Internet browser popping up add pages

plettinsky · Jul 3, 2014

Hello
I would like to request some help for my son's computer. He downloaded some software for a live stream system to watch the World Cup, but it turned into a live stream of addware and a hijacked browser... We have used spybot and Symantec which removed a few things (unfortunately I didn't keep track of what the files were, could look it up if needed). I also disabled any non-Microsoft add-ons for IE. The pages seemed to have gone away for a little while but seem to be back with a vengeance.

Was told to mention that I did not use ERUNT since it's a Win7 system. Also, that I have another laptop that had similar issues, but not as rampant. Would like to analyze it as well.

Thank you very, very much in advance

Here are the DDS and aswMBr logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.10.2
Run by alaric at 22:24:26 on 2014-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3817.2427 [GMT -4:00]
.
AV: Spybot - Search and Destroy *Disabled/Outdated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\003\nuttkoqiez64.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/webhp?tab=ww&ei=I5SjU7OBEajY8gHKnIHoCw&ved=0CBYQ1S4
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\alaric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.iu.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=207593873
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{80E1BE3C-4223-4380-9112-E606D18CD1A7} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-11-30 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-11-30 40064]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys [2014-6-17 1530160]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSviA64.sys [2014-7-2 525016]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-6-12 46376]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-30 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2425960]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-30 244624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-3-23 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nuttkoqiez64;nuttkoqiez64;C:\Program Files\003\nuttkoqiez64.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 --> C:\Program Files\003\nuttkoqiez64.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 [?]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-14 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-14 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-14 171928]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-11-3 143928]
R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [2014-6-25 172544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-30 231440]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2014-1-9 21656]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\System32\drivers\ITECIRfilter.sys [2012-6-24 28264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-30 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-30 539240]
R3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-5-28 25536]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-24 44672]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-1-9 1579936]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-26 19:18:39 -------- d-----w- C:\Program Files\SupraSavings
2014-06-26 19:18:35 -------- d-----w- C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-24 13:48:31 -------- d-----w- C:\ProgramData\BlueStacks
2014-06-18 21:10:39 -------- d-----w- C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 21:10:38 -------- d-----w- C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 21:08:53 -------- d-----w- C:\Program Files (x86)\TunnelBear
2014-06-18 21:08:15 -------- d-----w- C:\ProgramData\Package Cache
2014-06-16 03:21:42 -------- d-----w- C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-14 21:55:33 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-14 21:55:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-14 21:55:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 02:18:48 -------- d-----w- C:\Users\alaric\AppData\Local\Programs
2014-06-13 13:11:55 -------- d-----w- C:\Users\alaric\AppData\Local\Windows Live
2014-06-13 13:11:19 -------- d-----w- C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-12 20:37:56 -------- d-----w- C:\temp
2014-06-12 20:29:46 -------- d-----w- C:\Program Files\003
2014-06-12 19:05:34 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-06-11 14:13:29 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 14:13:29 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 14:13:28 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 14:13:28 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 14:13:23 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 14:13:22 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 14:13:22 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 14:13:22 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 14:13:22 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-06-06 18:01:46 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-06-06 18:01:42 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-06-06 18:01:40 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 02:00:52 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 02:00:52 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-01 21:15:14 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:25:44.22 ===============

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-02 22:45:40
-----------------------------
22:45:40.284 OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:40.284 Number of processors: 2 586 0x200
22:45:40.284 ComputerName: ALARIC-PC UserName: alaric
22:45:45.385 Initialize success
22:45:45.697 VM: initialized successfully
22:45:45.728 VM: Amd CPU supported
22:45:58.514 VM: not used
22:46:19.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
22:46:19.962 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
22:46:20.118 Disk 0 MBR read successfully
22:46:20.118 Disk 0 MBR scan
22:46:20.118 Disk 0 Windows 7 default MBR code
22:46:20.134 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
22:46:20.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
22:46:20.149 Disk 0 default boot code
22:46:20.165 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
22:46:20.212 Disk 0 scanning C:\Windows\system32\drivers
22:46:28.168 Service scanning
22:46:32.758 Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys **LOCKED** 5
22:46:34.053 Service ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553} C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys **LOCKED** 5
22:46:38.203 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:46:38.639 Service EraserUtilDrv11313 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys **LOCKED** 5
22:46:46.627 Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSvia64.sys **LOCKED** 5
22:46:59.747 Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140702.001\ENG64.SYS **LOCKED** 5
22:47:00.044 Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140702.001\EX64.SYS **LOCKED** 5
22:47:13.819 Service SRTSPX C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS **LOCKED** 5
22:47:16.455 Service SymDS C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS **LOCKED** 5
22:47:16.985 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:47:17.282 Service SymIRON C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS **LOCKED** 5
22:47:17.594 Service SYMNETS C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS **LOCKED** 5
22:47:37.439 Modules scanning
22:47:37.454 Disk 0 trace - called modules:
22:47:37.470 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:47:37.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004afb060]
22:47:37.501 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80046db800]
22:47:37.517 5 amd_xata.sys[fffff880010b4b3f] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80046da060]
22:47:37.517 Scan finished successfully
22:50:47.891 Disk 0 MBR has been saved successfully to "C:\Users\alaric\Desktop\MBR.dat"
22:50:47.906 The log file has been saved successfully to "C:\Users\alaric\Desktop\aswMBR.txt"

Juliet · Jul 3, 2014

Hi and welcome.

I can see malware on the machine but chances are there is more thats hidden and we will have to run a few scans to find it.

Please check your add/remove programs list for SupraSavings and try to remove this.
It may or may not go nicely. Which ever is the case we'll get it out.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop:
FRST 32bit or FRST 64bit
(If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt
The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

plettinsky · Jul 4, 2014

FRST scans

Hello Julie

Thank you for helping us out. I didn't see SupraSavings in the control panel, so no luck there. I deleted a software called Game Channel since it had been recently installed, but my son didn't remember installing anything recently. Sorry, hit uninstall before I remembered that the forum recommends not touching anything unless instructed. Hope it's OK. Below are the logs requested. Had to put the addition log in the next email because it was too long.
Also, for what it's worth, I noticed "Password Box" in the scan below. It is one of the add-ons that I couldn't disable or remove in explorer.

