virus

[Junkaroo]

Conduit (fs) Toolbar Level 4 1 This is a moderate risk and should be removed... Conduit Toolbar (v) Toolbar Level 4 1 This is a moderate risk and should be removed... Adware.JS.Conduit (v) Toolbar Level 4 1

This is a moderate risk and should be removed...

 

 

How do I get rid of this tearing my hair out HELP

[Junkaroo]

Please help me ! Why can't I get a answer?

[Juliet]

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Please download

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

Install the progamme and select update

Once it has updated select Settings > Detection and Protection

Tick Scan for rootkits

 

 

Go back to the Dashboard and select Threat Scan and then click on Scan Now

 

 

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

 

 

 

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop

Attach/Post that log

Edited June 24, 2014 by Juliet

[Junkaroo]

Hello... Well I have run the programs as you suggested. ADWCleaner has been run about 6 times. MAlwarebites I have paid version brings up nothing but Pup virus. Computer is really draging. My resulets from both scans.

 

ADWCLEANER

 

# AdwCleaner v3.216 - Report created 18/07/2014 at 16:37:56
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris Ursu - CHRISURSU-PC
# Running from : C:\Users\Chris Ursu\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18317 octets] - [17/07/2014 17:32:52]
AdwCleaner[R1].txt - [1051 octets] - [17/07/2014 17:40:58]
AdwCleaner[R2].txt - [1172 octets] - [17/07/2014 17:55:39]
AdwCleaner[R3].txt - [1292 octets] - [17/07/2014 18:23:08]
AdwCleaner[R4].txt - [1413 octets] - [17/07/2014 19:24:33]
AdwCleaner[R5].txt - [1530 octets] - [18/07/2014 16:07:13]
AdwCleaner[R6].txt - [1653 octets] - [18/07/2014 16:13:28]
AdwCleaner[R7].txt - [1770 octets] - [18/07/2014 16:34:52]
AdwCleaner[s0].txt - [18203 octets] - [17/07/2014 17:34:05]
AdwCleaner[s1].txt - [1113 octets] - [17/07/2014 17:42:08]
AdwCleaner[s2].txt - [1234 octets] - [17/07/2014 18:19:09]
AdwCleaner[s3].txt - [1354 octets] - [17/07/2014 18:50:45]
AdwCleaner[s4].txt - [1474 octets] - [17/07/2014 19:25:31]
AdwCleaner[s5].txt - [1591 octets] - [18/07/2014 16:08:19]
AdwCleaner[s6].txt - [1714 octets] - [18/07/2014 16:15:00]
AdwCleaner[s7].txt - [1691 octets] - [18/07/2014 16:37:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s7].txt - [1751 octets] ##########

 

WHEN IT RUN THE FIRST TIME i SAW A BIG BLACK BOX WITH WHITE WRITING RUNNING VERY FAST.ALSO SEE IN THE SCAN LOTS OF FAILED AFTER LINES WHERE SCANNING.

 

I ran PCPitstop again and it says conduits adware still in computer.

I have downloaded AVG removal tool and removed program.Running Super sheild.

 

 

 

Malwarebites well has always been running on my computer and never recived a restart program always quartine all pup virus.

 

So where do I go from here?

 

 

[Juliet]

pup

Potentially Unwanted Programs

 

Will need to run other tools to see what their not finding.

 

Will want you to run FRST, then post a new topic in

http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

 

OR I can just move this topic.

 

Scan with FRST in normal mode

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Post the FRST.txt
• The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

[Junkaroo]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/18/2014
Scan Time: 5:15:08 PM
Logfile: desk top.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.18.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris Ursu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288606
Time Elapsed: 24 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Junkaroo]

please just move it...Thank you..I also posted malware bites scan.

