d-----w-    C:\ProgramData\Brother
2013-09-30 14:45:43    26432    ----a-w-    C:\Windows\System32\RegistryDefragBootTime.exe
2013-09-26 01:07:30    148792    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
.
==================== Find3M  ====================
.
2013-10-25 13:17:06    53284    ----a-w-    C:\Windows\System32\wpbbin.exe
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-09 02:11:42    31544    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-09-04 19:35:06    20496    ----a-w-    C:\Windows\System32\drivers\avgboota.sys
2013-09-02 14:59:14    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 14:29:18    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-09-02 14:26:50    192824    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 14:26:42    241464    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-23 05:11:57    4040192    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-21 02:53:58    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-08-10 05:21:51    448512    ----a-w-    C:\Windows\System32\SettingSync.dll
2013-08-02 06:28:29    10116608    ----a-w-    C:\Windows\System32\twinui.dll
2013-08-02 06:26:53    2304512    ----a-w-    C:\Windows\System32\authui.dll
2013-08-02 05:08:18    8858112    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-08-02 05:06:50    2035712    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-08-01 10:41:31    2233688    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-30 14:01:20    252728    ----a-w-    C:\Windows\System32\drivers\avgwfpa.sys
.
============= FINISH: 10:05:42.80 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2013 12:03:47 AM
System Uptime: 10/25/2013 9:16:54 AM (1 hours ago)
.
Motherboard: Acer |  | Aspire V5-571P
Processor: Intel® Core i3-3217U CPU @ 1.80GHz | CPU Socket - U3E1 | 1801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 598.966 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP30: 10/9/2013 9:02:38 AM - Installed Software Updater
RP31: 10/15/2013 4:29:28 PM - Windows Update
RP32: 10/23/2013 8:06:29 AM - Scheduled Checkpoint
RP33: 10/24/2013 10:02:04 AM - Installed AVG 2014
RP34: 10/24/2013 10:02:55 AM - Installed AVG 2014
.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - Video 2
Acer Backup Manager
Acer Instant Update Service
Acer Power Management
Acer Recovery Management
AcerCloud
AcerCloud Docs
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Backup Manager v4
Bonjour
Brother MFL-Pro Suite DCP-7065DN
Brother P-touch Editor 5.0
Citrix Online Launcher
clear.fi Media
clear.fi Photo
CyberLink MediaEspresso 6.5
Dolby Advanced Audio v2
Driver Booster
Dropbox
Epson Connect Printer Setup
EPSON Connect version 1.0
Epson Customer Participation
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Finder
EPSON Scan
EPSON WF-2540 Series Printer Uninstall
EpsonNet Print
ETDWare PS/2-X64 11.6.10.001_WHQL
FileZilla Client 3.7.3
GoToMeeting 5.7.0.1172
HID Monitor
Identity Card
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
IObit Malware Fighter
Java 7 Update 15
Java 7 Update 15 (64-bit)
Java Auto Updater
Kaspersky PURE 2.0
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Professional Plus 2013 - en-us
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyWinLocker Suite
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Office Addin
Pokki
Pokki Download Helper
PollEv Presenter
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program
qualitink 1.0.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shared C Run-time for x64
Shredder
Smart Defrag 2
Software Updater
Start Menu 8
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
.
==== Event Viewer Messages From Past Week ========
.
10/25/2013 9:22:09 AM, Error: Service Control Manager [7022]  - The Intel® Management and Security Application User Notification Service service hung on starting.
10/25/2013 9:17:37 AM, Error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  The system cannot find the

file specified.
10/24/2013 9:21:13 AM, Error: Service Control Manager [7034]  - The StartMenu8 Service service terminated unexpectedly.  It has done this 1 time(s).
10/24/2013 10:07:36 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM

Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user V5-571\Zoe SID (S-1-5-

21-2291105322-700541216-3576249611-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security

permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Please uninstall these from your add/remove programs: (if possible)
Pokki
Pokki Download Helper
qualitink 1.0.0


Then.......

Please create a new system restore point before continuing:
http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 25/10/2013 at 11:34:01
# Updated 20/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Zoe - V5-571
# Running from : C:\Users\Zoe\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\KeyBar_1.13
Folder Deleted : C:\Users\Zoe\AppData\Local\Conduit
Folder Deleted : C:\Users\Zoe\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Zoe\AppData\LocalLow\KeyBar_1.13
Folder Deleted : C:\Users\Zoe\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\CT3291326
Folder Deleted : C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
File Deleted : C:\END
File Deleted : C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02EDB56B-9B33-435B-B7DF-B2843273A694}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21C9B2FE-791A-4A7B-9EEB-97B4E22D8B3E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02EDB56B-9B33-435B-B7DF-B2843273A694}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02EDB56B-9B33-435B-B7DF-B2843273A694}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{21C9B2FE-791A-4A7B-9EEB-97B4E22D8B3E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C6CDBF7-9E29-435E-928D-E844D032D9EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24BBC544-A5F6-465E-9A0A-754EB6CB7519}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{02EDB56B-9B33-435B-B7DF-B2843273A694}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{02EDB56B-9B33-435B-B7DF-B2843273A694}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{02EDB56B-9B33-435B-B7DF-B2843273A694}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.13
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\KeyBar_1.13

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\prefs.js ]

Line Deleted : user_pref("CT3291326.FF19Solved", "true");
Line Deleted : user_pref("CT3291326.UserID", "UN19613665078677311");
Line Deleted : user_pref("CT3291326.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3291326.fullUserID", "UN19613665078677311.IN.20131022095549");
Line Deleted : user_pref("CT3291326.installDate", "22/10/2013 09:55:50");
Line Deleted : user_pref("CT3291326.installSessionId", "{C761279B-3911-44F9-A19B-E92686BC66C4}");
Line Deleted : user_pref("CT3291326.installSp", "TRUE");
Line Deleted : user_pref("CT3291326.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3291326.keyword", "true");

Line Deleted : user_pref("CT3291326.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3291326.originalSearchEngine", "");
Line Deleted : user_pref("CT3291326.originalSearchEngineName", "");
Line Deleted : user_pref("CT3291326.searchRevert", "false");
Line Deleted : user_pref("CT3291326.searchUserMode", "2");
Line Deleted : user_pref("CT3291326.smartbar.homepage", "true");
Line Deleted : user_pref("CT3291326.versionFromInstaller", "10.20.3.20");
Line Deleted : user_pref("CT3291326.xpeMode", "0");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.13 Customized Web Search");


Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291326");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.machineId", "A/CNDOQT3VFHPQAT9DR9PSNROWLTD+FSNDYBFOVMZTKPW0JANKA5QK1DHK0DA5JJCRCYVNNJA/6OT0LB50S+HQ");


*************************

AdwCleaner[R0].txt - [7075 octets] - [25/10/2013 11:32:28]
AdwCleaner[s0].txt - [6876 octets] - [25/10/2013 11:34:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6936 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
Zoe :: V5-571 [administrator]

10/25/2013 11:40:25 AM
MBAM-log-2013-10-25 (11-50-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208348
Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} (Adware.Superweb) -> No action taken.
HKCR\TypeLib\{94dc4aa7-8299-4d7d-8f4d-48acf05e08ba} (Adware.Superweb) -> No action taken.
HKCR\Interface\{5A5776B9-C752-4AFE-81AF-2ABDD19E05A0} (Adware.Superweb) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Registry Keys Detected: 4

HKCR\CLSID\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} (Adware.Superweb) -> No action taken.

HKCR\TypeLib\{94dc4aa7-8299-4d7d-8f4d-48acf05e08ba} (Adware.Superweb) -> No action taken.

HKCR\Interface\{5A5776B9-C752-4AFE-81AF-2ABDD19E05A0} (Adware.Superweb) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> No action taken.

 

These say No action taken

Did you have MB delete them??

--------------------------------------------------------------------

What browsers are affected?

 

-------------------------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites

Yeah I deleted them. I think I pulled the log first though (as per the instructions, it says to post the log before deleting :))

 

Firefox seems to be the only browser affected (of the two I've tried: FF and IE).

 

I will do the next steps you recommend now. Thanks!