Artur

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by alaric (administrator) on ALARIC-PC on 03-07-2014 18:58:52
Running from C:\Users\alaric\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\003\nuttkoqiez64.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
() C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Inc.) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3227552 2014-05-08] (Echobit LLC)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: {04b42a6b-365b-11e2-87d5-d02788ae472c} - D:\Setup.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1000\...\MountPoints2: {4df2260a-76d7-11e3-affa-d02788ae472c} - D:\LaunchBFII.exe
HKU\S-1-5-21-393487258-3201230647-4056210797-1001\...\MountPoints2: {04b42a6b-365b-11e2-87d5-d02788ae472c} - D:\LaunchRC.exe
Startup: C:\Users\alaric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?tab=ww&ei=I5SjU7OBEajY8gHKnIHoCw&ved=0CBYQ1S4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.iu.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=207593873
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF [2013-10-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-05-08] (Echobit LLC)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-05-28] ()
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-13] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-06-13] (Symantec Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-01-09] (Echobit, LLC)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140702.011\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S4 LMIRfsClientNP; No ImagePath
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140703.002\ENG64.SYS [126040 2014-06-13] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140703.002\EX64.SYS [2099288 2014-06-13] (Symantec Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U3 aswMBR; \??\C:\Users\alaric\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\alaric\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-03 18:58 - 2014-07-03 18:59 - 00019931 _____ () C:\Users\alaric\Desktop\FRST.txt
2014-07-03 18:58 - 2014-07-03 18:58 - 00000000 ____D () C:\FRST
2014-07-03 18:56 - 2014-07-03 18:57 - 02083840 _____ (Farbar) C:\Users\alaric\Desktop\FRST64.exe
2014-07-02 22:50 - 2014-07-02 22:50 - 00003483 _____ () C:\Users\alaric\Desktop\aswMBR.txt
2014-07-02 22:50 - 2014-07-02 22:50 - 00000512 _____ () C:\Users\alaric\Desktop\MBR.dat
2014-07-02 22:34 - 2014-07-02 22:34 - 00004313 _____ () C:\Users\alaric\Desktop\attach (2).zip
2014-07-02 22:30 - 2014-07-02 22:30 - 00004304 _____ () C:\Users\alaric\Desktop\attach.zip
2014-07-02 22:25 - 2014-07-02 22:25 - 00021766 _____ () C:\Users\alaric\Desktop\dds.txt
2014-07-02 22:25 - 2014-07-02 22:25 - 00012751 _____ () C:\Users\alaric\Desktop\attach.txt
2014-07-02 22:09 - 2014-07-02 22:09 - 00688992 ____R (Swearware) C:\Users\alaric\Desktop\dds.scr
2014-06-26 15:18 - 2014-07-03 10:46 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-26 15:18 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\Desktop\Cache.Windows
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Warframe
2014-06-24 13:36 - 2014-06-24 13:36 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WinRAR
2014-06-24 12:06 - 2014-06-24 12:06 - 00013133 _____ () C:\Users\kjartan\Desktop\Sound - Shortcut.lnk
2014-06-24 09:48 - 2014-06-24 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-24 09:47 - 2014-06-24 09:47 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WildTangent
2014-06-24 09:21 - 2014-06-24 10:27 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Rovio
2014-06-24 09:19 - 2014-06-24 09:19 - 00001417 _____ () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieUserList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieSiteList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\OEM
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Apple Computer
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Adobe
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Acer
2014-06-24 09:18 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan
2014-06-24 09:18 - 2014-06-24 09:18 - 00000020 ___SH () C:\Users\kjartan\ntuser.ini
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\CyberLink
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\VirtualStore
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Symantec
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\MediaServer
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\clear.fi
2014-06-24 09:18 - 2013-10-23 03:05 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Microsoft Help
2014-06-24 09:18 - 2011-11-30 07:40 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Macromedia
2014-06-24 09:18 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-24 09:18 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-23 13:52 - 2014-06-23 13:52 - 00002550 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 17:09 - 2014-06-18 17:09 - 00001881 _____ () C:\Users\Public\Desktop\TunnelBear.lnk
2014-06-18 17:08 - 2014-06-30 18:51 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 17:02 - 2014-06-18 17:05 - 13620224 _____ (TunnelBear) C:\Users\alaric\Downloads\TunnelBear-Intellibear.exe
2014-06-15 23:21 - 2014-06-15 23:21 - 00000000 ____D () C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-14 21:39 - 2014-06-15 18:07 - 00001392 _____ () C:\Windows\wininit.ini
2014-06-14 17:55 - 2014-06-14 21:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 17:55 - 2014-06-14 19:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 18:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-14 17:55 - 2014-06-14 18:52 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-14 17:55 - 2014-06-14 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 17:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 17:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-14 17:12 - 2014-06-14 17:53 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\alaric\Downloads\spybot-2.3 (1).exe
2014-06-14 15:52 - 2014-06-14 17:05 - 00034006 _____ () C:\Users\alaric\Downloads\spybot-2.3.exe
2014-06-13 22:18 - 2014-06-13 22:18 - 00003700 _____ () C:\Windows\System32\Tasks\Test TimeTrigger
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-13 17:58 - 2014-06-13 17:58 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut (2).lnk
2014-06-13 09:11 - 2014-06-16 07:42 - 00000000 ____D () C:\Users\alaric\AppData\Local\Windows Live
2014-06-13 09:11 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-12 16:37 - 2014-06-12 16:48 - 00000000 ____D () C:\temp
2014-06-12 16:29 - 2014-06-12 16:37 - 00000000 ____D () C:\Program Files\003
2014-06-12 16:27 - 2014-06-12 16:27 - 00480832 _____ () C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 10:24 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:24 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:24 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:24 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:24 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:24 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:24 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:24 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:24 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:24 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:24 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:24 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:24 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:24 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 10:24 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:24 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:24 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:24 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 10:24 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:24 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:24 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:24 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 10:24 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:24 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 10:24 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 10:24 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 10:24 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:24 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 10:24 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 10:24 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 10:24 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:24 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 10:24 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 10:24 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:24 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:24 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 10:24 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 10:24 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 10:24 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 10:24 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 10:24 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 10:24 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:24 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 10:24 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 10:24 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 10:24 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:24 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 10:24 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:24 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 10:24 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 10:24 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:24 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 10:13 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:13 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 10:13 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:13 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:13 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:13 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:13 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:13 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:13 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 10:13 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 10:13 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 10:13 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-04 09:09 - 2014-06-04 09:09 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut.lnk