 

Thank you will run other test

[Juliet]

ok

[Juliet]

Junkaroo

Post your logs here

You posted the Additions log now I need to see the FRST.txt

[Junkaroo]

Thank You here is frst.tex

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Chris Ursu (administrator) on CHRISURSU-PC on 18-07-2014 19:18:14
Running from C:\Users\Chris Ursu\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Astonsoft Ltd) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1727600 2014-06-10] (PC Pitstop LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [incrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-03-28] (IncrediMail, Ltd.)
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\MountPoints2: {db606e77-490a-11e1-bb7a-b870f4f481c2} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{12D75736-79E4-45D5-B3D5-437FDAC93EDD}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{1535B655-C5B7-40FF-8187-A627E3E68B47}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{3BF15144-E0D6-4C4F-8A74-AF71CE8DF05A}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default
FF Homepage: www.news.google.com/news
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Test Pilot - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\[email protected] [2012-05-28]
FF Extension: AVG PrivacyFix - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-04-19]
FF Extension: Adblock Plus - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-16]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF

Chrome:
=======
CHR HomePage:
CHR Extension: (RealDownloader) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-27]
CHR Extension: (Google Wallet) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [4017264 2014-06-10] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)
S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 19:18 - 2014-07-18 19:18 - 00018981 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt
2014-07-18 19:18 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST
2014-07-18 19:17 - 2014-07-18 19:17 - 02086912 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe
2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim
2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt
2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk
2014-07-18 10:12 - 2014-07-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe
2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe
2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe
2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe
2014-07-17 17:35 - 2014-07-18 16:38 - 00002882 _____ () C:\Windows\PFRO.log
2014-07-17 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 17:32 - 2014-07-18 16:37 - 00000000 ____D () C:\AdwCleaner
2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe
2014-07-17 17:29 - 2014-07-17 17:30 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi
2014-07-17 13:51 - 2014-07-18 18:00 - 00001120 _____ () C:\Windows\setupact.log
2014-07-17 13:51 - 2014-07-17 13:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 09:47 - 2012-10-24 14:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-07-17 09:38 - 2014-07-17 09:56 - 01062421 _____ () C:\Users\Chris Ursu\Downloads\avgremover.log
2014-07-14 11:27 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140714-112729.backup
2014-07-09 05:26 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 05:26 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 05:26 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 05:25 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 05:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 05:25 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 05:25 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 05:24 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 05:24 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 05:24 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 05:24 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 05:24 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 05:24 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 05:24 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 05:24 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 05:24 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 05:24 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 05:24 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 05:24 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 05:24 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 05:24 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 05:24 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 05:24 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 05:24 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 05:24 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 05:24 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 05:24 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 05:24 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 05:24 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 05:24 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 05:24 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 05:24 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 05:24 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 05:24 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 05:24 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 05:24 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 05:24 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 05:24 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 05:24 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 05:24 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 05:24 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 05:24 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 05:24 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 05:24 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 05:24 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 05:24 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 05:24 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 05:24 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 05:24 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 05:24 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 05:24 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 05:24 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 05:24 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 05:24 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 05:24 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 05:24 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 05:24 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 05:24 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 05:24 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 05:24 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 05:24 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 05:24 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 05:24 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 05:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 05:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 05:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim
2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim
2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim
2014-06-27 17:16 - 2014-06-27 17:22 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink
2014-06-25 17:36 - 2014-06-25 17:36 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140625_1736.epim
2014-06-25 13:16 - 2014-06-25 19:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-25 13:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-25 13:15 - 2014-06-25 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe
2014-06-24 14:20 - 2014-06-24 14:21 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV
2014-06-19 16:15 - 2014-07-18 19:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2014-06-19 16:07 - 2014-06-19 16:07 - 00002038 _____ () C:\Users\Chris Ursu\Desktop\PC Matic.lnk
2014-06-19 16:06 - 2014-06-19 16:06 - 01399872 _____ (PC Pitstop LLC ) C:\Users\Chris Ursu\Downloads\pcmatic-setup-6398(1).exe
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\Documents\SpeedyComputer
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\SpeedyComputer
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Program Files (x86)\Speeding Software
2014-06-19 12:48 - 2014-06-19 12:49 - 107210488 _____ (Microsoft Corporation) C:\Users\Chris Ursu\Downloads\msert.exe
2014-06-19 11:25 - 2014-06-19 11:30 - 00000000 ____D () C:\ProgramData\SmartPCScan
2014-06-19 11:25 - 2014-06-19 11:25 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\QuickScan
2014-06-19 11:14 - 2013-01-14 12:34 - 00007680 _____ () C:\Users\Chris Ursu\AppData\Local\[email protected]!-32271b4b-536f-4c73-a7cc-f606e9393eb2.tmp
2014-06-19 11:14 - 2013-01-14 12:34 - 00007168 _____ () C:\Users\Chris Ursu\AppData\Local\[email protected]!-daca7d09-4eab-4478-af21-5de3ebd9c89c.tmp
2014-06-19 11:13 - 2014-06-19 11:40 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock
2014-06-19 11:12 - 2014-07-15 11:07 - 00000784 _____ () C:\Windows\wininit.ini
2014-06-19 11:06 - 2014-06-19 11:07 - 05734160 _____ (iYogi) C:\Users\Chris Ursu\Downloads\SDSetup.exe

