Internet browser popping up add pages

**plettinsky** · 2014-07-03, 04:55

Hello
I would like to request some help for my son's computer. He downloaded some software for a live stream system to watch the World Cup, but it turned into a live stream of addware and a hijacked browser... We have used spybot and Symantec which removed a few things (unfortunately I didn't keep track of what the files were, could look it up if needed). I also disabled any non-Microsoft add-ons for IE. The pages seemed to have gone away for a little while but seem to be back with a vengeance.

Was told to mention that I did not use ERUNT since it's a Win7 system. Also, that I have another laptop that had similar issues, but not as rampant. Would like to analyze it as well.

Thank you very, very much in advance

Here are the DDS and aswMBr logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.10.2
Run by alaric at 22:24:26 on 2014-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3817.2427 [GMT -4:00]
.
AV: Spybot - Search and Destroy *Disabled/Outdated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\003\nuttkoqiez64.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/webhp?tab=ww&ei=I5SjU7OBEajY8gHKnIHoCw&ved=0CBYQ1S4
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\alaric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.iu.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=207593873
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{80E1BE3C-4223-4380-9112-E606D18CD1A7} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-11-30 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-11-30 40064]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys [2014-6-17 1530160]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSviA64.sys [2014-7-2 525016]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-6-12 46376]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-30 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2425960]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-30 244624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-3-23 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nuttkoqiez64;nuttkoqiez64;C:\Program Files\003\nuttkoqiez64.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 --> C:\Program Files\003\nuttkoqiez64.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 [?]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-14 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-14 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-14 171928]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-11-3 143928]
R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [2014-6-25 172544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-30 231440]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2014-1-9 21656]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\System32\drivers\ITECIRfilter.sys [2012-6-24 28264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-30 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-30 539240]
R3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-5-28 25536]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-24 44672]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-1-9 1579936]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-26 19:18:39 -------- d-----w- C:\Program Files\SupraSavings
2014-06-26 19:18:35 -------- d-----w- C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-24 13:48:31 -------- d-----w- C:\ProgramData\BlueStacks
2014-06-18 21:10:39 -------- d-----w- C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 21:10:38 -------- d-----w- C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 21:08:53 -------- d-----w- C:\Program Files (x86)\TunnelBear
2014-06-18 21:08:15 -------- d-----w- C:\ProgramData\Package Cache
2014-06-16 03:21:42 -------- d-----w- C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-14 21:55:33 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-14 21:55:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-14 21:55:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 02:18:48 -------- d-----w- C:\Users\alaric\AppData\Local\Programs
2014-06-13 13:11:55 -------- d-----w- C:\Users\alaric\AppData\Local\Windows Live
2014-06-13 13:11:19 -------- d-----w- C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-12 20:37:56 -------- d-----w- C:\temp
2014-06-12 20:29:46 -------- d-----w- C:\Program Files\003
2014-06-12 19:05:34 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-06-11 14:13:29 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 14:13:29 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 14:13:28 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 14:13:28 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 14:13:23 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 14:13:22 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 14:13:22 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 14:13:22 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-06-06 18:01:46 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-06-06 18:01:42 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-06-06 18:01:40 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 02:00:52 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 02:00:52 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-01 21:15:14 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:25:44.22 ===============

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-02 22:45:40
-----------------------------
22:45:40.284 OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:40.284 Number of processors: 2 586 0x200
22:45:40.284 ComputerName: ALARIC-PC UserName: alaric
22:45:45.385 Initialize success
22:45:45.697 VM: initialized successfully
22:45:45.728 VM: Amd CPU supported
22:45:58.514 VM: not used
22:46:19.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
22:46:19.962 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
22:46:20.118 Disk 0 MBR read successfully
22:46:20.118 Disk 0 MBR scan
22:46:20.118 Disk 0 Windows 7 default MBR code
22:46:20.134 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
22:46:20.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
22:46:20.149 Disk 0 default boot code
22:46:20.165 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
22:46:20.212 Disk 0 scanning C:\Windows\system32\drivers
22:46:28.168 Service scanning
22:46:32.758 Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys **LOCKED** 5
22:46:34.053 Service ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553} C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys **LOCKED** 5
22:46:38.203 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:46:38.639 Service EraserUtilDrv11313 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys **LOCKED** 5
22:46:46.627 Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSvia64.sys **LOCKED** 5
22:46:59.747 Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140702.001\ENG64.SYS **LOCKED** 5
22:47:00.044 Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140702.001\EX64.SYS **LOCKED** 5
22:47:13.819 Service SRTSPX C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS **LOCKED** 5
22:47:16.455 Service SymDS C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS **LOCKED** 5
22:47:16.985 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:47:17.282 Service SymIRON C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS **LOCKED** 5
22:47:17.594 Service SYMNETS C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS **LOCKED** 5
22:47:37.439 Modules scanning
22:47:37.454 Disk 0 trace - called modules:
22:47:37.470 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:47:37.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004afb060]
22:47:37.501 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80046db800]
22:47:37.517 5 amd_xata.sys[fffff880010b4b3f] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80046da060]
22:47:37.517 Scan finished successfully
22:50:47.891 Disk 0 MBR has been saved successfully to "C:\Users\alaric\Desktop\MBR.dat"
22:50:47.906 The log file has been saved successfully to "C:\Users\alaric\Desktop\aswMBR.txt"