==================== One Month Modified Files and Folders =======

2014-07-03 18:59 - 2014-07-03 18:58 - 00019931 _____ () C:\Users\alaric\Desktop\FRST.txt
2014-07-03 18:58 - 2014-07-03 18:58 - 00000000 ____D () C:\FRST
2014-07-03 18:57 - 2014-07-03 18:56 - 02083840 _____ (Farbar) C:\Users\alaric\Desktop\FRST64.exe
2014-07-03 18:57 - 2014-01-09 15:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 18:52 - 2011-11-30 06:44 - 00000000 ____D () C:\Program Files (x86)\Acer Games
2014-07-03 18:52 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 18:22 - 2013-06-22 10:19 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\.minecraft
2014-07-03 17:39 - 2012-06-24 08:01 - 01260196 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 15:34 - 2012-11-26 17:35 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\Apple Computer
2014-07-03 15:33 - 2009-07-14 00:51 - 00153542 _____ () C:\Windows\setupact.log
2014-07-03 13:24 - 2013-10-26 18:36 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-02 22:50 - 2014-07-02 22:50 - 00003483 _____ () C:\Users\alaric\Desktop\aswMBR.txt
2014-07-02 22:50 - 2014-07-02 22:50 - 00000512 _____ () C:\Users\alaric\Desktop\MBR.dat
2014-07-02 22:34 - 2014-07-02 22:34 - 00004313 _____ () C:\Users\alaric\Desktop\attach (2).zip
2014-07-02 22:30 - 2014-07-02 22:30 - 00004304 _____ () C:\Users\alaric\Desktop\attach.zip
2014-07-02 22:25 - 2014-07-02 22:25 - 00021766 _____ () C:\Users\alaric\Desktop\dds.txt
2014-07-02 22:25 - 2014-07-02 22:25 - 00012751 _____ () C:\Users\alaric\Desktop\attach.txt
2014-07-02 22:09 - 2014-07-02 22:09 - 00688992 ____R (Swearware) C:\Users\alaric\Desktop\dds.scr
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-06-30 18:51 - 2014-06-18 17:08 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-06-29 12:58 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 12:58 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 12:52 - 2012-11-27 12:59 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\Skype
2014-06-29 12:51 - 2013-10-19 20:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-29 12:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 15:18 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50
2014-06-26 14:23 - 2014-04-03 16:49 - 00000000 ____D () C:\Users\alaric\AppData\Local\Warframe
2014-06-26 12:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-25 08:46 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-24 16:42 - 2014-01-11 11:53 - 00000000 ____D () C:\Users\alaric\Desktop\bacup
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\Desktop\Cache.Windows
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Warframe
2014-06-24 13:36 - 2014-06-24 13:36 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WinRAR
2014-06-24 12:06 - 2014-06-24 12:06 - 00013133 _____ () C:\Users\kjartan\Desktop\Sound - Shortcut.lnk
2014-06-24 10:27 - 2014-06-24 09:21 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Rovio
2014-06-24 09:57 - 2012-11-24 07:06 - 00110136 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-06-24 09:48 - 2014-06-24 09:48 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-24 09:47 - 2014-06-24 09:47 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\WildTangent
2014-06-24 09:19 - 2014-06-24 09:19 - 00001417 _____ () C:\Users\kjartan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieUserList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 __SHD () C:\Users\kjartan\AppData\Local\EmieSiteList
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\OEM
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Apple Computer
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\Adobe
2014-06-24 09:19 - 2014-06-24 09:19 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Acer
2014-06-24 09:19 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan
2014-06-24 09:18 - 2014-06-24 09:18 - 00000020 ___SH () C:\Users\kjartan\ntuser.ini
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Roaming\CyberLink
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\VirtualStore
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\Symantec
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\MediaServer
2014-06-24 09:18 - 2014-06-24 09:18 - 00000000 ____D () C:\Users\kjartan\AppData\Local\clear.fi
2014-06-23 13:53 - 2011-11-30 06:44 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-23 13:52 - 2014-06-23 13:52 - 00002550 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\IsolatedStorage
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\Users\alaric\AppData\Local\HockeyCrashes
2014-06-18 17:09 - 2014-06-18 17:09 - 00001881 _____ () C:\Users\Public\Desktop\TunnelBear.lnk
2014-06-18 17:09 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 17:05 - 2014-06-18 17:02 - 13620224 _____ (TunnelBear) C:\Users\alaric\Downloads\TunnelBear-Intellibear.exe
2014-06-16 18:07 - 2010-11-20 23:47 - 00242828 _____ () C:\Windows\PFRO.log
2014-06-16 11:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 07:42 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\Windows Live
2014-06-15 23:21 - 2014-06-15 23:21 - 00000000 ____D () C:\Users\alaric\AppData\Local\{0D1BA0E6-C428-4088-865C-2A5A9C8E7749}
2014-06-15 18:07 - 2014-06-14 21:39 - 00001392 _____ () C:\Windows\wininit.ini
2014-06-14 21:39 - 2014-06-14 17:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 20:06 - 2014-02-10 20:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-06-14 19:14 - 2014-06-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 18:52 - 2014-06-14 17:55 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-14 18:52 - 2014-06-14 17:55 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-14 18:52 - 2014-06-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-14 17:55 - 2014-06-14 17:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 17:53 - 2014-06-14 17:12 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\alaric\Downloads\spybot-2.3 (1).exe
2014-06-14 17:05 - 2014-06-14 15:52 - 00034006 _____ () C:\Users\alaric\Downloads\spybot-2.3.exe
2014-06-13 22:21 - 2013-03-23 18:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-13 22:21 - 2013-03-23 18:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-13 22:18 - 2014-06-13 22:18 - 00003700 _____ () C:\Windows\System32\Tasks\Test TimeTrigger
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-13 21:58 - 2014-01-23 16:40 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-13 21:58 - 2014-01-23 16:40 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-13 17:58 - 2014-06-13 17:58 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut (2).lnk
2014-06-13 11:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 09:11 - 2014-06-13 09:11 - 00000000 ____D () C:\Users\alaric\AppData\Local\{93488CBD-4A60-4E5E-AFD7-2AD9D2C75477}
2014-06-13 08:32 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 08:25 - 2012-12-04 22:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 08:23 - 2013-10-22 08:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 16:48 - 2014-06-12 16:37 - 00000000 ____D () C:\temp
2014-06-12 16:37 - 2014-06-12 16:29 - 00000000 ____D () C:\Program Files\003
2014-06-12 16:27 - 2014-06-12 16:27 - 00480832 _____ () C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-06 14:01 - 2013-03-23 18:52 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2013-03-23 18:52 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-06 14:01 - 2013-03-23 18:52 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-06 12:09 - 2014-01-18 14:12 - 00000000 ____D () C:\Users\alaric\Desktop\unused mods
2014-06-04 09:09 - 2014-06-04 09:09 - 00013133 _____ () C:\Users\alaric\Desktop\Sound - Shortcut.lnk
2014-06-03 20:31 - 2014-02-05 20:01 - 00000000 ____D () C:\Users\alaric\AppData\Roaming\.technic