==================== One Month Modified Files and Folders =======

2014-07-18 19:18 - 2014-07-18 19:18 - 00018981 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt
2014-07-18 19:18 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST
2014-07-18 19:17 - 2014-07-18 19:17 - 02086912 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe
2014-07-18 19:17 - 2014-06-19 16:15 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim
2014-07-18 18:59 - 2011-12-10 01:52 - 00000000 ____D () C:\Users\Chris Ursu
2014-07-18 18:57 - 2012-06-14 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 18:09 - 2014-05-26 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt
2014-07-18 18:00 - 2014-07-17 13:51 - 00001120 _____ () C:\Windows\setupact.log
2014-07-18 18:00 - 2014-05-14 13:40 - 01678120 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 16:47 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 16:47 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 16:41 - 2011-12-10 03:33 - 00000000 ____D () C:\ProgramData\clear.fi
2014-07-18 16:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 16:38 - 2014-07-17 17:35 - 00002882 _____ () C:\Windows\PFRO.log
2014-07-18 16:38 - 2012-05-25 17:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-18 16:37 - 2014-07-17 17:32 - 00000000 ____D () C:\AdwCleaner
2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk
2014-07-18 15:13 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-07-18 10:13 - 2014-07-18 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe
2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe
2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe
2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe
2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe
2014-07-17 17:30 - 2014-07-17 17:29 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi
2014-07-17 13:51 - 2014-07-17 13:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 10:12 - 2014-04-02 17:27 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\CrashDumps
2014-07-17 10:03 - 2014-04-11 11:37 - 00000000 ____D () C:\ProgramData\Avg
2014-07-17 10:03 - 2014-04-11 11:36 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\AvgSetupLog
2014-07-17 10:03 - 2011-12-10 02:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-17 09:56 - 2014-07-17 09:38 - 01062421 _____ () C:\Users\Chris Ursu\Downloads\avgremover.log
2014-07-17 09:47 - 2014-02-16 14:08 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-07-15 11:07 - 2014-06-19 11:12 - 00000784 _____ () C:\Windows\wininit.ini
2014-07-14 11:27 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140715-111103.backup
2014-07-13 08:23 - 2014-03-26 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 08:22 - 2014-03-26 17:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-10 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:44 - 2009-07-14 00:45 - 00453184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:41 - 2014-05-07 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:41 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:19 - 2013-07-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:15 - 2011-12-27 15:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:57 - 2012-06-14 10:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:57 - 2012-05-28 10:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:57 - 2011-07-25 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:26 - 2014-01-07 16:59 - 03674112 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.epim
2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim
2014-07-08 15:22 - 2014-03-28 16:32 - 02834432 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_RESTORED.EPIM
2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim
2014-07-08 11:12 - 2011-12-10 23:39 - 00000471 _____ () C:\Users\Chris Ursu\Desktop\Webmail - Login.website
2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim
2014-06-30 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-29 22:09 - 2014-07-09 05:26 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 05:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 17:22 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema
2014-06-27 17:19 - 2014-02-07 14:29 - 00048640 ___SH () C:\Users\Chris Ursu\Documents\Thumbs.db
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink
2014-06-27 17:16 - 2011-12-10 01:53 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\PowerCinema
2014-06-27 17:16 - 2011-09-16 17:00 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-25 19:21 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-25 17:36 - 2014-06-25 17:36 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140625_1736.epim
2014-06-25 13:30 - 2014-06-25 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe
2014-06-24 14:21 - 2014-06-24 14:20 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV
2014-06-22 15:12 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 15:10 - 2011-07-25 00:23 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-20 16:14 - 2014-07-09 05:24 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 05:24 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 16:07 - 2014-06-19 16:07 - 00002038 _____ () C:\Users\Chris Ursu\Desktop\PC Matic.lnk
2014-06-19 16:07 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