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Zoe (administrator) on V5-571 on 25-10-2013 12:17:25
Running from C:\Users\Zoe\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros

\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage

\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation

\EPCP.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine

Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office

15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros

\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers

\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers

\x64\3\E_YATIIUE.EXE
(Dropbox, Inc.) C:\Users\Zoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager

\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility

\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility

\FUFAXSTM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector

\DeviceDetector.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader

\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine

Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root

\office15\OUTLOOK.EXE
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

[12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

[1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:

\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer\Run: [btvStack] - C:\Program Files (x86)\Qualcomm Atheros

\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros

Commnucations))
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced

SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool

\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool

\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [backgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:

\Users\Zoe\AppData\Local\Conduit\BackgroundContainer

\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\...\Runonce: [Application Restart #4] - C:\Users\Zoe\AppData\Local\Pokki\Engine

\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions

--disable-web-security --disable-web-resources --disable-client-side-phishing-detection --

disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --

disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-

frontend="C:\Users\Zoe\AppData\Local\Pokki\Engine\inspector" --no-first-run --

lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-

window --disable-translate --disable-logging --disable-desktop-notifications --enable-

touch-events --flag-switches-begin --flag-switches-end --restore-last-session
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [508256

2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE

2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event

Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility

\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility

\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple

Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files

(x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother

\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware

Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe

[4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media

\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi

Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
Startup: C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zoe\AppData\Roaming\Dropbox\bin

\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL

= http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =

http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =

http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL

=
SearchScopes: HKCU - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =
SearchScopes: HKCU - {99CDA7A6-E331-4022-B8A1-1059F4A04A9D} URL =

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}

&SearchSource=4&ctid=CT3291326&CUI=UN39390525004846724&UM=2
BHO: No Name - {11111111-1111-1111-1111-110311551178} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program

Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program

Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program

Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros

Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -

C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office

\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-

ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS

\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files

(x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:

\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-

42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

(Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-

8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect

\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-

ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

(Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program

Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:

\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON

CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files

\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles

\9hl5nkwl.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash

\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows

\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight

\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program

Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

(Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files

(x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

(Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows

\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java

\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office

15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

(Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft

Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft

Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Zoe\AppData\Local

\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Zoe\AppData

\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions

\ascsurfingprotection@iobit.com
FF Extension: firefox - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles

\9hl5nkwl.default\Extensions\firefox@qualitink.net.xpi
FF Extension: trtv3 - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles

\9hl5nkwl.default\Extensions\trtv3@trtv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky

PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE

2.0\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE

2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files

(x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox

Add-on
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files

\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare

6\ASCService.exe [574272 2013-04-18] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite

\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480

2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25]

(AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328

2012-08-30] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

[2435728 2012-08-24] (Acer Incorporated)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [8704 2012-07-25] (Microsoft

Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage

\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

[658576 2012-09-05] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko

Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-09-17] (ELAN

Microelectronics Corp.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168

2013-04-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components

\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 msiserver; C:\Windows\SysWow64\msiexec.exe [62976 2012-07-25] (Microsoft

Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager

\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

[1907896 2013-09-06] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-25] (Dritek

System INC.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe

[75584 2013-09-29] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01]

(Microsoft Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [670208 2013-04-08]

(Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG

Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG

Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09

-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02]

(AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG

Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG

Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20]

(AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG

Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG

Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28]

(Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25]

(Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14]

(Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104

2009-12-14] (Infowatch)
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab

ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab

ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-03-05] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky

Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02]

(Kaspersky Lab)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-25]

(Dritek System Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720

2013-05-22] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 12:17 - 2013-10-25 12:17 - 00000000 ____D C:\FRST
2013-10-25 12:16 - 2013-10-25 12:16 - 01955412 _____ (Farbar) C:\Users\Zoe

\Desktop\FRST64.exe
2013-10-25 11:31 - 2013-10-25 11:34 - 00000000 ____D C:\AdwCleaner
2013-10-25 11:31 - 2013-10-25 11:31 - 01060070 _____ C:\Users\Zoe\Desktop

\AdwCleaner.exe
2013-10-25 11:04 - 2013-10-25 11:05 - 00000035 _____ C:\Users\Zoe\Desktop\Thierry

Birthday.txt
2013-10-25 10:05 - 2013-10-25 10:06 - 00005136 _____ C:\Users\Zoe\Desktop

\attach.txt
2013-10-25 10:05 - 2013-10-25 10:05 - 00032599 _____ C:\Users\Zoe\Desktop\dds.txt
2013-10-25 10:02 - 2013-10-25 10:02 - 00688992 ____R (Swearware) C:\Users\Zoe

\Desktop\dds.scr
2013-10-24 14:33 - 2013-10-24 14:33 - 00001091 _____ C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\ProgramData

\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2013-10-24 14:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation)

C:\Windows\system32\Drivers\mbam.sys
2013-10-24 14:32 - 2013-10-24 14:32 - 10285040 _____ (Malwarebytes Corporation       

                             ) C:\Users\Zoe\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-24 12:12 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:

\Windows\system32\MRT.exe
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\TuneUp Software
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\AVG2014
2013-10-24 10:03 - 2013-10-24 10:04 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-24 10:03 - 2013-10-24 10:03 - 00000000 ___HD C:\$AVG
2013-10-24 10:02 - 2013-10-24 10:03 - 22205064 _____ (Microsoft Corporation) C:

\Users\Zoe\Desktop\Windows-KB890830-x64-V5.5.exe
2013-10-24 10:02 - 2013-10-24 10:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-24 09:58 - 2013-10-25 09:10 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 09:58 - 2013-10-24 10:11 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Avg2014
2013-10-24 09:58 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local

\MFAData
2013-10-24 09:21 - 2013-10-24 09:21 - 00003156 _____ C:\Windows\System32\Tasks

\StartMenuAutoupdate
2013-10-24 09:14 - 2013-10-24 16:11 - 00031746 _____ C:\Windows\PFRO.log
2013-10-23 16:59 - 2013-10-25 11:36 - 00000294 _____ C:\Windows\Tasks\Driver

Booster Update.job
2013-10-23 16:59 - 2013-10-23 16:59 - 00003210 _____ C:\Windows\System32\Tasks

\Driver Booster Scan
2013-10-23 16:59 - 2013-10-23 16:59 - 00002544 _____ C:\Windows\System32\Tasks

\Driver Booster Update
2013-10-23 16:59 - 2013-05-22 18:49 - 00017720 _____ C:\Windows

\system32\Drivers\SmartDefragDriver.sys
2013-10-22 09:56 - 2013-10-22 09:56 - 00003358 _____ C:\Windows\System32\Tasks

\BackgroundContainer Startup Task
2013-10-22 09:55 - 2013-10-25 11:36 - 00001278 _____ C:\Windows\Tasks\Torntv 2-

updater.job
2013-10-22 09:55 - 2013-10-25 11:36 - 00001170 _____ C:\Windows\Tasks\Torntv 2-

codedownloader.job
2013-10-22 09:55 - 2013-10-25 11:36 - 00001080 _____ C:\Windows\Tasks\Torntv 2-

enabler.job
2013-10-22 09:55 - 2013-10-25 11:35 - 00000000 ____D C:\Program Files

(x86)\qualitink
2013-10-22 09:55 - 2013-10-22 09:55 - 00004282 _____ C:\Windows\System32\Tasks

\Torntv 2-updater
2013-10-22 09:55 - 2013-10-22 09:55 - 00004174 _____ C:\Windows\System32\Tasks

\Torntv 2-codedownloader
2013-10-22 09:55 - 2013-10-22 09:55 - 00004084 _____ C:\Windows\System32\Tasks

\Torntv 2-enabler
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\WinterSoft
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-16 11:19 - 2013-10-16 11:20 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\ProgramData

\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files

(x86)\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files

(x86)\Browny02
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Brother
2013-10-16 11:13 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows

\SysWOW64\NSSearch.dll
2013-10-16 11:13 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:

\Windows\SysWOW64\BrDctF2S.dll
2013-10-16 11:13 - 2010-09-29 17:07 - 00180224 ____N (Brother Industries, Ltd.) C:

\Windows\SysWOW64\BroSNMP.dll
2013-10-16 11:13 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:

\Windows\SysWOW64\BrDctF2.dll
2013-10-16 11:13 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:

\Windows\SysWOW64\BrDctF2L.dll
2013-10-16 11:09 - 2013-10-16 11:09 - 00000000 ____D C:\Program Files

(x86)\MSXML 4.0
2013-10-15 14:57 - 2013-10-15 17:10 - 00019883 _____ C:\Users\Zoe\Desktop\Blank

Eval Form.xlsx
2013-10-15 11:03 - 2013-08-10 01:21 - 00448512 _____ (Microsoft Corporation) C:

\Windows\system32\SettingSync.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 19758080 _____ (Microsoft Corporation) C:

\Windows\system32\shell32.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 10116608 _____ (Microsoft Corporation) C:

\Windows\system32\twinui.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 00222208 _____ (Microsoft Corporation) C:

\Windows\system32\shdocvw.dll
2013-10-15 11:03 - 2013-08-02 02:26 - 02304512 _____ (Microsoft Corporation) C:

\Windows\system32\authui.dll
2013-10-15 11:03 - 2013-08-02 01:08 - 17561088 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\shell32.dll
2013-10-15 11:03 - 2013-08-02 01:08 - 08858112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\twinui.dll
2013-10-15 11:03 - 2013-08-02 01:06 - 02035712 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\authui.dll
2013-10-15 11:03 - 2013-08-01 06:41 - 02233688 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\tcpip.sys
2013-10-15 11:03 - 2013-04-09 19:17 - 01125888 _____ (Microsoft Corporation) C:

\Windows\system32\msctf.dll
2013-10-15 11:03 - 2013-04-09 18:29 - 00893952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msctf.dll
2013-10-15 11:02 - 2013-08-10 01:21 - 00128512 _____ (Microsoft Corporation) C:

\Windows\system32\SettingSyncInfo.dll
2013-10-15 11:02 - 2013-08-09 23:58 - 00356352 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\SettingSync.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 01374208 _____ (Microsoft Corporation) C:

\Windows\system32\wdc.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 00566784 _____ (Microsoft Corporation) C:

\Windows\system32\wvc.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 00462336 _____ (Microsoft Corporation) C:

\Windows\system32\sysmon.ocx
2013-10-15 11:02 - 2013-08-03 01:14 - 00399360 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\sysmon.ocx
2013-10-15 11:02 - 2013-08-03 01:13 - 01245696 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wdc.dll
2013-10-15 11:02 - 2013-08-03 01:13 - 00437248 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wvc.dll
2013-10-15 11:02 - 2013-08-02 01:08 - 00199168 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\shdocvw.dll
2013-10-15 11:02 - 2013-07-30 19:30 - 00386923 _____ C:\Windows