**Juliet** · 2014-07-03, 13:38

Hi and welcome.

I can see malware on the machine but chances are there is more thats hidden and we will have to run a few scans to find it.

Please check your add/remove programs list for SupraSavings and try to remove this.
It may or may not go nicely. Which ever is the case we'll get it out.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop:
FRST 32bit or FRST 64bit
(If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt
The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

**plettinsky** · 2014-07-04, 01:15

Hello Julie

Thank you for helping us out. I didn't see SupraSavings in the control panel, so no luck there. I deleted a software called Game Channel since it had been recently installed, but my son didn't remember installing anything recently. Sorry, hit uninstall before I remembered that the forum recommends not touching anything unless instructed. Hope it's OK. Below are the logs requested. Had to put the addition log in the next email because it was too long.
Also, for what it's worth, I noticed "Password Box" in the scan below. It is one of the add-ons that I couldn't disable or remove in explorer.

Artur

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by alaric (administrator) on ALARIC-PC on 03-07-2014 18:58:52
Running from C:\Users\alaric\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\003\nuttkoqiez64.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
() C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Inc.) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3227552 2014-05-08] (Echobit LLC)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: {04b42a6b-365b-11e2-87d5-d02788ae472c} - D:\Setup.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: {4df2260a-76d7-11e3-affa-d02788ae472c} - D:\LaunchBFII.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1001\...\MountPoints2: {04b42a6b-365b-11e2-87d5-d02788ae472c} - D:\LaunchRC.exe
Startup: C:\Users\alaric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?tab=ww&...w&ved=0CBYQ1S4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/J...upClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.iu.edu/dana-cached/sc/Ju...etupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/R...?rnd=207593873
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF [2013-10-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-05-08] (Echobit LLC)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-05-28] ()
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-13] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-06-13] (Symantec Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-01-09] (Echobit, LLC)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S4 LMIRfsClientNP; No ImagePath
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140703.002\ENG64.SYS [126040 2014-06-13] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140703.002\EX64.SYS [2099288 2014-06-13] (Symantec Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U3 aswMBR; \??\C:\Users\alaric\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\alaric\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-03 18:58 - 2014-07-03 18:59 - 00019931 _____ () C:\Users\alaric\Desktop\FRST.txt
2014-07-03 18:58 - 2014-07-03 18:58 - 00000000 ____D () C:\FRST
2014-07-03 18:56 - 2014-07-03 18:57 - 02083840 _____ (Farbar) C:\Users\alaric\Desktop\FRST64.exe
2014-07-02 22:50 - 2014-07-02 22:50 - 00003483 _____ () C:\Users\alaric\Desktop\aswMBR.txt
2014-07-02 22:50 - 2014-07-02 22:50 - 00000512 _____ () C:\Users\alaric\Desktop\MBR.dat
2014-07-02 22:34 - 2014-07-02 22:34 - 00004313 _____ () C:\Users\alaric\Desktop\attach (2).zip
2014-07-02 22:30 - 2014-07-02 22:30 - 00004304 _____ () C:\Users\alaric\Desktop\attach.zip
2014-07-02 22:25 - 2014-07-02 22:25 - 00021766 _____ () C:\Users\alaric\Desktop\dds.txt
2014-07-02 22:25 - 2014-07-02 22:25 - 00012751 _____ () C:\Users\alaric\Desktop\attach.txt
2014-07-02 22:09 - 2014-07-02 22:09 - 00688992 ____R (Swearware) C:\Users\alaric\Desktop\dds.scr
2014-06-26 15:18 - 2014-07-03 10:46 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-26 15:18 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\Desktop\Cache.Windows
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Warframe
2014-06-24 13:36 - 2014-06-24 13:36 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WinRAR
2014-06-24 12:06 - 2014-06-24 12:06 - 00013133 _____ () C:\Users\kjartan\Desktop\Sound - Shortcut.lnk
2014-06-24 09:48 - 2014-06-24 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-24 09:47 - 2014-06-24 09:47 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WildTangent
2014-06-24 09:21 - 2014-06-24 10:27 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Rovio
2014-06-24 09:19 - 2014-06-24 09:19 - 00001417 _____ () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieUserList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieSiteList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\OEM
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Apple Computer
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Adobe
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Acer
2014-06-24 09:18 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan
2014-06-24 09:18 - 2014-06-24 09:18 - 00000020 ___SH () C:\Users\kjartan\ntuser.ini
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\CyberLink
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\VirtualStore
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Symantec
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\MediaServer
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\clear.fi
2014-06-24 09:18 - 2013-10-23 03:05 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Microsoft Help
2014-06-24 09:18 - 2011-11-30 07:40 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Macromedia