2014-06-19 16:06 - 2014-06-19 16:06 - 01399872 _____ (PC Pitstop LLC ) C:\Users\Chris Ursu\Downloads\pcmatic-setup-6398(1).exe
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\Documents\SpeedyComputer
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\SpeedyComputer
2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Program Files (x86)\Speeding Software
2014-06-19 12:49 - 2014-06-19 12:48 - 107210488 _____ (Microsoft Corporation) C:\Users\Chris Ursu\Downloads\msert.exe
2014-06-19 11:40 - 2014-06-19 11:13 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock
2014-06-19 11:30 - 2014-06-19 11:25 - 00000000 ____D () C:\ProgramData\SmartPCScan
2014-06-19 11:30 - 2011-12-10 01:53 - 00114824 _____ () C:\Users\Chris Ursu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 11:25 - 2014-06-19 11:25 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\QuickScan
2014-06-19 11:07 - 2014-06-19 11:06 - 05734160 _____ (iYogi) C:\Users\Chris Ursu\Downloads\SDSetup.exe
2014-06-18 21:39 - 2014-07-09 05:24 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 05:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 05:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 05:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 05:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 05:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 05:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 05:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 05:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 05:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 05:24 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 05:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 05:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 05:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 05:24 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 05:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 05:24 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 05:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 05:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 05:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 05:24 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 05:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 05:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 05:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 05:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 05:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 05:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 05:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 05:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 05:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 05:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 05:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 05:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 05:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 05:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 05:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 05:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 05:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 05:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 05:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 05:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 05:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 05:24 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 05:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 05:24 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 05:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 05:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 05:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 05:24 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 05:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 05:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 05:24 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 05:24 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 05:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:57

==================== End Of Log ============================

[Junkaroo]

This is second log Thank You

 

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Chris Ursu at 2014-07-18 19:19:53
Running from C:\Users\Chris Ursu\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
ArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.25.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version: - Microsoft)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 4.51 - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\{B9082609-19CD-3D8D-B53C-E1F0D3F409E3}) (Version: 65.223.114 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IncrediMail (x32 Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Matic 1.1.0.51 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.51 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.46 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.46 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.18 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{63AED158-0508-4738-A811-840B2053EF3B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{23073850-B916-414F-9204-AB0512524A6A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