\system32\ApnDatabase.xml
2013-10-15 11:02 - 2013-07-24 19:10 - 00158208 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mbsmsapi.dll
2013-10-15 11:02 - 2013-07-24 19:06 - 00225280 _____ (Microsoft Corporation) C:

\Windows\system32\mbsmsapi.dll
2013-10-15 08:57 - 2013-10-15 08:57 - 00456592 _____ C:\Windows

\system32\FNTCACHE.DAT
2013-10-10 13:20 - 2013-10-10 13:21 - 00000000 ____D C:\Program Files (x86)\FileZilla

FTP Client
2013-10-10 12:03 - 2013-10-01 21:38 - 00694232 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 12:03 - 2013-10-01 21:38 - 00078296 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 09:18 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wininet.dll
2013-10-09 09:18 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\urlmon.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieframe.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iertutil.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jscript.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msfeeds.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:

\Windows\system32\wininet.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:

\Windows\system32\urlmon.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:

\Windows\system32\ie4uinit.exe
2013-10-09 09:18 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:

\Windows\system32\mshtml.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:

\Windows\system32\ieframe.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:

\Windows\system32\jscript9.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:

\Windows\system32\iertutil.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:

\Windows\system32\jscript.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:

\Windows\system32\msfeeds.dll
2013-10-09 09:18 - 2013-07-05 20:15 - 00652288 _____ (Microsoft Corporation) C:

\Windows\system32\comctl32.dll
2013-10-09 09:18 - 2013-07-03 22:13 - 00541696 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\comctl32.dll
2013-10-09 09:18 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\UXInit.dll
2013-10-09 09:18 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:

\Windows\system32\UXInit.dll
2013-10-09 09:18 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:

\Windows\system32\mshtml.tlb
2013-10-09 09:18 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.tlb
2013-10-09 09:18 - 2013-04-28 18:28 - 00915968 _____ (Microsoft Corporation) C:

\Windows\system32\uxtheme.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iesysprep.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iesetup.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jsproxy.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iernonce.dll
2013-10-09 09:18 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:

\Windows\system32\iesysprep.dll
2013-10-09 09:18 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:

\Windows\system32\jsproxy.dll
2013-10-09 09:18 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\uxtheme.dll
2013-10-09 09:18 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:

\Windows\system32\iesetup.dll
2013-10-09 09:18 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:

\Windows\system32\iernonce.dll
2013-10-09 09:17 - 2013-08-23 01:11 - 04040192 _____ (Microsoft Corporation) C:

\Windows\system32\win32k.sys
2013-10-09 09:17 - 2013-07-19 18:13 - 00124112 _____ (Microsoft Corporation) C:

\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:17 - 2013-07-19 18:13 - 00102608 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:17 - 2013-07-05 18:02 - 00099328 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbcir.sys
2013-10-09 09:17 - 2013-07-05 18:01 - 00210560 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbvideo.sys
2013-10-09 09:17 - 2013-07-01 21:41 - 00447320 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\USBHUB3.SYS
2013-10-09 09:17 - 2013-07-01 21:41 - 00337752 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\USBXHCI.SYS
2013-10-09 09:17 - 2013-07-01 21:41 - 00213336 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\UCX01000.SYS
2013-10-09 09:17 - 2013-07-01 18:14 - 00043008 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbscan.sys
2013-10-09 09:17 - 2013-07-01 18:14 - 00025600 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbprint.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00623448 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbhub.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00498008 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbport.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00079192 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbehci.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00021848 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbd.sys
2013-10-09 09:17 - 2013-06-28 23:08 - 00032768 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\hidparse.sys
2013-10-09 09:17 - 2013-06-28 23:07 - 00083968 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\hidclass.sys
2013-10-09 09:17 - 2013-06-28 23:07 - 00032256 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbuhci.sys
2013-10-09 09:17 - 2013-06-28 23:06 - 00120832 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\usbccgp.sys
2013-10-09 09:17 - 2013-06-22 01:45 - 00785624 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 09:17 - 2013-06-22 01:45 - 00054488 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\WdfLdr.sys
2013-10-09 09:17 - 2013-05-26 19:17 - 00035328 _____ (Adobe Systems) C:\Windows

\SysWOW64\atmlib.dll
2013-10-09 09:17 - 2013-05-26 18:59 - 00046080 _____ (Adobe Systems) C:\Windows

\system32\atmlib.dll
2013-10-09 09:17 - 2013-05-24 23:15 - 00362496 _____ (Adobe Systems Incorporated)

C:\Windows\system32\atmfd.dll
2013-10-09 09:17 - 2013-05-24 22:32 - 00300032 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\atmfd.dll
2013-10-03 11:59 - 2013-10-11 17:23 - 00000064 _____ C:\Users\Zoe\Desktop\onsite

stuff.txt
2013-10-03 07:10 - 2013-10-25 09:20 - 00000412 _____ C:\Users\Zoe\Desktop

\Winners - eval form.txt
2013-10-01 11:48 - 2013-10-01 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla

Firefox
2013-10-01 10:44 - 2013-08-16 01:41 - 00058200 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\dam.sys
2013-10-01 10:44 - 2013-08-16 01:39 - 02371728 _____ (Microsoft Corporation) C:

\Windows\system32\WSService.dll
2013-10-01 10:44 - 2013-08-16 01:39 - 00059416 _____ (Microsoft Corporation) C:

\Windows\system32\wuauclt.exe
2013-10-01 10:44 - 2013-08-16 01:32 - 00209200 _____ (Microsoft Corporation) C:

\Windows\system32\NotificationUI.exe
2013-10-01 10:44 - 2013-08-16 01:22 - 04917760 _____ (Microsoft Corporation) C:

\Windows\system32\sppsvc.exe
2013-10-01 10:44 - 2013-08-16 01:22 - 00040448 _____ (Microsoft Corporation) C:

\Windows\system32\wuapp.exe
2013-10-01 10:44 - 2013-08-16 01:21 - 03275776 _____ (Microsoft Corporation) C:

\Windows\system32\wuaueng.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 01621504 _____ (Microsoft Corporation) C:

\Windows\system32\wucltux.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 01164288 _____ (Microsoft Corporation) C:

\Windows\system32\sppobjs.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00773120 _____ (Microsoft Corporation) C:

\Windows\system32\wuapi.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00688640 _____ (Microsoft Corporation) C:

\Windows\system32\WSShared.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00368640 _____ (Microsoft Corporation) C:

\Windows\system32\sppwinob.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00252416 _____ (Microsoft Corporation) C:

\Windows\system32\WUSettingsProvider.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00204800 _____ (Microsoft Corporation) C:

\Windows\system32\WSClient.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00198656 _____ (Microsoft Corporation) C:

\Windows\system32\Windows.ApplicationModel.Store.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00183808 _____ (Microsoft Corporation) C:

\Windows\system32\WSSync.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00174592 _____ (Microsoft Corporation) C:

\Windows\system32\storewuauth.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00163840 _____ (Microsoft Corporation) C:

\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00142848 _____ (Microsoft Corporation) C:

\Windows\system32\wuwebv.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00120320 _____ (Microsoft Corporation) C:

\Windows\system32\sppc.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00099328 _____ (Microsoft Corporation) C:

\Windows\system32\wudriver.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00081408 _____ (Microsoft Corporation) C:

\Windows\system32\setupcln.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:

\Windows\system32\wups.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:

\Windows\system32\wups2.dll
2013-10-01 10:44 - 2013-08-16 01:20 - 00105984 _____ (Microsoft Corporation) C:

\Windows\system32\WinSetupUI.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00628736 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wuapi.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00562688 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WSShared.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00167424 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WSClient.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00159232 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WSSync.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00143872 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00126976 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wuwebv.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00124928 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00084992 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wudriver.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00083968 _____ C:\Windows

\SysWOW64\OEMLicense.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00035328 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wuapp.exe
2013-10-01 10:44 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wups.dll
2013-10-01 10:44 - 2013-08-15 18:42 - 00091648 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\sppc.dll
2013-10-01 10:44 - 2013-08-15 18:42 - 00076800 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\setupcln.dll
2013-10-01 10:42 - 2013-08-07 01:15 - 00144896 _____ (Microsoft Corporation) C:

\Windows\system32\tssdisai.dll
2013-10-01 10:41 - 2013-07-09 04:04 - 00120144 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\msgpioclx.sys
2013-10-01 10:41 - 2013-07-09 02:18 - 00439488 _____ (Microsoft Corporation) C:

\Windows\system32\WerFault.exe
2013-10-01 10:41 - 2013-07-09 00:25 - 00385768 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WerFault.exe
2013-10-01 10:41 - 2013-07-08 23:57 - 00245760 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\LocationApi.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00543744 _____ (Microsoft Corporation) C:

\Windows\system32\wwanmm.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00414208 _____ (Microsoft Corporation) C:

\Windows\system32\wwanconn.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00370688 _____ (Microsoft Corporation) C:

\Windows\system32\Wwanadvui.dll
2013-10-01 10:41 - 2013-07-08 18:45 - 00312832 _____ (Microsoft Corporation) C:

\Windows\system32\LocationApi.dll
2013-10-01 10:41 - 2013-07-05 20:16 - 01025024 _____ (Microsoft Corporation) C:

\Windows\system32\localspl.dll
2013-10-01 10:41 - 2013-07-02 20:23 - 00778752 _____ (Microsoft Corporation) C:

\Windows\system32\oleaut32.dll
2013-10-01 10:41 - 2013-07-02 20:23 - 00391168 _____ (Microsoft Corporation) C:

\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-10-01 10:41 - 2013-07-02 20:22 - 02839552 _____ (Microsoft Corporation) C:

\Windows\system32\msftedit.dll
2013-10-01 10:41 - 2013-07-02 20:22 - 01300480 _____ (Microsoft Corporation) C:

\Windows\system32\gdi32.dll
2013-10-01 10:41 - 2013-07-02 20:11 - 00551424 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\oleaut32.dll
2013-10-01 10:41 - 2013-07-02 20:11 - 00268800 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-10-01 10:41 - 2013-07-02 20:10 - 02273792 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msftedit.dll
2013-10-01 10:41 - 2013-06-30 18:30 - 00067072 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\openfiles.exe
2013-10-01 10:41 - 2013-06-30 18:29 - 00077312 _____ (Microsoft Corporation) C:

\Windows\system32\openfiles.exe
2013-10-01 10:41 - 2013-06-29 02:15 - 00195416 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\sdbus.sys
2013-10-01 10:41 - 2013-06-29 02:15 - 00125784 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\dumpsd.sys
2013-10-01 10:41 - 2013-06-29 01:43 - 00327512 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\Classpnp.sys
2013-10-01 10:41 - 2013-06-28 21:12 - 01022464 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\gdi32.dll
2013-10-01 10:41 - 2013-06-25 23:01 - 00321536 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\udfs.sys
2013-10-01 10:41 - 2013-06-25 22:59 - 00341504 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\HdAudio.sys
2013-10-01 10:41 - 2013-06-24 18:54 - 00447488 _____ (Microsoft Corporation) C:

\Windows\system32\wwansvc.dll
2013-10-01 10:41 - 2013-06-24 18:54 - 00263680 _____ (Microsoft Corporation) C:

\Windows\system32\wcmsvc.dll
2013-10-01 10:41 - 2013-06-24 18:54 - 00074240 _____ (Microsoft Corporation) C:

\Windows\system32\wcmcsp.dll
2013-10-01 10:41 - 2013-06-19 01:36 - 00183808 _____ (Microsoft Corporation) C:

\Windows\system32\winmmbase.dll
2013-10-01 10:41 - 2013-06-19 01:36 - 00115712 _____ (Microsoft Corporation) C:

\Windows\system32\winmm.dll
2013-10-01 10:41 - 2013-06-18 18:38 - 00160256 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\winmmbase.dll
2013-10-01 10:41 - 2013-06-18 18:38 - 00125440 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\winmm.dll
2013-10-01 10:41 - 2013-06-11 19:43 - 00154112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WinSCard.dll
2013-10-01 10:41 - 2013-06-11 19:26 - 00230912 _____ (Microsoft Corporation) C:

\Windows\system32\WinSCard.dll
2013-10-01 10:41 - 2013-06-10 17:17 - 00096512 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\wfplwfs.sys
2013-10-01 10:41 - 2013-06-10 15:16 - 00888832 _____ (Microsoft Corporation) C:

\Windows\system32\nshwfp.dll
2013-10-01 10:41 - 2013-06-10 15:15 - 01156096 _____ (Microsoft Corporation) C:

\Windows\system32\IKEEXT.DLL
2013-10-01 10:41 - 2013-06-10 15:15 - 00723968 _____ (Microsoft Corporation) C:

\Windows\system32\BFE.DLL
2013-10-01 10:41 - 2013-06-10 15:15 - 00381952 _____ (Microsoft Corporation) C:

\Windows\system32\FWPUCLNT.DLL
2013-10-01 10:41 - 2013-06-10 15:10 - 00702464 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\nshwfp.dll
2013-10-01 10:41 - 2013-06-10 15:10 - 00245248 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\FWPUCLNT.DLL
2013-10-01 10:41 - 2013-06-06 04:03 - 00119040 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\USBSTOR.SYS
2013-10-01 10:39 - 2013-10-16 09:25 - 00000000 ____D C:\ProgramData\Brother
2013-10-01 10:39 - 2013-10-05 06:53 - 00000334 _____ C:\Windows\BRCALIB.INI
2013-10-01 10:29 - 2013-10-01 10:29 - 00000000 _____ C:\asc_rdflag
2013-09-30 10:45 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\Windows

\system32\RegistryDefragBootTime.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.)

C:\Windows\system32\Drivers\avgdiska.sys

==================== One Month Modified Files and Folders =======

2013-10-25 12:17 - 2013-10-25 12:17 - 00000000 ____D C:\FRST
2013-10-25 12:16 - 2013-10-25 12:16 - 01955412 _____ (Farbar) C:\Users\Zoe

\Desktop\FRST64.exe
2013-10-25 12:03 - 2013-03-15 15:54 - 02914816 ___SH C:\Users\Zoe\Desktop

\Thumbs.db
2013-10-25 12:02 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-25 11:50 - 2013-03-05 07:31 - 00000000 ____D C:\ProgramData\Kaspersky

Lab
2013-10-25 11:49 - 2013-03-14 19:57 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Deployment
2013-10-25 11:42 - 2013-03-05 01:12 - 00003596 _____ C:\Windows\System32\Tasks

\Optimize Start Menu Cache Files-S-1-5-21-2291105322-700541216-3576249611-

1001
2013-10-25 11:39 - 2013-03-15 15:40 - 00000000 ____D C:\Users\Zoe\Documents

\Outlook Files
2013-10-25 11:38 - 2013-04-08 11:57 - 00000000 ___RD C:\Users\Zoe\Dropbox
2013-10-25 11:38 - 2013-04-08 11:54 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\Dropbox
2013-10-25 11:36 - 2013-10-23 16:59 - 00000294 _____ C:\Windows\Tasks\Driver

Booster Update.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001278 _____ C:\Windows\Tasks\Torntv 2-

updater.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001170 _____ C:\Windows\Tasks\Torntv 2-

codedownloader.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001080 _____ C:\Windows\Tasks\Torntv 2-

enabler.job
2013-10-25 11:35 - 2013-10-22 09:55 - 00000000 ____D C:\Program Files

(x86)\qualitink
2013-10-25 11:35 - 2012-09-04 12:53 - 00053284 _____ C:\Windows

\system32\wpbbin.exe
2013-10-25 11:35 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 11:34 - 2013-10-25 11:31 - 00000000 ____D C:\AdwCleaner
2013-10-25 11:34 - 2012-11-25 07:44 - 01978120 _____ C:\Windows

\WindowsUpdate.log
2013-10-25 11:31 - 2013-10-25 11:31 - 01060070 _____ C:\Users\Zoe\Desktop

\AdwCleaner.exe
2013-10-25 11:30 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-25 11:19 - 2013-03-05 05:06 - 00000830 _____ C:\Windows\Tasks\Adobe

Flash Player Updater.job
2013-10-25 11:18 - 2013-03-14 19:58 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Pokki
2013-10-25 11:05 - 2013-10-25 11:04 - 00000035 _____ C:\Users\Zoe\Desktop\Thierry

Birthday.txt
2013-10-25 10:06 - 2013-10-25 10:05 - 00005136 _____ C:\Users\Zoe\Desktop

\attach.txt
2013-10-25 10:05 - 2013-10-25 10:05 - 00032599 _____ C:\Users\Zoe\Desktop\dds.txt
2013-10-25 10:02 - 2013-10-25 10:02 - 00688992 ____R (Swearware) C:\Users\Zoe

\Desktop\dds.scr
2013-10-25 09:20 - 2013-10-03 07:10 - 00000412 _____ C:\Users\Zoe\Desktop

\Winners - eval form.txt
2013-10-25 09:20 - 2012-07-26 04:12 - 00000000 ____D C:\Windows

\system32\FxsTmp
2013-10-25 09:10 - 2013-10-24 09:58 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 16:44 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config

\BBI
2013-10-24 16:11 - 2013-10-24 09:14 - 00031746 _____ C:\Windows\PFRO.log
2013-10-24 15:19 - 2013-03-05 01:04 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Packages
2013-10-24 14:54 - 2013-03-05 05:28 - 00000000 ____D C:\Users\Zoe\AppData\Local

\CrashDumps
2013-10-24 14:33 - 2013-10-24 14:33 - 00001091 _____ C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\ProgramData

\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2013-10-24 14:32 - 2013-10-24 14:32 - 10285040 _____ (Malwarebytes Corporation       

                             ) C:\Users\Zoe\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-24 10:11 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Avg2014
2013-10-24 10:10 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config

\ELAM
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\TuneUp Software
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\AVG2014
2013-10-24 10:04 - 2013-10-24 10:03 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-24 10:03 - 2013-10-24 10:03 - 00000000 ___HD C:\$AVG
2013-10-24 10:03 - 2013-10-24 10:02 - 22205064 _____ (Microsoft Corporation) C:

\Users\Zoe\Desktop\Windows-KB890830-x64-V5.5.exe
2013-10-24 10:03 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-24 10:02 - 2013-10-24 10:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-24 09:58 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local

\MFAData
2013-10-24 09:21 - 2013-10-24 09:21 - 00003156 _____ C:\Windows\System32\Tasks