2014-06-24 09:18 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-24 09:18 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-23 13:52 - 2014-06-23 13:52 - 00002550 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 17:09 - 2014-06-18 17:09 - 00001881 _____ () C:\Users\Public\Desktop\TunnelBear.lnk
2014-06-18 17:08 - 2014-06-30 18:51 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 17:02 - 2014-06-18 17:05 - 13620224 _____ (TunnelBear) C:\Users\alaric\Downloads\TunnelBear-Intellibear.exe
2014-06-15 23:21 - 2014-06-15 23:21 - 00000000 ____D () C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-14 21:39 - 2014-06-15 18:07 - 00001392 _____ () C:\Windows\wininit.ini
2014-06-14 17:55 - 2014-06-14 21:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 17:55 - 2014-06-14 19:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 18:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-14 17:55 - 2014-06-14 18:52 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-14 17:55 - 2014-06-14 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 17:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 17:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-14 17:12 - 2014-06-14 17:53 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\alaric\Downloads\spybot-2.3 (1).exe
2014-06-14 15:52 - 2014-06-14 17:05 - 00034006 _____ () C:\Users\alaric\Downloads\spybot-2.3.exe
2014-06-13 22:18 - 2014-06-13 22:18 - 00003700 _____ () C:\Windows\System32\Tasks\Test TimeTrigger
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-13 17:58 - 2014-06-13 17:58 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut (2).lnk
2014-06-13 09:11 - 2014-06-16 07:42 - 00000000 ____D () C:\Users\alaric\AppData\Local\Windows Live
2014-06-13 09:11 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-12 16:37 - 2014-06-12 16:48 - 00000000 ____D () C:\temp
2014-06-12 16:29 - 2014-06-12 16:37 - 00000000 ____D () C:\Program Files\003
2014-06-12 16:27 - 2014-06-12 16:27 - 00480832 _____ () C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 10:24 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:24 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:24 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:24 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:24 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:24 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:24 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:24 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:24 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:24 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:24 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:24 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:24 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:24 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 10:24 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:24 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:24 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:24 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 10:24 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:24 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:24 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:24 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 10:24 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:24 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 10:24 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 10:24 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 10:24 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:24 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 10:24 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 10:24 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 10:24 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:24 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 10:24 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 10:24 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:24 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:24 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 10:24 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 10:24 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 10:24 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 10:24 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 10:24 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 10:24 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:24 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 10:24 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 10:24 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 10:24 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:24 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 10:24 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:24 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 10:24 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 10:24 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:24 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 10:13 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:13 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 10:13 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:13 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:13 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:13 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:13 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:13 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:13 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 10:13 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 10:13 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 10:13 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-04 09:09 - 2014-06-04 09:09 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut.lnk