Files to move or delete:
====================
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll

Some content of TEMP:
====================
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 14:55

==================== End Of Log ============================

plettinsky · Jul 4, 2014

addition log

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by alaric at 2014-07-03 19:01:02
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Spybot - Search and Destroy (Disabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

clear.fi (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E5A7407-161B-78A4-84C2-71638ADEC29A}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60818.1635 - Advanced Micro Devices, Inc.) Hidden
Angry Birds (HKLM-x32\...\{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}) (Version: 2.2.0 - Rovio)
Angry Birds Space (HKLM-x32\...\{B92C23C5-5756-450F-BACF-4C62DDE51FC0}) (Version: 1.2.2 - Rovio)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0818.1704.28777 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0818.1705.28777 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Clifford Reading (HKLM-x32\...\Clifford Reading) (Version: - )
Clifford Thinking Adventures (HKLM-x32\...\Clifford Adventure) (Version: - )
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Disney Pixar 1st Grade (HKLM-x32\...\{FF1EB8B3-149E-11D6-B234-0050DACD394D}) (Version: - )
Disney Pixar 1st Grade Print (HKLM-x32\...\{FF1EB9A6-149E-11D6-B234-0050DACD394D}) (Version: - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drome Racers (HKLM-x32\...\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}) (Version: - )
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GALIDOR(TM) - Defenders of the Outer Dimension (HKLM-x32\...\{24198A51-CBB9-43DB-9280-D58E825E1415}) (Version: 0.30.000 - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.02.0005 - ITE)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
JumpStart 1st Grade 2001 (HKLM-x32\...\JS1G2001) (Version: - )
Juniper Networks Network Connect 7.3.1 (HKLM-x32\...\Juniper Network Connect 7.3.1) (Version: 7.3.1.21949 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.1.26369 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LEGO Island (HKLM-x32\...\LEGOIsland) (Version: - )
LEGO Stunt Rally (HKLM-x32\...\LEGO Stunt Rally) (Version: - )
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
Magic School Bus - Dinosaurs (HKLM-x32\...\MSB Dino) (Version: - )
Magic School Bus - Earth (HKLM-x32\...\MSB Earth) (Version: - )
Majesty 2: The Fantasy Kingdom Sim (HKLM-x32\...\{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1) (Version: 1.0.0.0 - Paradox Interactive)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Command & Control Engine (HKLM-x32\...\MSCnC) (Version: - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Speech API 3.0 (HKLM-x32\...\SpeechAPI) (Version: - )
Microsoft Speech Lexicon (HKLM-x32\...\MSLex) (Version: - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nancy Drew: The Silent Spy (HKLM-x32\...\{35B438BB-E18B-4FD9-8D56-50BA90C11A71}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Reader Rabbit 1st Grade (HKLM-x32\...\Reader Rabbit 1st Grade) (Version: - )
Reader Rabbit Personalized Kindergarten (HKLM-x32\...\Reader Rabbit Personalized Kindergarten) (Version: - )
Reader Rabbit(R) Reading Ages 6-9 (HKLM-x32\...\Reader Rabbit(R) Reading Ages 6-9) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6487 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Richard Scarry's Best Activity Center Ever (HKLM-x32\...\Richard Scarry's Best Activity Center Ever) (Version: - )
Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version: - )
Scholastic's I SPY Fun House (HKLM-x32\...\Scholastic's I SPY Fun House) (Version: - )
Scholastic's I SPY Junior Puppet Playhouse (HKLM-x32\...\Scholastic's I SPY Junior Puppet Playhouse) (Version: - )
Scholastic's I SPY Mystery (HKLM-x32\...\Scholastic's I SPY Mystery) (Version: - )
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - )
Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - Star Gem Inc.)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Math (HKLM-x32\...\Star Wars Math) (Version: - )
Star Wars Pit Droids (HKLM-x32\...\Star Wars Pit Droids) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Battle for Middle-earth (tm) (HKLM-x32\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version: - )
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Total Annihilation: Kingdoms (HKLM-x32\...\Total Annihilation: Kingdoms) (Version: - )
TunnelBear (HKLM-x32\...\{625f2249-d094-455e-8548-72ca683eb9d3}) (Version: 2.2.21.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.21.0 - TunnelBear) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Warframe (HKLM-x32\...\{9BEE106C-6361-4B1D-BE26-3BA1D4463571}) (Version: 1.0.0 - Digital Extremes)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points =========================

13-06-2014 12:14:58 Windows Update
14-06-2014 02:19:09 Removed LogMeIn
14-06-2014 02:25:12 Removed LogMeIn Hamachi
18-06-2014 21:07:42 TunnelBear
18-06-2014 21:15:29 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
26-06-2014 21:26:02 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-12-17 17:08 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09821B85-CB97-4E8E-9672-54E0B7423A70} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {789BF275-F6BC-4D97-B096-E24ED7FAEA22} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {7B7B65C3-10C3-439D-BA37-97FE2AA3D53E} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {AECDBA43-D814-4FEC-9B04-BEB1B9534317} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {B139CA88-F6C8-42BD-9EEE-4EC8B2B3F61D} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION
Task: {B3F301D1-4D04-49DB-B1D9-0B44C61F061C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C07CFDBE-E6BA-48F8-B9CA-2F28595545AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {CD63FB3D-C92F-417D-B295-84B2D23DE09B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7652B8D-A1CB-47D4-BC65-1C68E71AE9F2} - System32\Tasks\{4F6148DC-DC77-4469-8208-55FF784C1466} => E:\101_ASB.EXE
Task: {FA5BD403-A5FB-41DC-A29D-C9D711CD72C8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
2014-06-12 15:05 - 2014-06-12 15:05 - 00110080 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\nfapi.dll
2014-06-12 15:05 - 2014-06-12 15:05 - 00456192 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\ProtocolFilters.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-08-10 23:58 - 2011-08-10 23:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2011-08-18 20:03 - 2011-08-18 20:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 16:42 - 2011-06-17 16:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-05-28 10:44 - 2014-05-28 10:44 - 00025536 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 12:45 - 2014-05-14 12:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-06-14 17:55 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-14 17:55 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-14 17:55 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-14 17:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-14 17:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-08-10 23:57 - 2011-08-10 23:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00044984 _____ () C:\Program Files (x86)\Java\jre7\bin\prism-d3d.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00156592 _____ () C:\Program Files (x86)\Java\jre7\bin\glass.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00448432 _____ () C:\Program Files (x86)\Java\jre7\bin\libxml2.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00157104 _____ () C:\Program Files (x86)\Java\jre7\bin\libxslt.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 11887544 _____ () C:\Program Files (x86)\Java\jre7\bin\jfxwebkit.dll
2012-11-26 20:17 - 2012-11-26 20:17 - 00240568 _____ () C:\Program Files (x86)\Java\jre7\bin\javafx-font.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00298496 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\lwjgl.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00246332 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\avutil-ttv-51.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00113171 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\swresample-ttv-0.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00394810 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\libmp3lame-ttv.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00967168 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\twitchsdk.dll
2014-07-03 17:57 - 2014-07-03 17:57 - 00390144 _____ () C:\Users\alaric\AppData\Roaming\.minecraft\versions\1.7.10\1.7.10-natives-364102208168395\OpenAL32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/03/2014 04:06:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2014 11:18:49 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/02/2014 11:13:22 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:alaric@at.atwola.com/ by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (07/02/2014 11:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2bb8