17-07-2014 13:59:05 Removed AVG PC TuneUp 2014
17-07-2014 14:01:27 Removed AVG PC TuneUp 2014 (en-US)
17-07-2014 18:45:01 Installed Microsoft Fix it 50123
17-07-2014 18:48:09 Windows Update
18-07-2014 07:33:00 PC Pitstop Restore Point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-15 11:11 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {08C8BB41-4786-47AB-AE07-27E1276D80B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {0B96BFB0-F7E1-4458-B4DF-621FEB096473} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {140E2D36-F491-4E9E-9D1E-0704A07B5B6A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {1E56F57E-366E-4E4F-8835-B0C29292D096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {1EC0350A-CDC8-4439-981F-12FF1BD9F9FB} - System32\Tasks\{2AF2A639-0EAB-44EE-8E16-F96DC38617B8} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2010-11-10] (Microsoft Corporation)
Task: {356EB764-B4CE-421F-A4CC-EA974A84274A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-349847416-3659534947-3110894470-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {370B3AF4-A44B-4BD4-A14E-EE23C1913BF2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {43F0DDF5-C7F1-4951-8A27-3D1AC398A333} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6E4084A5-A581-4562-9F87-EA9215019A6C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {6FA1BCBA-FC68-4F94-B8A9-08FA1B041EA8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {801C3593-4AF4-4A32-9BE0-6A2CA1592BF5} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8F0F5C85-E42F-4A55-94E9-9CD2344A4254} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B98E3A99-8590-44E3-AF0B-9BBD9CEF9B03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {CD04A0CF-2F1E-421C-8066-9E1E7FCF1884} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {DDC0B459-67C8-4CD0-B698-75BDF6F1DF39} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {E746E547-7C03-4236-B8A7-8ED295492079} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E76762CE-8C36-44B2-8580-1DABB6DB131B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {EE0A1E71-C59E-4126-A2CE-5B2C4E2F1DA6} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F48F261C-CF8A-4A05-9971-4557886F1C89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FA9E9F97-2A94-43E3-B800-E781C23D5640} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-12-13 11:26 - 2010-03-15 19:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-07-17 09:47 - 2010-08-19 22:39 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-07-17 09:49 - 2014-06-20 06:08 - 00192376 _____ () C:\ProgramData\PCPitstopDat\datRT\libBase64.dll
2014-07-17 09:49 - 2014-06-20 06:08 - 00180088 _____ () C:\ProgramData\PCPitstopDat\datRT\libMachoUniv.dll
2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2011-05-20 14:13 - 2011-05-20 14:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-12-13 11:26 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-25 13:16 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-25 13:16 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-25 13:16 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-17 09:47 - 2014-06-10 15:41 - 00184944 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2014-03-28 12:46 - 2014-03-28 12:46 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2014-07-18 10:12 - 2014-07-18 10:13 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\Users\Chris Ursu\Documents\Molly Info PDF.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: avgfws => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

==================== Faulty Device Manager Devices =============

Name: Atheros AR5B125 Wireless Network Adapter
Description: Atheros AR5B125 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2014 04:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 04:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 04:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 10:29:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 07:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 06:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 06:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 05:44:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/18/2014 04:42:06 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:42:06 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:38:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/18/2014 04:18:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:18:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:15:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/18/2014 04:11:57 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:11:57 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (07/18/2014 04:08:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/18/2014 04:04:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.


Microsoft Office Sessions:
=========================
Error: (07/18/2014 04:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 04:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 04:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 10:29:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 07:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 06:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 06:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 05:44:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3818.9 MB
Available physical RAM: 2031.8 MB
Total Pagefile: 7635.98 MB
Available Pagefile: 5573.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:281.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 57247B34)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Junkaroo]

f spybot is disabled do I have to deleat it? or can I run it at times if I want or just clean it out??

Also what is this I do not or ever had Norton how do I find and deleat

 

 

Thank you for your time I hope we can solve this ! Not a very old computer but very discusted now. Help

[Juliet]

f spybot is disabled do I have to deleat it? or can I run it at times if I want or just clean it out??