==================== One Month Modified Files and Folders =======

2014-07-03 18:59 - 2014-07-03 18:58 - 00019931 _____ () C:\Users\alaric\Desktop\FRST.txt
2014-07-03 18:58 - 2014-07-03 18:58 - 00000000 ____D () C:\FRST
2014-07-03 18:57 - 2014-07-03 18:56 - 02083840 _____ (Farbar) C:\Users\alaric\Desktop\FRST64.exe
2014-07-03 18:57 - 2014-01-09 15:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 18:52 - 2011-11-30 06:44 - 00000000 ____D () C:\Program Files (x86)\Acer Games
2014-07-03 18:52 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 18:22 - 2013-06-22 10:19 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\.minecraft
2014-07-03 17:39 - 2012-06-24 08:01 - 01260196 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 15:34 - 2012-11-26 17:35 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\Apple Computer
2014-07-03 15:33 - 2009-07-14 00:51 - 00153542 _____ () C:\Windows\setupact.log
2014-07-03 13:24 - 2013-10-26 18:36 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-02 22:50 - 2014-07-02 22:50 - 00003483 _____ () C:\Users\alaric\Desktop\aswMBR.txt
2014-07-02 22:50 - 2014-07-02 22:50 - 00000512 _____ () C:\Users\alaric\Desktop\MBR.dat
2014-07-02 22:34 - 2014-07-02 22:34 - 00004313 _____ () C:\Users\alaric\Desktop\attach (2).zip
2014-07-02 22:30 - 2014-07-02 22:30 - 00004304 _____ () C:\Users\alaric\Desktop\attach.zip
2014-07-02 22:25 - 2014-07-02 22:25 - 00021766 _____ () C:\Users\alaric\Desktop\dds.txt
2014-07-02 22:25 - 2014-07-02 22:25 - 00012751 _____ () C:\Users\alaric\Desktop\attach.txt
2014-07-02 22:09 - 2014-07-02 22:09 - 00688992 ____R (Swearware) C:\Users\alaric\Desktop\dds.scr
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-06-30 18:51 - 2014-06-18 17:08 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-06-29 12:58 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 12:58 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 12:52 - 2012-11-27 12:59 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\Skype
2014-06-29 12:51 - 2013-10-19 20:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-29 12:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 15:18 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-26 14:23 - 2014-04-03 16:49 - 00000000 ____D () C:\Users\alaric\AppData\Local\Warframe
2014-06-26 12:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-25 08:46 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-24 16:42 - 2014-01-11 11:53 - 00000000 ____D () C:\Users\alaric\Desktop\bacup
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\Desktop\Cache.Windows
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Warframe
2014-06-24 13:36 - 2014-06-24 13:36 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WinRAR
2014-06-24 12:06 - 2014-06-24 12:06 - 00013133 _____ () C:\Users\kjartan\Desktop\Sound - Shortcut.lnk
2014-06-24 10:27 - 2014-06-24 09:21 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Rovio
2014-06-24 09:57 - 2012-11-24 07:06 - 00110136 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-06-24 09:48 - 2014-06-24 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-24 09:47 - 2014-06-24 09:47 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WildTangent
2014-06-24 09:19 - 2014-06-24 09:19 - 00001417 _____ () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieUserList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieSiteList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\OEM
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Apple Computer
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Adobe
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Acer
2014-06-24 09:19 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan
2014-06-24 09:18 - 2014-06-24 09:18 - 00000020 ___SH () C:\Users\kjartan\ntuser.ini
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\CyberLink
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\VirtualStore
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Symantec
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\MediaServer
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\clear.fi
2014-06-23 13:53 - 2011-11-30 06:44 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-23 13:52 - 2014-06-23 13:52 - 00002550 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 17:09 - 2014-06-18 17:09 - 00001881 _____ () C:\Users\Public\Desktop\TunnelBear.lnk
2014-06-18 17:09 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 17:05 - 2014-06-18 17:02 - 13620224 _____ (TunnelBear) C:\Users\alaric\Downloads\TunnelBear-Intellibear.exe
2014-06-16 18:07 - 2010-11-20 23:47 - 00242828 _____ () C:\Windows\PFRO.log
2014-06-16 11:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 07:42 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\Windows Live
2014-06-15 23:21 - 2014-06-15 23:21 - 00000000 ____D () C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-15 18:07 - 2014-06-14 21:39 - 00001392 _____ () C:\Windows\wininit.ini
2014-06-14 21:39 - 2014-06-14 17:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 20:06 - 2014-02-10 20:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-06-14 19:14 - 2014-06-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 18:52 - 2014-06-14 17:55 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-14 18:52 - 2014-06-14 17:55 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-14 18:52 - 2014-06-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 17:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 17:53 - 2014-06-14 17:12 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\alaric\Downloads\spybot-2.3 (1).exe
2014-06-14 17:05 - 2014-06-14 15:52 - 00034006 _____ () C:\Users\alaric\Downloads\spybot-2.3.exe
2014-06-13 22:21 - 2013-03-23 18:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-13 22:21 - 2013-03-23 18:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-13 22:18 - 2014-06-13 22:18 - 00003700 _____ () C:\Windows\System32\Tasks\Test TimeTrigger
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-13 21:58 - 2014-01-23 16:40 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-13 21:58 - 2014-01-23 16:40 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-13 17:58 - 2014-06-13 17:58 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut (2).lnk
2014-06-13 11:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 09:11 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-13 08:32 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 08:25 - 2012-12-04 22:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 08:23 - 2013-10-22 08:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 16:48 - 2014-06-12 16:37 - 00000000 ____D () C:\temp
2014-06-12 16:37 - 2014-06-12 16:29 - 00000000 ____D () C:\Program Files\003
2014-06-12 16:27 - 2014-06-12 16:27 - 00480832 _____ () C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 14:01 - 2013-03-23 18:52 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2013-03-23 18:52 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-06 14:01 - 2013-03-23 18:52 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 12:09 - 2014-01-18 14:12 - 00000000 ____D () C:\Users\alaric\Desktop\unused mods
2014-06-04 09:09 - 2014-06-04 09:09 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut.lnk
2014-06-03 20:31 - 2014-02-05 20:01 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\.technic