Start Time: 01cf9664b934032a

Termination Time: 328

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/02/2014 10:18:29 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Malware.2 in File: c:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

System errors:
=============
Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (07/03/2014 00:24:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Microsoft Office Sessions:
=========================
Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (07/03/2014 05:10:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/03/2014 04:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/03/2014 04:06:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/02/2014 11:18:49 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/02/2014 11:13:22 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:alaric@at.atwola.com/ by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (07/02/2014 11:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.171262bb801cf9664b934032a328C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/02/2014 10:18:29 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Malware.2 in File: c:\Users\alaric\Desktop\aswMBR.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3816.95 MB
Available physical RAM: 1533.68 MB
Total Pagefile: 7632.09 MB
Available Pagefile: 3681.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:322.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CC0AC51A)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet · Jul 4, 2014

Do you want me to remove Password Box?

***********************************

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Program Files\003\nuttkoqiez64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

*******************

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open windows and browsers.

Right click the AdwCleaner icon

on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

****

Please post these 2 logs when finished.

plettinsky · Jul 4, 2014

frst log and AdwCleaner log

Hello
You asked if I wanted to remove Password Box. I assume that means it's harmless?
Ran the fixes and adwCleaner. Here are the logs and thanks again.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-07-2014
Ran by alaric at 2014-07-04 10:19:38 Run:1
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files\003\nuttkoqiez64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-23] (WildTangent)
R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-06-12] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain
2014-06-13 22:18 - 2014-06-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-03 10:46 - 2014-06-26 15:18 - 00000000 ____D () C:\Program Files\SupraSavings
C:\Users\alaric\xobglu16.dll
C:\Users\alaric\xobglu32.dll
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe
C:\Users\alaric\AppData\Local\Temp\_isF814.exe
Task: {CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF} - System32\Tasks\Test TimeTrigger => C:\Users\alaric\AppData\Local\Temp\Runner.exe <==== ATTENTION
2014-06-12 16:37 - 2014-06-12 16:37 - 00706560 _____ () C:\Program Files\003\nuttkoqiez64.exe
2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe
end

*****************

C:\Program Files\003\nuttkoqiez64.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0' => Key deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll => Moved successfully.
GamesAppIntegrationService => Service deleted successfully.
nuttkoqiez64 => Service stopped successfully.
nuttkoqiez64 => Service deleted successfully.
SupraSavingsService64 => Service stopped successfully.
SupraSavingsService64 => Service deleted successfully.
70e6ca8c => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
C:\Program Files\SupraSavings => Moved successfully.
C:\Users\alaric\xobglu16.dll => Moved successfully.
C:\Users\alaric\xobglu32.dll => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_is2C2A.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_is49DB.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isA31D.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isAB09.exe => Moved successfully.
C:\Users\alaric\AppData\Local\Temp\_isF814.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4CB173-D5E5-4580-BA4B-07E83F5D2AEF}' => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger' => Key deleted successfully.
"C:\Program Files\003\nuttkoqiez64.exe" => File/Directory not found.
C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe => Moved successfully.

==== End of Fixlog ====

# AdwCleaner v3.214 - Report created 04/07/2014 at 10:23:48
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : alaric - ALARIC-PC
# Running from : C:\Users\alaric\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : nuttkoqiez64

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files\003
Folder Found : C:\Users\alaric\AppData\Local\Software
Folder Found : C:\Users\caplett12\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\kjartan\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Supra Savings
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322212216}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344214416}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\Software\suprasavings
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Supra Savings
Key Found : [x64] HKLM\SOFTWARE\suprasavings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

*************************

AdwCleaner[R0].txt - [3203 octets] - [04/07/2014 10:23:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3263 octets] ##########

Juliet · Jul 4, 2014

Welcome back

Also, for what it's worth, I noticed "Password Box" in the scan below. It is one of the add-ons that I couldn't disable or remove in explorer.

Did you download and install this?

You asked if I wanted to remove Password Box. I assume that means it's harmless?

Thats a yes and no answer. If you didn't install it then, I'd let it go. My theory on this, anyone who could use the computer can open it (If they know the password to open it). If you use any secure sites such as banking, and no one has permission to access this or forums you visit, there could be a problem. I've never used one myself. Whats also important is where you download it from since it has become an annoyance for sites to download/attach unwanted items along with it.
Your decision.
********

Please open AdwCleaner by Xplode

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

How is your computer now?

plettinsky · Jul 5, 2014

Looking good

hello Julie

plettinsky · Jul 5, 2014

Looking good

hello Julie

The computer seems to be OK. Adds are no longer popping or random lines in the page aren't underlined linking to adds. A couple questions:

1) Yes, I would like to remove password box, since we don't remember installing it and don't use it, but I can't see it in the control panel.
2) Can I enable the explorer add-ons again?
3) Should I keep the downloaded scanners and cleaners on my desktop in case something comes back?
4) Lastly, my daughter's laptop also seems to have a similar problem, should I start a separate thread for it?

