Internet browser popping up add pages

[Juliet]

hello Julie

The computer seems to be OK. Adds are no longer popping or random lines in the page aren't underlined linking to adds. A couple questions:

1) Yes, I would like to remove password box, since we don't remember installing it and don't use it, but I can't see it in the control panel.
2) Can I enable the explorer add-ons again?
3) Should I keep the downloaded scanners and cleaners on my desktop in case something comes back?
4) Lastly, my daughter's laptop also seems to have a similar problem, should I start a separate thread for it?

Thank you

I'll supply another script to run with FRST like we did for the above and remove password box.

You can enable the add-ons again.

When I and you see a clean computer we'll remove the tools and quarantine folders because, future scans can pick these up and give alerts. Many people wouldn't know what it is so for safety sake they need to come off.

We can work on your daughter's computer when we finish with yours.

********
Please find the previous Fixlog.txt we ran earlier and delete it please. We will create and run a new one.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


********
Please download Malwarebytes' Anti-Malware from Here

(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/down...-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits




Go back to the Dashboard and select Scan Now





If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.






On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
Please note this scanner can take quite a bit of time to start and complete, depending of course how full your computer is.


Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

****
Please post
Fixlog.txt
Malwarebytes' Anti-Malware log
Eset log

[plettinsky]

Hello Julie
Thank you for the responses.
Here are the tree logs, looks like Eset did find more.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by alaric at 2014-07-05 14:11:52 Run:2
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
end

*****************

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD}' => Key deleted successfully.
PasswordBox => Service stopped successfully.
PasswordBox => Service deleted successfully.
C:\Program Files (x86)\PasswordBox => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/5/2014
Scan Time: 2:24:16 PM
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.09
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: alaric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383233
Time Elapsed: 34 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.GiganticSavings.A, HKLM\SOFTWARE\WOW6432NODE\Gigantic Savings, Quarantined, [d54d712a502b092d0cbdfd0e92720ff1],
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [e141ddbe78039f978724ad1ca75baf51],
PUP.Optional.GiganticSavings.A, HKU\S-1-5-21-393487258-3201230647-4056210797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Gigantic Savings, Quarantined, [c75b1883e7942412cefcd03b7d872ad6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice, Quarantined, [34ee7a21e398f3434aaddcbeb052c53b],

Files: 4
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [e33f8b10710aef47dc026e0df11311ef],
PUP.Optional.OneClickDownloader.A, C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe, Quarantined, [c062f6a58af1d165440c839547ba2fd1],
PUP.Optional.AdBundle, C:\Users\alaric\Downloads\winrar setup.exe, Quarantined, [1210f6a594e7b48243d514137c8527d9],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\config.dat, Quarantined, [34ee7a21e398f3434aaddcbeb052c53b],

Physical Sectors: 0
(No malicious items detected)

(end)
---------------------------------------------------
ESET log
C:\$Recycle.Bin\S-1-5-21-393487258-3201230647-4056210797-1000\$R9JZQ81.exe Win32/Adware.RK.AQ application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\003\nuttkoqiez64.exe.xBAD a variant of Win64/Adware.Adpeak.C application cleaned by deleting - quarantined
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined

[Juliet]

in case of a false positive I ask that you not allow it to delete what it does find, Make sure that the option Remove found threats is unticked

I see you let it delete what was found. In this case it appears all is OK.

How is your computer now?

Are we ready to remove tools and quarantine folders, and post preventive tips?

[plettinsky]

Sorry, thought I had unchecked the remove threats, glad it didn't delete anything unwanted.
Everything seems to be working well with the computer, so we should be ready to clean things up and I'm glad for the promised tips, since my daughter's infection was because I clicked too fast through a bundled offer.
Let me know what to do next.

[Juliet]

Sorry, thought I had unchecked the remove threats, glad it didn't delete anything unwanted.
Everything seems to be working well with the computer, so we should be ready to clean things up and I'm glad for the promised tips, since my daughter's infection was because I clicked too fast through a bundled offer.
Let me know what to do next.

Working well is what I wanted to hear!

let's remove dis-infection tools and folders. I'll post preventive tips after we're at the end of cleaning for both computers.

If you post from your daughters computer is it just a User account she set up for you to use , or is it her personal account with administrator privileges?

********

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

[plettinsky]

I ran DelFix and all is well. Thank you very much.
I will post from my daughter's computer using her main account with admin rights. Should I repeat the scans we did on this computer?