Files to move or delete:
====================
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll

Some content of TEMP:
====================
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 14:55

==================== End Of Log ============================

**plettinsky** · 2014-07-04, 01:16

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by alaric at 2014-07-03 19:01:02
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Spybot - Search and Destroy (Disabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

clear.fi (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E5A7407-161B-78A4-84C2-71638ADEC29A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60818.1635 - Advanced Micro Devices, Inc.) Hidden
Angry Birds (HKLM-x32\...\{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}) (Version: 2.2.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{B92C23C5-5756-450F-BACF-4C62DDE51FC0}) (Version: 1.2.2 - Rovio)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Clifford Reading (HKLM-x32\...\Clifford Reading) (Version: - )
Clifford Thinking Adventures (HKLM-x32\...\Clifford Adventure) (Version: - )
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Disney Pixar 1st Grade (HKLM-x32\...\{FF1EB8B3-149E-11D6-B234-0050DACD394D}) (Version: - )
Disney Pixar 1st Grade Print (HKLM-x32\...\{FF1EB9A6-149E-11D6-B234-0050DACD394D}) (Version: - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drome Racers (HKLM-x32\...\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}) (Version: - )
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GALIDOR(TM) - Defenders of the Outer Dimension (HKLM-x32\...\{24198A51-CBB9-43DB-9280-D58E825E1415}) (Version: 0.30.000 - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.02.0005 - ITE)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
JumpStart 1st Grade 2001 (HKLM-x32\...\JS1G2001) (Version: - )
Juniper Networks Network Connect 7.3.1 (HKLM-x32\...\Juniper Network Connect 7.3.1) (Version: 7.3.1.21949 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.1.26369 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LEGO Island (HKLM-x32\...\LEGOIsland) (Version: - )
LEGO Stunt Rally (HKLM-x32\...\LEGO Stunt Rally) (Version: - )
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
Magic School Bus - Dinosaurs (HKLM-x32\...\MSB Dino) (Version: - )
Magic School Bus - Earth (HKLM-x32\...\MSB Earth) (Version: - )
Majesty 2: The Fantasy Kingdom Sim (HKLM-x32\...\{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1) (Version: 1.0.0.0 - Paradox Interactive)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Command & Control Engine (HKLM-x32\...\MSCnC) (Version: - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Speech API 3.0 (HKLM-x32\...\SpeechAPI) (Version: - )
Microsoft Speech Lexicon (HKLM-x32\...\MSLex) (Version: - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nancy Drew: The Silent Spy (HKLM-x32\...\{35B438BB-E18B-4FD9-8D56-50BA90C11A71}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Reader Rabbit 1st Grade (HKLM-x32\...\Reader Rabbit 1st Grade) (Version: - )
Reader Rabbit Personalized Kindergarten (HKLM-x32\...\Reader Rabbit Personalized Kindergarten) (Version: - )
Reader Rabbit(R) Reading Ages 6-9 (HKLM-x32\...\Reader Rabbit(R) Reading Ages 6-9) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6487 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Richard Scarry's Best Activity Center Ever (HKLM-x32\...\Richard Scarry's Best Activity Center Ever) (Version: - )
Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version: - )
Scholastic's I SPY Fun House (HKLM-x32\...\Scholastic's I SPY Fun House) (Version: - )
Scholastic's I SPY Junior Puppet Playhouse (HKLM-x32\...\Scholastic's I SPY Junior Puppet Playhouse) (Version: - )
Scholastic's I SPY Mystery (HKLM-x32\...\Scholastic's I SPY Mystery) (Version: - )
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - )
Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - Star Gem Inc.)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Math (HKLM-x32\...\Star Wars Math) (Version: - )
Star Wars Pit Droids (HKLM-x32\...\Star Wars Pit Droids) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Battle for Middle-earth (tm) (HKLM-x32\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version: - )
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Total Annihilation: Kingdoms (HKLM-x32\...\Total Annihilation: Kingdoms) (Version: - )
TunnelBear (HKLM-x32\...\{625f2249-d094-455e-8548-72ca683eb9d3}) (Version: 2.2.21.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.21.0 - TunnelBear) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Warframe (HKLM-x32\...\{9BEE106C-6361-4B1D-BE26-3BA1D4463571}) (Version: 1.0.0 - Digital Extremes)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points =========================