Thank you

plettinsky · Jul 5, 2014

forgot the last log

# AdwCleaner v3.214 - Report created 04/07/2014 at 20:35:10
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : alaric - ALARIC-PC
# Running from : C:\Users\alaric\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : nuttkoqiez64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\caplett12\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\kjartan\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\alaric\AppData\Local\Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032116.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322212216}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344214416}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355215516}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366216616}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

*************************

AdwCleaner[R0].txt - [3363 octets] - [04/07/2014 10:23:48]
AdwCleaner[R1].txt - [3423 octets] - [04/07/2014 20:33:57]
AdwCleaner[S0].txt - [3410 octets] - [04/07/2014 20:35:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3470 octets] ##########

Juliet · Jul 5, 2014

plettinsky said:
hello Julie

The computer seems to be OK. Adds are no longer popping or random lines in the page aren't underlined linking to adds. A couple questions:

1) Yes, I would like to remove password box, since we don't remember installing it and don't use it, but I can't see it in the control panel.
2) Can I enable the explorer add-ons again?
3) Should I keep the downloaded scanners and cleaners on my desktop in case something comes back?
4) Lastly, my daughter's laptop also seems to have a similar problem, should I start a separate thread for it?

Thank you

I'll supply another script to run with FRST like we did for the above and remove password box.

You can enable the add-ons again.

When I and you see a clean computer we'll remove the tools and quarantine folders because, future scans can pick these up and give alerts. Many people wouldn't know what it is so for safety sake they need to come off.

We can work on your daughter's computer when we finish with yours.

********
Please find the previous Fixlog.txt we ran earlier and delete it please. We will create and run a new one.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

********

Please download Malwarebytes' Anti-Malware from Here

(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
Please note this scanner can take quite a bit of time to start and complete, depending of course how full your computer is.

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

****
Please post
Fixlog.txt
Malwarebytes' Anti-Malware log
Eset log

plettinsky · Jul 7, 2014

three logs a holiday later

Hello Julie
Thank you for the responses.
Here are the tree logs, looks like Eset did find more.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by alaric at 2014-07-05 14:11:52 Run:2
Running from C:\Users\alaric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
2014-07-02 13:33 - 2013-11-20 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
end

*****************

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD}' => Key deleted successfully.
PasswordBox => Service stopped successfully.
PasswordBox => Service deleted successfully.
C:\Program Files (x86)\PasswordBox => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/5/2014
Scan Time: 2:24:16 PM
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.09
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: alaric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383233
Time Elapsed: 34 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.GiganticSavings.A, HKLM\SOFTWARE\WOW6432NODE\Gigantic Savings, Quarantined, [d54d712a502b092d0cbdfd0e92720ff1],
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [e141ddbe78039f978724ad1ca75baf51],
PUP.Optional.GiganticSavings.A, HKU\S-1-5-21-393487258-3201230647-4056210797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Gigantic Savings, Quarantined, [c75b1883e7942412cefcd03b7d872ad6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice, Quarantined, [34ee7a21e398f3434aaddcbeb052c53b],

Files: 4
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [e33f8b10710aef47dc026e0df11311ef],
PUP.Optional.OneClickDownloader.A, C:\Users\alaric\Downloads\VipBoxSportsAppsInstall(18_3f_1)_ie.exe, Quarantined, [c062f6a58af1d165440c839547ba2fd1],
PUP.Optional.AdBundle, C:\Users\alaric\Downloads\winrar setup.exe, Quarantined, [1210f6a594e7b48243d514137c8527d9],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\config.dat, Quarantined, [34ee7a21e398f3434aaddcbeb052c53b],

Physical Sectors: 0
(No malicious items detected)

(end)
---------------------------------------------------
ESET log
C:\$Recycle.Bin\S-1-5-21-393487258-3201230647-4056210797-1000\$R9JZQ81.exe Win32/Adware.RK.AQ application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\003\nuttkoqiez64.exe.xBAD a variant of Win64/Adware.Adpeak.C application cleaned by deleting - quarantined
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined

Juliet · Jul 7, 2014

in case of a false positive I ask that you not allow it to delete what it does find, Make sure that the option Remove found threats is unticked

I see you let it delete what was found. In this case it appears all is OK.

How is your computer now?

Are we ready to remove tools and quarantine folders, and post preventive tips?

plettinsky · Jul 7, 2014

Looking good

Sorry, thought I had unchecked the remove threats, glad it didn't delete anything unwanted.
Everything seems to be working well with the computer, so we should be ready to clean things up and I'm glad for the promised tips, since my daughter's infection was because I clicked too fast through a bundled offer.
Let me know what to do next.

Juliet · Jul 8, 2014

plettinsky said:
Sorry, thought I had unchecked the remove threats, glad it didn't delete anything unwanted.
Everything seems to be working well with the computer, so we should be ready to clean things up and I'm glad for the promised tips, since my daughter's infection was because I clicked too fast through a bundled offer.
Let me know what to do next.

Working well is what I wanted to hear!

let's remove dis-infection tools and folders. I'll post preventive tips after we're at the end of cleaning for both computers.

If you post from your daughters computer is it just a User account she set up for you to use , or is it her personal account with administrator privileges?

********

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

plettinsky · Jul 8, 2014

Done

I ran DelFix and all is well. Thank you very much.
I will post from my daughter's computer using her main account with admin rights. Should I repeat the scans we did on this computer?

Juliet · Jul 8, 2014

Let's start with this:

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Post the FRST.txt
The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

plettinsky · Jul 9, 2014

FRST scan

Hello Julie
OK, I was wrong, this computer is almost worse than the other one. I'm having a hard time carrying out these instructions since I'm constantly busy closing explorer windows. Alas, here is are the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Arianna (administrator) on ARIANNA-PC on 08-07-2014 18:37:42
Running from C:\Users\Arianna\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\RrFilter\RrFilterService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
() C:\Program Files\002\yewimmxqbs32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87BEBDF31085CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013-10-08]