[Juliet]

Let's start with this:

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Post the FRST.txt
• The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

[plettinsky]

Hello Julie
OK, I was wrong, this computer is almost worse than the other one. I'm having a hard time carrying out these instructions since I'm constantly busy closing explorer windows. Alas, here is are the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Arianna (administrator) on ARIANNA-PC on 08-07-2014 18:37:42
Running from C:\Users\Arianna\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\RrFilter\RrFilterService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
() C:\Program Files\002\yewimmxqbs32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87BEBDF31085CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/J...etupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013-10-08]

========================== Services (Whitelisted) =================

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [691888 2012-09-20] (Juniper Networks)
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [738688 2012-02-07] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-24] (WildTangent)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-02-06] (Acer Incorporated)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
R2 RrFilterService; c:\Program Files\RrFilter\RrFilterService.exe [149504 2014-03-13] () [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-01-28] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe [1671424 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\snac.exe [282032 2012-04-19] (Symantec Corporation)
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-09-20] (Juniper Networks)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140704.002\IDSvix86.sys [395992 2014-05-12] (Symantec Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2012-03-19] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2012-03-19] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2012-03-19] (Egis Technology Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140707.009\NAVENG.SYS [93272 2014-06-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140707.009\NAVEX15.SYS [1612376 2014-06-11] (Symantec Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SRTSP.SYS [522872 2012-03-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SRTSPX.SYS [31864 2012-03-07] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS [340088 2011-11-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS [759416 2012-02-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-04-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\Ironx86.SYS [137336 2011-11-15] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMNETS.SYS [299640 2012-03-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 18:37 - 2014-07-08 18:40 - 00014360 _____ () C:\Users\Arianna\Desktop\FRST.txt
2014-07-08 18:36 - 2014-07-08 18:38 - 00000000 ____D () C:\FRST
2014-07-08 18:35 - 2014-07-08 18:35 - 01074688 _____ (Farbar) C:\Users\Arianna\Desktop\FRST.exe
2014-07-06 10:03 - 2014-07-06 10:06 - 00064305 _____ () C:\Users\Arianna\Documents\Celebración-7-6-14.pptx
2014-06-29 10:01 - 2014-06-29 10:01 - 00051112 _____ () C:\Users\Arianna\Documents\Celebración-6-29-14.pptx
2014-06-22 07:53 - 2014-06-22 13:01 - 00055171 _____ () C:\Users\Arianna\Documents\Celebración-6-22-14.pptx
2014-06-22 07:43 - 2014-06-22 07:43 - 00000165 ____H () C:\Users\Arianna\Documents\~$Celebración-5-25-14.pptx
2014-06-14 17:15 - 2014-06-14 17:18 - 05186048 _____ () C:\Users\Arianna\Downloads\WindowsDefender.msi
2014-06-13 07:31 - 2013-12-28 12:28 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140613-073147.backup
2014-06-13 07:24 - 2014-06-13 07:24 - 00003821 _____ () C:\Windows\wininit.ini
2014-06-11 08:23 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-11 08:23 - 2014-06-12 22:43 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-11 08:23 - 2014-06-12 22:43 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-11 08:23 - 2014-06-12 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-11 08:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-11 08:22 - 2014-06-12 22:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-11 08:20 - 2014-06-11 08:07 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Arianna\Downloads\spybot-2.3.exe
2014-06-11 08:20 - 2014-06-11 07:28 - 03769184 _____ () C:\Users\Arianna\Downloads\SecuniaPsi.exe
2014-06-11 07:01 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 07:01 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 07:01 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 07:01 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 07:01 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 07:01 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 07:01 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 07:01 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 07:01 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 07:01 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 07:01 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 07:01 - 2014-05-30 04:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 07:01 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 07:01 - 2014-05-30 04:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 07:01 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 07:01 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 07:01 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 07:01 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 07:01 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 07:01 - 2014-05-30 03:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 07:01 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 07:01 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 07:01 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 07:01 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 07:01 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 07:01 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 07:01 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 07:01 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:50 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:50 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:50 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:50 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:49 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:49 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:49 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 17:41 - 2014-06-10 17:41 - 00000000 ____D () C:\Users\Arianna\AppData\Local\{A25E0627-AF52-429A-AA4E-996FCF5A68EF}
2014-06-08 09:54 - 2014-06-08 09:58 - 00075259 _____ () C:\Users\Arianna\Documents\Celebración-6-8-14.pptx