\StartMenuAutoupdate
2013-10-23 16:59 - 2013-10-23 16:59 - 00003210 _____ C:\Windows\System32\Tasks

\Driver Booster Scan
2013-10-23 16:59 - 2013-10-23 16:59 - 00002544 _____ C:\Windows\System32\Tasks

\Driver Booster Update
2013-10-23 16:59 - 2013-09-16 15:26 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\IObit
2013-10-23 16:59 - 2013-09-16 15:26 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-23 16:58 - 2013-09-16 15:26 - 00000000 ____D C:\ProgramData\IObit
2013-10-23 16:57 - 2013-04-05 15:59 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\FileZilla
2013-10-22 09:56 - 2013-10-22 09:56 - 00003358 _____ C:\Windows\System32\Tasks

\BackgroundContainer Startup Task
2013-10-22 09:55 - 2013-10-22 09:55 - 00004282 _____ C:\Windows\System32\Tasks

\Torntv 2-updater
2013-10-22 09:55 - 2013-10-22 09:55 - 00004174 _____ C:\Windows\System32\Tasks

\Torntv 2-codedownloader
2013-10-22 09:55 - 2013-10-22 09:55 - 00004084 _____ C:\Windows\System32\Tasks

\Torntv 2-enabler
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\WinterSoft
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 11:21 - 2013-04-02 09:19 - 00000000 ____D C:\Users\Zoe\Documents

\Timesheets
2013-10-17 14:52 - 2012-07-26 03:28 - 00848230 _____ C:\Windows

\system32\PerfStringBackup.INI
2013-10-16 11:20 - 2013-10-16 11:19 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\ProgramData

\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files

(x86)\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files

(x86)\Browny02
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Brother
2013-10-16 11:13 - 2013-04-18 12:46 - 00000000 ____D C:\Program Files

(x86)\Brother
2013-10-16 11:12 - 2012-09-04 13:04 - 00000000 ___HD C:\Program Files

(x86)\InstallShield Installation Information
2013-10-16 11:09 - 2013-10-16 11:09 - 00000000 ____D C:\Program Files

(x86)\MSXML 4.0
2013-10-16 09:25 - 2013-10-01 10:39 - 00000000 ____D C:\ProgramData\Brother
2013-10-16 08:57 - 2013-03-05 01:06 - 00000000 ___RD C:\Users\Zoe\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-16 08:57 - 2013-03-05 01:06 - 00000000 ___RD C:\Users\Zoe\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-16 07:41 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2013-10-15 17:16 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-15 17:10 - 2013-10-15 14:57 - 00019883 _____ C:\Users\Zoe\Desktop\Blank

Eval Form.xlsx
2013-10-15 08:57 - 2013-10-15 08:57 - 00456592 _____ C:\Windows

\system32\FNTCACHE.DAT
2013-10-11 17:24 - 2013-03-28 14:41 - 00000000 ____D C:\Users\Zoe\Desktop\Zoe's

stuff
2013-10-11 17:23 - 2013-10-03 11:59 - 00000064 _____ C:\Users\Zoe\Desktop\onsite

stuff.txt
2013-10-11 08:11 - 2013-03-14 18:56 - 00000000 ____D C:\Program Files\Microsoft

Office 15
2013-10-11 08:00 - 2013-03-05 05:04 - 00000000 ____D C:\Program Files\Microsoft

Silverlight
2013-10-11 08:00 - 2013-03-05 05:04 - 00000000 ____D C:\Program Files

(x86)\Microsoft Silverlight
2013-10-10 13:21 - 2013-10-10 13:20 - 00000000 ____D C:\Program Files (x86)\FileZilla

FTP Client
2013-10-09 16:22 - 2013-04-18 12:47 - 00000000 ____D C:\Users\Zoe\AppData

\Roaming\Brother
2013-10-08 13:19 - 2013-03-05 05:06 - 00003718 _____ C:\Windows\System32\Tasks

\Adobe Flash Player Updater
2013-10-05 06:53 - 2013-10-01 10:39 - 00000334 _____ C:\Windows\BRCALIB.INI
2013-10-01 21:38 - 2013-10-10 12:03 - 00694232 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 21:38 - 2013-10-10 12:03 - 00078296 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 15:00 - 2013-03-15 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla

Maintenance Service
2013-10-01 14:14 - 2013-03-15 14:19 - 00000000 ____D C:\Users\Zoe\AppData\Local

\Mozilla
2013-10-01 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore
2013-10-01 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-01 12:39 - 2012-07-26 01:38 - 00000000 ____D C:\Windows\system32\oobe
2013-10-01 11:48 - 2013-10-01 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla

Firefox
2013-10-01 10:29 - 2013-10-01 10:29 - 00000000 _____ C:\asc_rdflag
2013-10-01 10:29 - 2013-03-05 01:04 - 00000000 ____D C:\Users\Zoe
2013-09-26 01:46 - 2013-10-24 12:12 - 80541720 _____ (Microsoft Corporation) C:

\Windows\system32\MRT.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.)

C:\Windows\system32\Drivers\avgdiska.sys

Some content of TEMP:
====================
C:\Users\Zoe\AppData\Local\Temp\oct324B.tmp.exe
C:\Users\Zoe\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 07:43

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by Zoe at 2013-10-25 12:18:38
Running from C:\Users\Zoe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 2.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 2.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008)
Acer Backup Manager (x32 Version: 4.0.0.0059)
Acer Instant Update Service (Version: 1.00.3013)
Acer Power Management (Version: 7.00.3007)
Acer Recovery Management (Version: 6.00.3011)
AcerCloud (x32 Version: 2.01.3115)
AcerCloud Docs (x32 Version: 1.00.3201)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Advanced SystemCare 6 (x32 Version: 6.4)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Backup Manager v4 (x32 Version: 4.0.0.0059)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7065DN (x32 Version: 1.1.3.0)
Brother P-touch Editor 5.0 (x32 Version: 5.0.2300)
Citrix Online Launcher (x32 Version: 1.0.109)
clear.fi Media (x32 Version: 2.01.3108)
clear.fi Photo (x32 Version: 2.01.3108)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.13)
Driver Booster (x32 Version: 1.0)
Dropbox (HKCU Version: 2.0.22)
Epson Connect Printer Setup (x32 Version: 1.1.1)
EPSON Connect version 1.0 (x32 Version: 1.0)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (x32 Version: 3.01.0003)
Epson E-Web Print (x32 Version: 1.17.0000)
Epson FAX Utility (x32 Version: 1.30.00)
Epson PC-FAX Driver (x32)
EPSON Printer Finder (x32 Version: 1.0.0)
EPSON Scan (x32)
EPSON WF-2540 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
ETDWare PS/2-X64 11.6.10.001_WHQL (Version: 11.6.10.001)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
HID Monitor (x32 Version: 1.1.3)
Identity Card (x32 Version: 2.00.3004)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IObit Malware Fighter (x32 Version: 2.1)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java 7 Update 15 (x32 Version: 7.0.150)
Java Auto Updater (x32 Version: 2.1.9.0)
Kaspersky PURE 2.0 (x32 Version: 12.0.2.733)
Launch Manager (x32 Version: 7.0.6)
Live Updater (x32 Version: 2.00.3004)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4535.1511)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
Office Addin (x32 Version: 2.01.3200)
PollEv Presenter (x32 Version: 1.0.0)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.27028)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (x32 Version: 2.0.8.9)
Smart Defrag 2 (x32 Version: 2.9)
Software Updater (x32 Version: 4.1.4)
Start Menu 8 (x32 Version: 1.3.0.0)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)

==================== Restore Points  =========================

15-10-2013 20:29:28 Windows Update
23-10-2013 12:06:29 Scheduled Checkpoint
24-10-2013 14:02:04 Installed AVG 2014
24-10-2013 14:02:55 Installed AVG 2014
25-10-2013 15:29:25 Oct 25