========================== Services (Whitelisted) =================

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [691888 2012-09-20] (Juniper Networks)
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [738688 2012-02-07] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-24] (WildTangent)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-02-06] (Acer Incorporated)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
R2 RrFilterService; c:\Program Files\RrFilter\RrFilterService.exe [149504 2014-03-13] () [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-01-28] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe [1671424 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\snac.exe [282032 2012-04-19] (Symantec Corporation)
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-09-20] (Juniper Networks)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140704.002\IDSvix86.sys [395992 2014-05-12] (Symantec Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2012-03-19] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2012-03-19] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2012-03-19] (Egis Technology Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140707.009\NAVENG.SYS [93272 2014-06-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140707.009\NAVEX15.SYS [1612376 2014-06-11] (Symantec Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SRTSP.SYS [522872 2012-03-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SRTSPX.SYS [31864 2012-03-07] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS [340088 2011-11-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS [759416 2012-02-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-04-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\Ironx86.SYS [137336 2011-11-15] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x86\SYMNETS.SYS [299640 2012-03-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-08 18:37 - 2014-07-08 18:40 - 00014360 _____ () C:\Users\Arianna\Desktop\FRST.txt
2014-07-08 18:36 - 2014-07-08 18:38 - 00000000 ____D () C:\FRST
2014-07-08 18:35 - 2014-07-08 18:35 - 01074688 _____ (Farbar) C:\Users\Arianna\Desktop\FRST.exe
2014-07-06 10:03 - 2014-07-06 10:06 - 00064305 _____ () C:\Users\Arianna\Documents\Celebración-7-6-14.pptx
2014-06-29 10:01 - 2014-06-29 10:01 - 00051112 _____ () C:\Users\Arianna\Documents\Celebración-6-29-14.pptx
2014-06-22 07:53 - 2014-06-22 13:01 - 00055171 _____ () C:\Users\Arianna\Documents\Celebración-6-22-14.pptx
2014-06-22 07:43 - 2014-06-22 07:43 - 00000165 ____H () C:\Users\Arianna\Documents\~$Celebración-5-25-14.pptx
2014-06-14 17:15 - 2014-06-14 17:18 - 05186048 _____ () C:\Users\Arianna\Downloads\WindowsDefender.msi
2014-06-13 07:31 - 2013-12-28 12:28 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140613-073147.backup
2014-06-13 07:24 - 2014-06-13 07:24 - 00003821 _____ () C:\Windows\wininit.ini
2014-06-11 08:23 - 2014-06-18 07:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-11 08:23 - 2014-06-12 22:43 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-11 08:23 - 2014-06-12 22:43 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-11 08:23 - 2014-06-12 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-11 08:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-11 08:22 - 2014-06-12 22:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-11 08:20 - 2014-06-11 08:07 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Arianna\Downloads\spybot-2.3.exe
2014-06-11 08:20 - 2014-06-11 07:28 - 03769184 _____ () C:\Users\Arianna\Downloads\SecuniaPsi.exe
2014-06-11 07:01 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 07:01 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 07:01 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 07:01 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 07:01 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 07:01 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 07:01 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 07:01 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 07:01 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 07:01 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 07:01 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 07:01 - 2014-05-30 04:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 07:01 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 07:01 - 2014-05-30 04:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 07:01 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 07:01 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 07:01 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 07:01 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 07:01 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 07:01 - 2014-05-30 03:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 07:01 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 07:01 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 07:01 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 07:01 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 07:01 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 07:01 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 07:01 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 07:01 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:50 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:50 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:50 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:50 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:49 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:49 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:49 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 17:41 - 2014-06-10 17:41 - 00000000 ____D () C:\Users\Arianna\AppData\Local\{A25E0627-AF52-429A-AA4E-996FCF5A68EF}
2014-06-08 09:54 - 2014-06-08 09:58 - 00075259 _____ () C:\Users\Arianna\Documents\Celebración-6-8-14.pptx

==================== One Month Modified Files and Folders =======

2014-07-08 18:40 - 2014-07-08 18:37 - 00014360 _____ () C:\Users\Arianna\Desktop\FRST.txt
2014-07-08 18:39 - 2012-03-19 06:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 18:38 - 2014-07-08 18:36 - 00000000 ____D () C:\FRST
2014-07-08 18:35 - 2014-07-08 18:35 - 01074688 _____ (Farbar) C:\Users\Arianna\Desktop\FRST.exe
2014-07-08 18:35 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:35 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:28 - 2012-05-10 20:38 - 02078583 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 18:08 - 2013-01-30 13:15 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 14:37 - 2013-01-30 13:15 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 10:47 - 2014-05-07 08:15 - 00000000 ____D () C:\Program Files\RrFilter
2014-07-07 17:27 - 2014-04-29 09:54 - 00000000 ____D () C:\Users\Arianna\Documents\Outlook Files
2014-07-07 12:23 - 2009-07-14 00:39 - 00105276 _____ () C:\Windows\setupact.log
2014-07-06 10:06 - 2014-07-06 10:03 - 00064305 _____ () C:\Users\Arianna\Documents\Celebración-7-6-14.pptx
2014-06-29 10:01 - 2014-06-29 10:01 - 00051112 _____ () C:\Users\Arianna\Documents\Celebración-6-29-14.pptx
2014-06-28 13:51 - 2013-01-26 23:50 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 23:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 07:45 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-06-22 13:01 - 2014-06-22 07:53 - 00055171 _____ () C:\Users\Arianna\Documents\Celebración-6-22-14.pptx
2014-06-22 07:50 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 07:49 - 2010-11-20 17:48 - 00102960 _____ () C:\Windows\PFRO.log
2014-06-22 07:43 - 2014-06-22 07:43 - 00000165 ____H () C:\Users\Arianna\Documents\~$Celebración-5-25-14.pptx
2014-06-18 07:46 - 2014-06-11 08:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 17:18 - 2014-06-14 17:15 - 05186048 _____ () C:\Users\Arianna\Downloads\WindowsDefender.msi
2014-06-13 19:02 - 2012-03-19 06:07 - 00000000 ____D () C:\Program Files\Acer
2014-06-13 19:01 - 2012-03-19 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-06-13 07:24 - 2014-06-13 07:24 - 00003821 _____ () C:\Windows\wininit.ini
2014-06-12 22:43 - 2014-06-11 08:23 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-12 22:43 - 2014-06-11 08:23 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-12 22:43 - 2014-06-11 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-12 22:43 - 2014-06-11 08:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-12 04:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:12 - 2013-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:10 - 2014-05-25 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:04 - 2014-05-25 08:15 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 08:07 - 2014-06-11 08:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Arianna\Downloads\spybot-2.3.exe
2014-06-11 07:28 - 2014-06-11 08:20 - 03769184 _____ () C:\Users\Arianna\Downloads\SecuniaPsi.exe
2014-06-10 17:41 - 2014-06-10 17:41 - 00000000 ____D () C:\Users\Arianna\AppData\Local\{A25E0627-AF52-429A-AA4E-996FCF5A68EF}
2014-06-10 17:19 - 2013-12-25 11:35 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Apple Computer
2014-06-08 09:58 - 2014-06-08 09:54 - 00075259 _____ () C:\Users\Arianna\Documents\Celebración-6-8-14.pptx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 15:18