==================== One Month Modified Files and Folders =======

2014-07-08 18:40 - 2014-07-08 18:37 - 00014360 _____ () C:\Users\Arianna\Desktop\FRST.txt
2014-07-08 18:39 - 2012-03-19 06:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 18:38 - 2014-07-08 18:36 - 00000000 ____D () C:\FRST
2014-07-08 18:35 - 2014-07-08 18:35 - 01074688 _____ (Farbar) C:\Users\Arianna\Desktop\FRST.exe
2014-07-08 18:35 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:35 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:28 - 2012-05-10 20:38 - 02078583 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 18:08 - 2013-01-30 13:15 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 14:37 - 2013-01-30 13:15 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 10:47 - 2014-05-07 08:15 - 00000000 ____D () C:\Program Files\RrFilter
2014-07-07 17:27 - 2014-04-29 09:54 - 00000000 ____D () C:\Users\Arianna\Documents\Outlook Files
2014-07-07 12:23 - 2009-07-14 00:39 - 00105276 _____ () C:\Windows\setupact.log
2014-07-06 10:06 - 2014-07-06 10:03 - 00064305 _____ () C:\Users\Arianna\Documents\Celebración-7-6-14.pptx
2014-06-29 10:01 - 2014-06-29 10:01 - 00051112 _____ () C:\Users\Arianna\Documents\Celebración-6-29-14.pptx
2014-06-28 13:51 - 2013-01-26 23:50 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 23:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 07:45 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-06-22 13:01 - 2014-06-22 07:53 - 00055171 _____ () C:\Users\Arianna\Documents\Celebración-6-22-14.pptx
2014-06-22 07:50 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 07:49 - 2010-11-20 17:48 - 00102960 _____ () C:\Windows\PFRO.log
2014-06-22 07:43 - 2014-06-22 07:43 - 00000165 ____H () C:\Users\Arianna\Documents\~$Celebración-5-25-14.pptx
2014-06-18 07:46 - 2014-06-11 08:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 17:18 - 2014-06-14 17:15 - 05186048 _____ () C:\Users\Arianna\Downloads\WindowsDefender.msi
2014-06-13 19:02 - 2012-03-19 06:07 - 00000000 ____D () C:\Program Files\Acer
2014-06-13 19:01 - 2012-03-19 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-06-13 07:24 - 2014-06-13 07:24 - 00003821 _____ () C:\Windows\wininit.ini
2014-06-12 22:43 - 2014-06-11 08:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-12 22:43 - 2014-06-11 08:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-12 22:43 - 2014-06-11 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-12 22:43 - 2014-06-11 08:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-12 04:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:12 - 2013-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:10 - 2014-05-25 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:04 - 2014-05-25 08:15 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 08:07 - 2014-06-11 08:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Arianna\Downloads\spybot-2.3.exe
2014-06-11 07:28 - 2014-06-11 08:20 - 03769184 _____ () C:\Users\Arianna\Downloads\SecuniaPsi.exe
2014-06-10 17:41 - 2014-06-10 17:41 - 00000000 ____D () C:\Users\Arianna\AppData\Local\{A25E0627-AF52-429A-AA4E-996FCF5A68EF}
2014-06-10 17:19 - 2013-12-25 11:35 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Apple Computer
2014-06-08 09:58 - 2014-06-08 09:54 - 00075259 _____ () C:\Users\Arianna\Documents\Celebración-6-8-14.pptx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 15:18

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Arianna at 2014-07-08 18:42:27
Running from C:\Users\Arianna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 20.12.0110.1025 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Akhra: The Treasures (Version: 2.2.0.98 - WildTangent) Hidden
Alice's Magical Mahjong (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - Canon Inc.)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Diego's Ultimate Rescue (Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.2 (HKLM\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Final Drive: Nitro (Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Channels (HKLM\...\WildTangentGameProvider-acer-main) (Version: 6.2.0.5 - WildTangent, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Network Connect 7.3.1 (HKLM\...\Juniper Network Connect 7.3.1) (Version: 7.3.1.21949 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.1.26369 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
My Farm Life (Version: 2.2.0.97 - WildTangent) Hidden
My Kingdom for the Princess 3 (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker 4 (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RrFilter (Version: 1.0.0.0 - RrFilter) Hidden
Running Sheep (Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skip-Bo - Castaway Caper (Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Super Granny 6 (Version: 2.2.0.97 - WildTangent) Hidden
Symantec Endpoint Protection (HKLM\...\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}) (Version: 12.1.1101.401 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Wedding Dash (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Version: 4.0.11.2 - WildTangent) Hidden
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