13-06-2014 12:14:58 Windows Update
14-06-2014 02:19:09 Removed LogMeIn
14-06-2014 02:25:12 Removed LogMeIn Hamachi
18-06-2014 21:07:42 TunnelBear
18-06-2014 21:15:29 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
26-06-2014 21:26:02 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-12-17 17:08 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09821B85-CB97-4E8E-9672-54E0B7423A70} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {789BF275-F6BC-4D97-B096-E24ED7FAEA22} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {7B7B65C3-10C3-439D-BA37-97FE2AA3D53E} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {AECDBA43-D814-4FEC-9B04-BEB1B9534317} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {B139CA88-F6C8-42BD-9EEE-4EC8B2B3F61D} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION
Task: {B3F301D1-4D04-49DB-B1D9-0B44C61F061C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C07CFDBE-E6BA-48F8-B9CA-2F28595545AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {CD63FB3D-C92F-417D-B295-84B2D23DE09B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7652B8D-A1CB-47D4-BC65-1C68E71AE9F2} - System32\Tasks\{4F6148DC-DC77-4469-8208-55FF784C1466} => E:\101_ASB.EXE
Task: {FA5BD403-A5FB-41DC-A29D-C9D711CD72C8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00110080 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\nfapi.dll
2014-06-12 15:05 - 2014-06-12 15:05 - 00456192 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\ProtocolFilters.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-08-10 23:58 - 2011-08-10 23:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2011-08-18 20:03 - 2011-08-18 20:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 16:42 - 2011-06-17 16:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-05-28 10:44 - 2014-05-28 10:44 - 00025536 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 12:45 - 2014-05-14 12:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-06-14 17:55 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-14 17:55 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-14 17:55 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-14 17:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-14 17:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-08-10 23:57 - 2011-08-10 23:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00044984 _____ () C:\Program Files (x86)\Java\jre7\bin\prism-d3d.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00156592 _____ () C:\Program Files (x86)\Java\jre7\bin\glass.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00448432 _____ () C:\Program Files (x86)\Java\jre7\bin\libxml2.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00157104 _____ () C:\Program Files (x86)\Java\jre7\bin\libxslt.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 11887544 _____ () C:\Program Files (x86)\Java\jre7\bin\jfxwebkit.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00240568 _____ () C:\Program Files (x86)\Java\jre7\bin\javafx-font.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00298496 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\lwjgl.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00246332 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\avutil-ttv-51.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00113171 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\swresample-ttv-0.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00394810 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\libmp3lame-ttv.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00967168 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\twitchsdk.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00390144 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\OpenAL32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/03/2014 04:06:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2014 11:18:49 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/02/2014 11:13:22 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:alaric@at.atwola.com/ by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (07/02/2014 11:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2bb8

Start Time: 01cf9664b934032a

Termination Time: 328

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/02/2014 10:18:29 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Malware.2 in File: c:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

System errors:
=============
Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Microsoft Office Sessions:
=========================
Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/03/2014 04:06:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2014 11:18:49 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/02/2014 11:13:22 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:alaric@at.atwola.com/ by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (07/02/2014 11:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.171262bb801cf9664b934032a328C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/02/2014 10:18:29 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Malware.2 in File: c:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3816.95 MB
Available physical RAM: 1533.68 MB
Total Pagefile: 7632.09 MB
Available Pagefile: 3681.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:322.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CC0AC51A)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================

**Juliet** · 2014-07-04, 01:59

Do you want me to remove Password Box?