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03243AFC-8AF2-4BAB-89ED-6DA4AC48FA9B} - System32\Tasks\HIDMonitor => C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe [2012-08-23] ()
Task: {090D5A6F-5A6F-4998-AF66-DF4897DD2940} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-05] (Acer Incorporated)
Task: {0B9A5D39-9450-47A8-8816-A7DD34FB0F8F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Zoe\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: {107BB7F7-F0DD-4B9D-A988-222C7B827E46} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe
Task: {25F2879B-6748-49F4-8F0B-246032CC7256} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe
Task: {3DEC5CBE-2AA5-49A4-93C6-BAB5CE8BA1B6} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {46F88DCE-6757-4F16-8CF1-DB50CFECEEF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-10-10] (Microsoft Corporation)
Task: {50DDDFA7-4467-4F58-B183-27A13852F49F} - System32\Tasks\Torntv 2-updater => C:\Program Files (x86)\Torntv 2\Torntv 2-updater.exe
Task: {79115465-85E8-4515-87A4-151F74C5EA0E} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {7A399FAE-CC29-4EDC-AA2B-48BE579257F0} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {8554B857-82AF-489E-897C-2B27EA7BFEDD} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {A351DAA8-05CD-4D2B-8B4B-206693B8641D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-09-29] (IObit)
Task: {A959FA56-8033-4ADD-8AFB-F8B0D0D41DA7} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe
Task: {A9C658B2-52E1-4571-BDD3-1F439AF75266} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {B2A297DC-479C-44B9-8278-09D38EF92D03} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {B5FBB6BE-07E0-4A27-B89D-398B53D32AE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {D0D88C2C-E3D0-4A46-965A-FE102195C290} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {E89AA2BB-23AE-422F-953B-80C8685EA6FA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {F3B7DD4E-91FA-4EB0-BBE9-BB5801F0C093} - System32\Tasks\Torntv 2-enabler => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe
Task: {F6AA6E72-E6B9-4801-8182-D3F357C0A0F4} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {FB69A6C3-0685-4BE4-8E74-15FC0E826C8E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {FD0C4454-FA61-4EC4-8CDB-9DF8D8979131} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {FE184E31-9EB8-4D50-BF2A-F37AADAFFAE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-10-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\Torntv 2-codedownloader.job => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe
Task: C:\Windows\Tasks\Torntv 2-enabler.job => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe
Task: C:\Windows\Tasks\Torntv 2-updater.job => C:\Program Files (x86)\Torntv 2\Torntv 2-updater.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 06:29 - 2013-09-13 06:29 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-16 15:26 - 2013-01-15 18:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-11-25 08:18 - 2012-10-23 15:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-16 15:26 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-30 23:23 - 2012-08-30 23:23 - 00459192 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
2012-08-23 02:26 - 2012-08-23 02:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 02:25 - 2012-08-23 02:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 02:26 - 2012-08-23 02:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 02:25 - 2012-08-23 02:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 02:25 - 2012-08-23 02:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 02:25 - 2012-08-23 02:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 02:26 - 2012-08-23 02:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-10-24 09:21 - 2013-09-29 19:05 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-10-24 09:21 - 2013-09-29 19:05 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-10-24 09:21 - 2013-09-29 19:05 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2013-09-16 15:26 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-09-16 15:26 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-09-16 15:26 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2013-09-16 15:26 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
2012-08-23 18:02 - 2012-08-23 18:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 24978944 _____ () C:\Users\Zoe\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll
2012-08-30 23:24 - 2012-08-30 23:24 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll
2011-09-05 20:36 - 2011-09-05 20:36 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
2011-09-05 20:36 - 2011-09-05 20:36 - 00180224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
2013-10-16 11:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-10-23 16:58 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2013-10-23 16:58 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2013-10-23 16:58 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-10-23 16:58 - 2013-05-29 13:15 - 06773056 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-10-23 16:58 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-10-23 16:58 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-11-25 07:59 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-10-10 09:13 - 2013-10-10 09:16 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2013-09-13 06:29 - 2013-09-13 06:29 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-10-24 09:21 - 2013-09-29 19:05 - 00040256 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-03-28 14:46 - 2013-03-28 14:46 - 00035984 _____ () C:\Users\Zoe\AppData\Local\assembly\dl3\VL2L8MW8.JZG\7QH0XV36.KQH\45a30b6b\001db878_b17ccd01\ExcelAddIn.DLL
2013-10-01 11:48 - 2013-10-01 11:48 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-03-14 18:57 - 2013-03-14 19:20 - 00121920 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2013-10-10 09:12 - 2013-10-10 09:12 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2013 11:44:10 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (10/25/2013 11:44:10 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The data is invalid.   0x8007000d (0x8007000d)

Error: (10/25/2013 11:29:40 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Util qualitink since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/25/2013 11:29:40 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Update qualitink since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/25/2013 09:16:34 AM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (10/25/2013 09:16:34 AM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (10/24/2013 02:54:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 24.0.0.5001, time stamp: 0x522fd228
Faulting module name: NPSWF32_11_9_900_117.dll, version: 11.9.900.117, time stamp: 0x5244d60c
Exception code: 0x40000015
Fault offset: 0x0035358b
Faulting process id: 0x2c5c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (10/24/2013 02:54:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_9_900_117.exe, version: 11.9.900.117, time stamp: 0x5244d3b6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00ce2e00
Faulting process id: 0x2ecc
Faulting application start time: 0xFlashPlayerPlugin_11_9_900_117.exe0
Faulting application path: FlashPlayerPlugin_11_9_900_117.exe1
Faulting module path: FlashPlayerPlugin_11_9_900_117.exe2
Report Id: FlashPlayerPlugin_11_9_900_117.exe3
Faulting package full name: FlashPlayerPlugin_11_9_900_117.exe4
Faulting package-relative application ID: FlashPlayerPlugin_11_9_900_117.exe5

Error: (10/24/2013 11:49:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: V5-571)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

Error: (10/23/2013 05:33:02 PM) (Source: IMFservice) (User: )
Description: The handle is invalid


System errors:
=============
Error: (10/25/2013 11:35:50 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (10/25/2013 09:22:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (10/25/2013 09:17:37 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (10/25/2013 09:09:36 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (10/25/2013 09:04:53 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (10/24/2013 04:11:44 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (10/24/2013 10:07:36 AM) (Source: DCOM) (User: V5-571)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}V5-571ZoeS-1-5-21-2291105322-700541216-3576249611-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/24/2013 10:06:49 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (10/24/2013 09:21:13 AM) (Source: Service Control Manager) (User: )
Description: The StartMenu8 Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2013 09:15:15 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/25/2013 11:44:10 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (10/25/2013 11:44:10 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The data is invalid.   0x8007000d (0x8007000d)
4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)

Error: (10/25/2013 11:29:40 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Util qualitink since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/25/2013 11:29:40 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update qualitink since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/25/2013 09:16:34 AM) (Source: IMFservice)(User: )
Description: The handle is invalid

Error: (10/25/2013 09:16:34 AM) (Source: IMFservice)(User: )
Description: The handle is invalid

Error: (10/24/2013 02:54:16 PM) (Source: Application Error)(User: )
Description: plugin-container.exe24.0.0.5001522fd228NPSWF32_11_9_900_117.dll11.9.900.1175244d60c400000150035358b2c5c01ced0c6da3a6963C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_11_9_900_117.dlladc7e6be-3cdd-11e3-bf1f-2016d8101560

Error: (10/24/2013 02:54:09 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_9_900_117.exe11.9.900.1175244d3b6unknown0.0.0.000000000c000000500ce2e002ecc01ced0c6db107b9fC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeunknowna9ba5666-3cdd-11e3-bf1f-2016d8101560

Error: (10/24/2013 11:49:50 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: V5-571)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos

Error: (10/23/2013 05:33:02 PM) (Source: IMFservice)(User: )
Description: The handle is invalid


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 7987.59 MB
Available physical RAM: 5176.49 MB
Total Pagefile: 9203.59 MB
Available Pagefile: 6110.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:684.84 GB) (Free:601.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 90013E6B)

Partition: GPT Partition Type
==================== End Of Log ============================

Link to post
Share on other sites

While I look over the logs...why do you have all these installed:

 

AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

 


Running more than one anti-virus only cause conflicts and provides spotty protection.

Dangers of running 2 anti-virus programs

MrC

Link to post
Share on other sites

See below. Also, I did not click 'Fix' on Farbar Recovery. Should I?

 

 

 