12-06-2014 07:00:56 Windows Update
15-06-2014 20:59:34 Windows Update
20-06-2014 16:11:07 Windows Update
28-06-2014 03:56:34 Windows Update
04-07-2014 00:16:58 Windows Update
08-07-2014 19:49:37 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-06-13 07:31 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {302B4D72-2D51-40F8-AF5B-33E999FFAC76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-25] (Adobe Systems Incorporated)
Task: {5A1CCE28-8D50-4F3B-A3BC-C09B1AA0835E} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {7C794FD1-F88D-493C-98A4-3E846415BB0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EF0503B-CF08-4DBF-A66C-3FA48C741054} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {98ACBAFA-9A6B-4916-BFA8-0B08017BCDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {AB6D0F1E-5B1A-48A7-B2C6-C0CE8DDA2F02} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {BBEA6919-5F0F-429E-88F3-8DDAE9921AB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {DEF96A93-A5F6-4955-BF16-4AD200C520AA} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {E184DC15-513E-4373-ABA8-A3098208973C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {EF6D57FE-419B-4758-A5FB-66B9EF195FFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 16:34 - 2014-03-13 16:34 - 00149504 _____ () c:\Program Files\RrFilter\RrFilterService.exe
2014-03-04 14:25 - 2014-03-04 14:25 - 00102400 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 14:25 - 2014-03-04 14:25 - 00233472 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-11 08:23 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-11 08:23 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-11 08:23 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-07 08:12 - 2014-05-07 08:12 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe
2014-02-19 17:57 - 2014-02-19 17:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-03-19 05:29 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2014 06:33:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b08

Start Time: 01cf9afc69a824d3

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2014 06:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1688

Start Time: 01cf9afbfa03a3ba

Termination Time: 47

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969


System errors:
=============
Error: (07/08/2014 02:24:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/08/2014 02:24:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.

Error: (07/08/2014 10:25:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.

Error: (07/08/2014 00:29:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/07/2014 08:46:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (07/07/2014 08:46:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (07/07/2014 08:45:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/07/2014 08:45:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/07/2014 08:45:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

Error: (07/07/2014 05:26:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


Microsoft Office Sessions:
=========================
Error: (07/08/2014 06:33:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.171261b0801cf9afc69a824d362C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2014 06:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17126168801cf9afbfa03a3ba47C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969


==================== Memory info ===========================

Percentage of memory in use: 88%
Total physical RAM: 1012.3 MB
Available physical RAM: 113.59 MB
Total Pagefile: 3379.81 MB
Available Pagefile: 1652.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.02 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:190.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1E73ADFC)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Juliet]

In the below script I am using also a reboot command, don't be alarmed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

C:\Program Files\002\yewimmxqbs32.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


*************************

Please download Malwarebytes Anti-Malware to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/down...-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits




Go back to the Dashboard and select Scan Now





If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.






On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Copy and paste- Attach/Post that log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

[plettinsky]

Seems better already. thanks
Here is the fixlog and the malware byte log
While I'm thinking about it. Are these tools safe to use by themselves or would it be better (and not too bothersome) to just consult one of the experts on this forum right away if an infection occurs?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Arianna at 2014-07-08 20:47:30 Run:1
Running from C:\Users\Arianna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\002\yewimmxqbs32.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]
Reboot:
end
*****************

C:\Program Files\002\yewimmxqbs32.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
yewimmxqbs32 => Service stopped successfully.
yewimmxqbs32 => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/8/2014
Scan Time: 9:39:58 PM
Logfile: Malwarebytes Anti-Malware log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.08.12
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Arianna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258287
Time Elapsed: 26 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, 680, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14]

Modules: 2
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],

Registry Keys: 9
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [26900d8fb6c5b87e66dc95233ac80cf4],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\Rr Savings, Quarantined, [4c6a6b31205bb680dd5606c38979b848],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, Quarantined, [2393e3b97803c6708da717b2d2307090],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{813BA625-B0FA-48D8-9B75-59759C88C219}, Quarantined, [595df2aa9ae1fd395d78d7ee0cf62ad6],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, Quarantined, [566069331665bb7bb6c02d89758d5ea2],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [03b3683494e7fc3a1b1d8544b74bc23e],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, Quarantined, [8b2ba2faf18aa096ba7d22a7ab5743bd],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [b600aaf26714cc6a03724b6bb64c04fc],
PUP.Optional.RRSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RrFilterService, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.SystemSpeedup, C:\Users\Arianna\AppData\Roaming\Systweak\ssd, Quarantined, [793db1ebf9827bbb4eeb496ba260ed13],

Files: 14
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\output.txt, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Installbat.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.xml, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfregdrv.exe, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\sample.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.SystemSpeedup, C:\Users\Arianna\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [793db1ebf9827bbb4eeb496ba260ed13],

Physical Sectors: 0
(No malicious items detected)


(end)