***********************************

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Program Files\003\nuttkoqiez64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

*******************

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open windows and browsers.

Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

****

Please post these 2 logs when finished.

**plettinsky** · 2014-07-04, 16:31

Hello
You asked if I wanted to remove Password Box. I assume that means it's harmless?
Ran the fixes and adwCleaner. Here are the logs and thanks again.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-07-2014
Ran by alaric at 2014-07-04 10:19:38 Run:1
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files\003\nuttkoqiez64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
end

*****************

C:\Program Files\003\nuttkoqiez64.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0' => Key deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll => Moved successfully.
GamesAppIntegrationService => Service deleted successfully.
nuttkoqiez64 => Service stopped successfully.
nuttkoqiez64 => Service deleted successfully.
SupraSavingsService64 => Service stopped successfully.
SupraSavingsService64 => Service deleted successfully.
70e6ca8c => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
C:\Program Files\SupraSavings => Moved successfully.
C:\Users\alaric\xobglu16.dll => Moved successfully.
C:\Users\alaric\xobglu32.dll => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isF814.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF}' => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger' => Key deleted successfully.
"C:\Program Files\003\nuttkoqiez64.exe" => File/Directory not found.
C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe => Moved successfully.

==== End of Fixlog ====

# AdwCleaner v3.214 - Report created 04/07/2014 at 10:23:48
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : alaric - ALARIC-PC
# Running from : C:\Users\alaric\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : nuttkoqiez64

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files\003
Folder Found : C:\Users\alaric\AppData\Local\Software
Folder Found : C:\Users\caplett12\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\kjartan\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Supra Savings
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322212216}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344214416}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\Software\suprasavings
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Supra Savings
Key Found : [x64] HKLM\SOFTWARE\suprasavings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

*************************

AdwCleaner[R0].txt - [3203 octets] - [04/07/2014 10:23:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3263 octets] ##########

**Juliet** · 2014-07-04, 17:53

Welcome back

Also, for what it's worth, I noticed "Password Box" in the scan below. It is one of the add-ons that I couldn't disable or remove in explorer.

Did you download and install this?

You asked if I wanted to remove Password Box. I assume that means it's harmless?

Thats a yes and no answer. If you didn't install it then, I'd let it go. My theory on this, anyone who could use the computer can open it (If they know the password to open it). If you use any secure sites such as banking, and no one has permission to access this or forums you visit, there could be a problem. I've never used one myself. Whats also important is where you download it from since it has become an annoyance for sites to download/attach unwanted items along with it.
Your decision.
********

Please open AdwCleaner by Xplode

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

How is your computer now?

**plettinsky** · 2014-07-05, 03:02

hello Julie

**plettinsky** · 2014-07-05, 03:10

hello Julie

The computer seems to be OK. Adds are no longer popping or random lines in the page aren't underlined linking to adds. A couple questions:

1) Yes, I would like to remove password box, since we don't remember installing it and don't use it, but I can't see it in the control panel.
2) Can I enable the explorer add-ons again?
3) Should I keep the downloaded scanners and cleaners on my desktop in case something comes back?
4) Lastly, my daughter's laptop also seems to have a similar problem, should I start a separate thread for it?

Thank you

**plettinsky** · 2014-07-05, 03:26

# AdwCleaner v3.214 - Report created 04/07/2014 at 20:35:10
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : alaric - ALARIC-PC
# Running from : C:\Users\alaric\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : nuttkoqiez64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\caplett12\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\kjartan\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\alaric\AppData\Local\Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322212216}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344214416}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

*************************

AdwCleaner[R0].txt - [3363 octets] - [04/07/2014 10:23:48]
AdwCleaner[R1].txt - [3423 octets] - [04/07/2014 20:33:57]
AdwCleaner[S0].txt - [3410 octets] - [04/07/2014 20:35:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3470 octets] ##########

Thread: Internet browser popping up add pages

Thread Tools

Display

Internet browser popping up add pages

FRST scans

addition log

frst log and AdwCleaner log

Looking good

Looking good

forgot the last log

Posting Permissions