---

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Zoe (administrator) on V5-571 on 25-10-2013 12:17:25
Running from C:\Users\Zoe\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Dropbox, Inc.) C:\Users\Zoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer\Run: [btvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [backgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zoe\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\...\Runonce: [Application Restart #4] - C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Zoe\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
Startup: C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zoe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =
SearchScopes: HKCU - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =
SearchScopes: HKCU - {99CDA7A6-E331-4022-B8A1-1059F4A04A9D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN39390525004846724&UM=2
BHO: No Name - {11111111-1111-1111-1111-110311551178} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Zoe\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: firefox - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\firefox@qualitink.net.xpi
FF Extension: trtv3 - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\trtv3@trtv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [8704 2012-07-25] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-05] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-09-17] (ELAN Microelectronics Corp.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 msiserver; C:\Windows\SysWow64\msiexec.exe [62976 2012-07-25] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-25] (Dritek System INC.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [670208 2013-04-08] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
R0 KL1; C:\Windows\system32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\system32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-03-05] (Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-25] (Dritek System Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 12:17 - 2013-10-25 12:17 - 00000000 ____D C:\FRST
2013-10-25 12:16 - 2013-10-25 12:16 - 01955412 _____ (Farbar) C:\Users\Zoe\Desktop\FRST64.exe
2013-10-25 11:31 - 2013-10-25 11:34 - 00000000 ____D C:\AdwCleaner
2013-10-25 11:31 - 2013-10-25 11:31 - 01060070 _____ C:\Users\Zoe\Desktop\AdwCleaner.exe
2013-10-25 11:04 - 2013-10-25 11:05 - 00000035 _____ C:\Users\Zoe\Desktop\Thierry Birthday.txt
2013-10-25 10:05 - 2013-10-25 10:06 - 00005136 _____ C:\Users\Zoe\Desktop\attach.txt
2013-10-25 10:05 - 2013-10-25 10:05 - 00032599 _____ C:\Users\Zoe\Desktop\dds.txt
2013-10-25 10:02 - 2013-10-25 10:02 - 00688992 ____R (Swearware) C:\Users\Zoe\Desktop\dds.scr
2013-10-24 14:33 - 2013-10-24 14:33 - 00001091 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 14:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-24 14:32 - 2013-10-24 14:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Zoe\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-24 12:12 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\TuneUp Software
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\AVG2014
2013-10-24 10:03 - 2013-10-24 10:04 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-24 10:03 - 2013-10-24 10:03 - 00000000 ___HD C:\$AVG
2013-10-24 10:02 - 2013-10-24 10:03 - 22205064 _____ (Microsoft Corporation) C:\Users\Zoe\Desktop\Windows-KB890830-x64-V5.5.exe
2013-10-24 10:02 - 2013-10-24 10:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-24 09:58 - 2013-10-25 09:10 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 09:58 - 2013-10-24 10:11 - 00000000 ____D C:\Users\Zoe\AppData\Local\Avg2014
2013-10-24 09:58 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local\MFAData
2013-10-24 09:21 - 2013-10-24 09:21 - 00003156 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-10-24 09:14 - 2013-10-24 16:11 - 00031746 _____ C:\Windows\PFRO.log
2013-10-23 16:59 - 2013-10-25 11:36 - 00000294 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-10-23 16:59 - 2013-10-23 16:59 - 00003210 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-10-23 16:59 - 2013-10-23 16:59 - 00002544 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-10-23 16:59 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-10-22 09:56 - 2013-10-22 09:56 - 00003358 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-10-22 09:55 - 2013-10-25 11:36 - 00001278 _____ C:\Windows\Tasks\Torntv 2-updater.job
2013-10-22 09:55 - 2013-10-25 11:36 - 00001170 _____ C:\Windows\Tasks\Torntv 2-codedownloader.job
2013-10-22 09:55 - 2013-10-25 11:36 - 00001080 _____ C:\Windows\Tasks\Torntv 2-enabler.job
2013-10-22 09:55 - 2013-10-25 11:35 - 00000000 ____D C:\Program Files (x86)\qualitink
2013-10-22 09:55 - 2013-10-22 09:55 - 00004282 _____ C:\Windows\System32\Tasks\Torntv 2-updater
2013-10-22 09:55 - 2013-10-22 09:55 - 00004174 _____ C:\Windows\System32\Tasks\Torntv 2-codedownloader
2013-10-22 09:55 - 2013-10-22 09:55 - 00004084 _____ C:\Windows\System32\Tasks\Torntv 2-enabler
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\WinterSoft
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-16 11:19 - 2013-10-16 11:20 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files (x86)\Browny02
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Brother
2013-10-16 11:13 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2013-10-16 11:13 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2013-10-16 11:13 - 2010-09-29 17:07 - 00180224 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2013-10-16 11:13 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2013-10-16 11:13 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2013-10-16 11:09 - 2013-10-16 11:09 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-10-15 14:57 - 2013-10-15 17:10 - 00019883 _____ C:\Users\Zoe\Desktop\Blank Eval Form.xlsx
2013-10-15 11:03 - 2013-08-10 01:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-15 11:03 - 2013-08-02 02:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-15 11:03 - 2013-08-02 02:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-15 11:03 - 2013-08-02 01:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-15 11:03 - 2013-08-02 01:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-15 11:03 - 2013-08-02 01:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-15 11:03 - 2013-08-01 06:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-15 11:03 - 2013-04-09 19:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-15 11:03 - 2013-04-09 18:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-10-15 11:02 - 2013-08-10 01:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-15 11:02 - 2013-08-09 23:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-15 11:02 - 2013-08-03 02:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-15 11:02 - 2013-08-03 01:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-15 11:02 - 2013-08-03 01:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-15 11:02 - 2013-08-03 01:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-15 11:02 - 2013-08-02 01:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-15 11:02 - 2013-07-30 19:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-15 11:02 - 2013-07-24 19:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-15 11:02 - 2013-07-24 19:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-15 08:57 - 2013-10-15 08:57 - 00456592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 13:20 - 2013-10-10 13:21 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-10-10 12:03 - 2013-10-01 21:38 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 12:03 - 2013-10-01 21:38 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 09:18 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 09:18 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 09:18 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 09:18 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 09:18 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 09:18 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 09:18 - 2013-07-05 20:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 09:18 - 2013-07-03 22:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 09:18 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-09 09:18 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-09 09:18 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 09:18 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 09:18 - 2013-04-28 18:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 09:18 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 09:18 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 09:18 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 09:18 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-09 09:18 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 09:18 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 09:17 - 2013-08-23 01:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 09:17 - 2013-07-19 18:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:17 - 2013-07-19 18:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:17 - 2013-07-05 18:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 09:17 - 2013-07-05 18:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 09:17 - 2013-07-01 21:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-09 09:17 - 2013-07-01 21:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-09 09:17 - 2013-07-01 21:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-09 09:17 - 2013-07-01 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 09:17 - 2013-07-01 18:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 09:17 - 2013-06-30 21:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 09:17 - 2013-06-28 23:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 09:17 - 2013-06-28 23:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 09:17 - 2013-06-28 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 09:17 - 2013-06-28 23:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 09:17 - 2013-06-22 01:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 09:17 - 2013-06-22 01:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-09 09:17 - 2013-05-26 19:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 09:17 - 2013-05-26 18:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 09:17 - 2013-05-24 23:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 09:17 - 2013-05-24 22:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-03 11:59 - 2013-10-11 17:23 - 00000064 _____ C:\Users\Zoe\Desktop\onsite stuff.txt
2013-10-03 07:10 - 2013-10-25 09:20 - 00000412 _____ C:\Users\Zoe\Desktop\Winners - eval form.txt
2013-10-01 11:48 - 2013-10-01 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 10:44 - 2013-08-16 01:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-10-01 10:44 - 2013-08-16 01:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-10-01 10:44 - 2013-08-16 01:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-10-01 10:44 - 2013-08-16 01:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-10-01 10:44 - 2013-08-16 01:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-10-01 10:44 - 2013-08-16 01:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-10-01 10:44 - 2013-08-16 01:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-10-01 10:44 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-10-01 10:44 - 2013-08-16 01:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-10-01 10:44 - 2013-08-15 18:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-10-01 10:44 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-10-01 10:44 - 2013-08-15 18:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-10-01 10:44 - 2013-08-15 18:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-10-01 10:42 - 2013-08-07 01:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-10-01 10:41 - 2013-07-09 04:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-10-01 10:41 - 2013-07-09 02:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-10-01 10:41 - 2013-07-09 00:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-10-01 10:41 - 2013-07-08 23:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-10-01 10:41 - 2013-07-08 18:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-10-01 10:41 - 2013-07-08 18:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-10-01 10:41 - 2013-07-05 20:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-10-01 10:41 - 2013-07-02 20:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-10-01 10:41 - 2013-07-02 20:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-10-01 10:41 - 2013-07-02 20:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-10-01 10:41 - 2013-07-02 20:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-10-01 10:41 - 2013-07-02 20:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-10-01 10:41 - 2013-07-02 20:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-10-01 10:41 - 2013-07-02 20:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-10-01 10:41 - 2013-06-30 18:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-10-01 10:41 - 2013-06-30 18:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-10-01 10:41 - 2013-06-29 02:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-10-01 10:41 - 2013-06-29 02:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-10-01 10:41 - 2013-06-29 01:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-10-01 10:41 - 2013-06-28 21:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-10-01 10:41 - 2013-06-25 23:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-10-01 10:41 - 2013-06-25 22:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-10-01 10:41 - 2013-06-24 18:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-10-01 10:41 - 2013-06-24 18:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-10-01 10:41 - 2013-06-24 18:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-10-01 10:41 - 2013-06-19 01:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-10-01 10:41 - 2013-06-19 01:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-10-01 10:41 - 2013-06-18 18:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-10-01 10:41 - 2013-06-18 18:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-10-01 10:41 - 2013-06-11 19:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-10-01 10:41 - 2013-06-11 19:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-10-01 10:41 - 2013-06-10 17:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-10-01 10:41 - 2013-06-10 15:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-10-01 10:41 - 2013-06-10 15:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-10-01 10:41 - 2013-06-10 15:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-10-01 10:41 - 2013-06-10 15:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-10-01 10:41 - 2013-06-10 15:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-10-01 10:41 - 2013-06-10 15:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-10-01 10:41 - 2013-06-06 04:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-10-01 10:39 - 2013-10-16 09:25 - 00000000 ____D C:\ProgramData\Brother
2013-10-01 10:39 - 2013-10-05 06:53 - 00000334 _____ C:\Windows\BRCALIB.INI
2013-10-01 10:29 - 2013-10-01 10:29 - 00000000 _____ C:\asc_rdflag
2013-09-30 10:45 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