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Arianna at 2014-07-08 18:42:27
Running from C:\Users\Arianna\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 20.12.0110.1025 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Akhra: The Treasures (Version: 2.2.0.98 - WildTangent) Hidden
Alice's Magical Mahjong (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - Canon Inc.)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Diego's Ultimate Rescue (Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.2 (HKLM\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Final Drive: Nitro (Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Channels (HKLM\...\WildTangentGameProvider-acer-main) (Version: 6.2.0.5 - WildTangent, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Network Connect 7.3.1 (HKLM\...\Juniper Network Connect 7.3.1) (Version: 7.3.1.21949 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.1.26369 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
My Farm Life (Version: 2.2.0.97 - WildTangent) Hidden
My Kingdom for the Princess 3 (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker 4 (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RrFilter (Version: 1.0.0.0 - RrFilter) Hidden
Running Sheep (Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skip-Bo - Castaway Caper (Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Super Granny 6 (Version: 2.2.0.97 - WildTangent) Hidden
Symantec Endpoint Protection (HKLM\...\{F4A73EC6-EFC4-488D-AF1A-F2C3CD1BC072}) (Version: 12.1.1101.401 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Wedding Dash (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Version: 4.0.11.2 - WildTangent) Hidden
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

12-06-2014 07:00:56 Windows Update
15-06-2014 20:59:34 Windows Update
20-06-2014 16:11:07 Windows Update
28-06-2014 03:56:34 Windows Update
04-07-2014 00:16:58 Windows Update
08-07-2014 19:49:37 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-06-13 07:31 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {302B4D72-2D51-40F8-AF5B-33E999FFAC76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-25] (Adobe Systems Incorporated)
Task: {5A1CCE28-8D50-4F3B-A3BC-C09B1AA0835E} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {7C794FD1-F88D-493C-98A4-3E846415BB0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EF0503B-CF08-4DBF-A66C-3FA48C741054} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {98ACBAFA-9A6B-4916-BFA8-0B08017BCDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {AB6D0F1E-5B1A-48A7-B2C6-C0CE8DDA2F02} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {BBEA6919-5F0F-429E-88F3-8DDAE9921AB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {DEF96A93-A5F6-4955-BF16-4AD200C520AA} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {E184DC15-513E-4373-ABA8-A3098208973C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {EF6D57FE-419B-4758-A5FB-66B9EF195FFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 16:34 - 2014-03-13 16:34 - 00149504 _____ () c:\Program Files\RrFilter\RrFilterService.exe
2014-03-04 14:25 - 2014-03-04 14:25 - 00102400 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 14:25 - 2014-03-04 14:25 - 00233472 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-11 08:23 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-11 08:23 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-11 08:23 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-07 08:12 - 2014-05-07 08:12 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe
2014-02-19 17:57 - 2014-02-19 17:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-03-19 05:29 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2014 06:33:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b08

Start Time: 01cf9afc69a824d3

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2014 06:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1688

Start Time: 01cf9afbfa03a3ba

Termination Time: 47

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

System errors:
=============
Error: (07/08/2014 02:24:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/08/2014 02:24:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.

Error: (07/08/2014 10:25:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.

Error: (07/08/2014 00:29:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/07/2014 08:46:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (07/07/2014 08:46:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (07/07/2014 08:45:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/07/2014 08:45:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/07/2014 08:45:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

Error: (07/07/2014 05:26:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Microsoft Office Sessions:
=========================
Error: (07/08/2014 06:33:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.171261b0801cf9afc69a824d362C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2014 06:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17126168801cf9afbfa03a3ba47C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2744947

Error: (07/08/2014 06:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (07/08/2014 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 10:50:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

==================== Memory info ===========================

Percentage of memory in use: 88%
Total physical RAM: 1012.3 MB
Available physical RAM: 113.59 MB
Total Pagefile: 3379.81 MB
Available Pagefile: 1652.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.02 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:190.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1E73ADFC)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet · Jul 9, 2014

In the below script I am using also a reboot command, don't be alarmed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

C:\Program Files\002\yewimmxqbs32.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

*************************

Please download Malwarebytes Anti-Malware to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Copy and paste- Attach/Post that log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

plettinsky · Jul 9, 2014

Seems better already. thanks
Here is the fixlog and the malware byte log
While I'm thinking about it. Are these tools safe to use by themselves or would it be better (and not too bothersome) to just consult one of the experts on this forum right away if an infection occurs?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Arianna at 2014-07-08 20:47:30 Run:1
Running from C:\Users\Arianna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\002\yewimmxqbs32.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-05-07] () [File not signed]
Reboot:
end
*****************

C:\Program Files\002\yewimmxqbs32.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
yewimmxqbs32 => Service stopped successfully.
yewimmxqbs32 => Service deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/8/2014
Scan Time: 9:39:58 PM
Logfile: Malwarebytes Anti-Malware log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.08.12
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Arianna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258287
Time Elapsed: 26 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, 680, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14]

Modules: 2
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],

Registry Keys: 9
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [26900d8fb6c5b87e66dc95233ac80cf4],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\Rr Savings, Quarantined, [4c6a6b31205bb680dd5606c38979b848],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, Quarantined, [2393e3b97803c6708da717b2d2307090],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{813BA625-B0FA-48D8-9B75-59759C88C219}, Quarantined, [595df2aa9ae1fd395d78d7ee0cf62ad6],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, Quarantined, [566069331665bb7bb6c02d89758d5ea2],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [03b3683494e7fc3a1b1d8544b74bc23e],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, Quarantined, [8b2ba2faf18aa096ba7d22a7ab5743bd],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-719591629-3742939409-4109149632-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [b600aaf26714cc6a03724b6bb64c04fc],
PUP.Optional.RRSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RrFilterService, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.SystemSpeedup, C:\Users\Arianna\AppData\Roaming\Systweak\ssd, Quarantined, [793db1ebf9827bbb4eeb496ba260ed13],

Files: 14
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\output.txt, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Quarantined, [8c2adebe740738fe4362a81523df12ee],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Installbat.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.xml, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfregdrv.exe, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, Delete-on-Reboot, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\sample.dll, Quarantined, [09ad8c10bfbc6accfad5990d43bfec14],
PUP.Optional.SystemSpeedup, C:\Users\Arianna\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [793db1ebf9827bbb4eeb496ba260ed13],

Physical Sectors: 0
(No malicious items detected)

(end)

Internet browser popping up add pages

New member

Attachments

Security Expert-emeritus

New member

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member