==================== One Month Modified Files and Folders =======

2013-10-25 12:17 - 2013-10-25 12:17 - 00000000 ____D C:\FRST
2013-10-25 12:16 - 2013-10-25 12:16 - 01955412 _____ (Farbar) C:\Users\Zoe\Desktop\FRST64.exe
2013-10-25 12:03 - 2013-03-15 15:54 - 02914816 ___SH C:\Users\Zoe\Desktop\Thumbs.db
2013-10-25 12:02 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-25 11:50 - 2013-03-05 07:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-25 11:49 - 2013-03-14 19:57 - 00000000 ____D C:\Users\Zoe\AppData\Local\Deployment
2013-10-25 11:42 - 2013-03-05 01:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2291105322-700541216-3576249611-1001
2013-10-25 11:39 - 2013-03-15 15:40 - 00000000 ____D C:\Users\Zoe\Documents\Outlook Files
2013-10-25 11:38 - 2013-04-08 11:57 - 00000000 ___RD C:\Users\Zoe\Dropbox
2013-10-25 11:38 - 2013-04-08 11:54 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Dropbox
2013-10-25 11:36 - 2013-10-23 16:59 - 00000294 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001278 _____ C:\Windows\Tasks\Torntv 2-updater.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001170 _____ C:\Windows\Tasks\Torntv 2-codedownloader.job
2013-10-25 11:36 - 2013-10-22 09:55 - 00001080 _____ C:\Windows\Tasks\Torntv 2-enabler.job
2013-10-25 11:35 - 2013-10-22 09:55 - 00000000 ____D C:\Program Files (x86)\qualitink
2013-10-25 11:35 - 2012-09-04 12:53 - 00053284 _____ C:\Windows\system32\wpbbin.exe
2013-10-25 11:35 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 11:34 - 2013-10-25 11:31 - 00000000 ____D C:\AdwCleaner
2013-10-25 11:34 - 2012-11-25 07:44 - 01978120 _____ C:\Windows\WindowsUpdate.log
2013-10-25 11:31 - 2013-10-25 11:31 - 01060070 _____ C:\Users\Zoe\Desktop\AdwCleaner.exe
2013-10-25 11:30 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-25 11:19 - 2013-03-05 05:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-25 11:18 - 2013-03-14 19:58 - 00000000 ____D C:\Users\Zoe\AppData\Local\Pokki
2013-10-25 11:05 - 2013-10-25 11:04 - 00000035 _____ C:\Users\Zoe\Desktop\Thierry Birthday.txt
2013-10-25 10:06 - 2013-10-25 10:05 - 00005136 _____ C:\Users\Zoe\Desktop\attach.txt
2013-10-25 10:05 - 2013-10-25 10:05 - 00032599 _____ C:\Users\Zoe\Desktop\dds.txt
2013-10-25 10:02 - 2013-10-25 10:02 - 00688992 ____R (Swearware) C:\Users\Zoe\Desktop\dds.scr
2013-10-25 09:20 - 2013-10-03 07:10 - 00000412 _____ C:\Users\Zoe\Desktop\Winners - eval form.txt
2013-10-25 09:20 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-25 09:10 - 2013-10-24 09:58 - 00000000 ____D C:\ProgramData\MFAData
2013-10-24 16:44 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-24 16:11 - 2013-10-24 09:14 - 00031746 _____ C:\Windows\PFRO.log
2013-10-24 15:19 - 2013-03-05 01:04 - 00000000 ____D C:\Users\Zoe\AppData\Local\Packages
2013-10-24 14:54 - 2013-03-05 05:28 - 00000000 ____D C:\Users\Zoe\AppData\Local\CrashDumps
2013-10-24 14:33 - 2013-10-24 14:33 - 00001091 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-24 14:33 - 2013-10-24 14:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-24 14:32 - 2013-10-24 14:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Zoe\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-24 10:11 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local\Avg2014
2013-10-24 10:10 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\TuneUp Software
2013-10-24 10:04 - 2013-10-24 10:04 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\AVG2014
2013-10-24 10:04 - 2013-10-24 10:03 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-24 10:03 - 2013-10-24 10:03 - 00000000 ___HD C:\$AVG
2013-10-24 10:03 - 2013-10-24 10:02 - 22205064 _____ (Microsoft Corporation) C:\Users\Zoe\Desktop\Windows-KB890830-x64-V5.5.exe
2013-10-24 10:03 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-24 10:02 - 2013-10-24 10:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-24 09:58 - 2013-10-24 09:58 - 00000000 ____D C:\Users\Zoe\AppData\Local\MFAData
2013-10-24 09:21 - 2013-10-24 09:21 - 00003156 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-10-23 16:59 - 2013-10-23 16:59 - 00003210 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-10-23 16:59 - 2013-10-23 16:59 - 00002544 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-10-23 16:59 - 2013-09-16 15:26 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\IObit
2013-10-23 16:59 - 2013-09-16 15:26 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-23 16:58 - 2013-09-16 15:26 - 00000000 ____D C:\ProgramData\IObit
2013-10-23 16:57 - 2013-04-05 15:59 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\FileZilla
2013-10-22 09:56 - 2013-10-22 09:56 - 00003358 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-10-22 09:55 - 2013-10-22 09:55 - 00004282 _____ C:\Windows\System32\Tasks\Torntv 2-updater
2013-10-22 09:55 - 2013-10-22 09:55 - 00004174 _____ C:\Windows\System32\Tasks\Torntv 2-codedownloader
2013-10-22 09:55 - 2013-10-22 09:55 - 00004084 _____ C:\Windows\System32\Tasks\Torntv 2-enabler
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\WinterSoft
2013-10-22 09:50 - 2013-10-22 09:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 11:21 - 2013-04-02 09:19 - 00000000 ____D C:\Users\Zoe\Documents\Timesheets
2013-10-17 14:52 - 2012-07-26 03:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-16 11:20 - 2013-10-16 11:19 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\ProgramData\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Program Files (x86)\Browny02
2013-10-16 11:13 - 2013-10-16 11:13 - 00000000 ____D C:\Brother
2013-10-16 11:13 - 2013-04-18 12:46 - 00000000 ____D C:\Program Files (x86)\Brother
2013-10-16 11:12 - 2012-09-04 13:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-16 11:09 - 2013-10-16 11:09 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-10-16 09:25 - 2013-10-01 10:39 - 00000000 ____D C:\ProgramData\Brother
2013-10-16 08:57 - 2013-03-05 01:06 - 00000000 ___RD C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-16 08:57 - 2013-03-05 01:06 - 00000000 ___RD C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-16 07:41 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2013-10-15 17:16 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-15 17:10 - 2013-10-15 14:57 - 00019883 _____ C:\Users\Zoe\Desktop\Blank Eval Form.xlsx
2013-10-15 08:57 - 2013-10-15 08:57 - 00456592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 17:24 - 2013-03-28 14:41 - 00000000 ____D C:\Users\Zoe\Desktop\Zoe's stuff
2013-10-11 17:23 - 2013-10-03 11:59 - 00000064 _____ C:\Users\Zoe\Desktop\onsite stuff.txt
2013-10-11 08:11 - 2013-03-14 18:56 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-11 08:00 - 2013-03-05 05:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 08:00 - 2013-03-05 05:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 13:21 - 2013-10-10 13:20 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-10-09 16:22 - 2013-04-18 12:47 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Brother
2013-10-08 13:19 - 2013-03-05 05:06 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-05 06:53 - 2013-10-01 10:39 - 00000334 _____ C:\Windows\BRCALIB.INI
2013-10-01 21:38 - 2013-10-10 12:03 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 21:38 - 2013-10-10 12:03 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 15:00 - 2013-03-15 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 14:14 - 2013-03-15 14:19 - 00000000 ____D C:\Users\Zoe\AppData\Local\Mozilla
2013-10-01 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore
2013-10-01 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-01 12:39 - 2012-07-26 01:38 - 00000000 ____D C:\Windows\system32\oobe
2013-10-01 11:48 - 2013-10-01 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 10:29 - 2013-10-01 10:29 - 00000000 _____ C:\asc_rdflag
2013-10-01 10:29 - 2013-03-05 01:04 - 00000000 ____D C:\Users\Zoe
2013-09-26 01:46 - 2013-10-24 12:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

Some content of TEMP:
====================
C:\Users\Zoe\AppData\Local\Temp\oct324B.tmp.exe
C:\Users\Zoe\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 07:43

==================== End Of Log ============================

Link to post
Share on other sites

All of those programs, except Kaspersky (but including MB), I installed yesterday when I was trying to rid of the malware. Hoping that one would work where the others failed.

Well keep AVG or Kaspersky as your AV. Also keep Malwarebytes

Uninstall the rest. Multiple AVs doesn't work.

Dangers of running 2 anti-virus programs

-----------------------------------

I don't see anything wrong with IE, (we can use the reset button if needed though)

FF I found the problem.

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know.....MrC

Link to post
Share on other sites

The "fix" seemed instaneous, not sure if that is ok.

----

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Zoe at 2013-10-25 14:01:37 Run:1
Running from C:\Users\Zoe\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [backgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zoe\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\...\Runonce: [Application Restart #4] - C:\Users\Zoe\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Zoe\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session
SearchScopes: HKCU - {4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} URL =
SearchScopes: HKCU - {99CDA7A6-E331-4022-B8A1-1059F4A04A9D} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN39390525004846724&UM=2
BHO: No Name - {11111111-1111-1111-1111-110311551178} -  No File
FF Extension: firefox - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\firefox@qualitink.net.xpi
FF Extension: trtv3 - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\trtv3@trtv.com.xpi

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} => Key deleted successfully.
HKCR\CLSID\{4D44A90A-67FF-46D6-B34D-0EF5A5FB7C57} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99CDA7A6-E331-4022-B8A1-1059F4A04A9D} => Key deleted successfully.
HKCR\CLSID\{99CDA7A6-E331-4022-B8A1-1059F4A04A9D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311551178} => Key not found.
C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\firefox@qualitink.net.xpi => Moved successfully.
C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\9hl5nkwl.default\Extensions\trtv3@trtv.com.xpi => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky PURE 2.0   
Windows Defender     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 15  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgemc.exe
 Kaspersky Lab Kaspersky PURE 2.0 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 15 <----please update, should be Update 45

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Un-check the box to install the Ask toolbar!!! and any other free "stuff".

------------------------------

A little clean up to do....


If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.