 

Also what is this I do not or ever had Norton how do I find and deleat

 

 

Thank you for your time I hope we can solve this ! Not a very old computer but very disgusted now. Help

We wont delete SpyBot, only needed to be disabled.

 

Your first post to the HJT forum was in someone else's topic. They had Nortons installed not you.

 

In the below script I've created it will reboot your computer, please don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()

FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF

C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

************************

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

In your next reply please post:

Fixlog.txt

JRT.txt

[Junkaroo]

I really appreicieat your help and are getting frustrated with me...But...I am just fair at computers.I have all the info you need but I dont know how to attach it to "Farbar Recovery Scan Tool" can you direct me there?

ALSO I found that I ran AVG removal tool BUT I have AVG in my tool bar I click on it and it brings up a AVG repair tool that I had I have tried removing it In uninstall Run removal tool again but it will not deleat. I realy think this is my problem. Your thgoughts Please.

 

Help on both subject please

 

 

 

72 yrs old

[Juliet]

Couple of things we can try.

 

When you downloaded it, it went to

Running from C:\Users\Chris Ursu\Downloads

What we can do is open that folder and place the Fixlog.txt inside there.

Then Open FRST and click on the Fix button just once and wait.

Thats pretty much all you have to. Might be a bit complicated or if you rather do it this way:

 

If you can find your Downloads (go to the round Microsoft orb button at the bottom of the screen, a empty search field should be there, type in Downloads. At the top of the results page you should see an Icon named Downloads, open it, right click on the FRST icon and delete it.

We will download it again but this time try to get it located on your desktop to run the tools.

 

For the latest version of Firefox

 

Look at the top of the web page, click on the 3 little bars icon tool.(Don't know what you really call it looks like 3 skinny lines)

Click on the Options icon.

When the page changes, At the top click on the General tab

Look to the Downloads indicator, then check the box for "Save files to", here you can choose where to save. I use Desktop because it's the easiest to find things later.

 

Now, we'll download FRST again.

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

Don't click on anything yet.

 

NEXT

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

 

start

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()

FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF

C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

Reboot:

end

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[Junkaroo]

wow I have everything I need to do this but have two questions..

Note book takes your post I was to copie and paset...But I also put the frts in and try to put frst64 in and it wont take like note pad is full.

Do I make two note pads or is me doing something wrong?

 

Also please tell my exactly how do I attatch note book to Farbar?

Once I know how I can run this program.

[Juliet]

wow I have everything I need to do this but have two questions..

Note book takes your post I was to copie and paset...But I also put the frts in and try to put frst64 in and it wont take like note pad is full.

Do I make two note pads or is me doing something wrong?

 

Also please tell my exactly how do I attatch note book to Farbar?

Once I know how I can run this program.

when you locate FRST icon, place the saved notepad script I created NEXT to it. Then, open FRST (right click and select open, might get a permissions warning) then click on the Fix button.

 

Did this help?

[Junkaroo]

Ok still learning.Hear is what is in notepad..Is this correct?

 

If this is right how do I attach it to farbar64?

 

This is where I am getting stuck.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Chris Ursu (administrator) on CHRISURSU-PC on 21-07-2014 15:37:38
Running from C:\Users\Chris Ursu\Downloads\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1727600 2014-06-10] (PC Pitstop LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [incrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-03-28] (IncrediMail, Ltd.)
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\MountPoints2: {db606e77-490a-11e1-bb7a-b870f4f481c2} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{12D75736-79E4-45D5-B3D5-437FDAC93EDD}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{1535B655-C5B7-40FF-8187-A627E3E68B47}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{3BF15144-E0D6-4C4F-8A74-AF71CE8DF05A}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default
FF Homepage: www.news.google.com/news
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Test Pilot - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\[email protected] [2012-05-28]
FF Extension: AVG PrivacyFix - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-04-19]
FF Extension: Adblock Plus - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-16]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF

Chrome:
=======
CHR HomePage:
CHR Extension: (RealDownloader) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-27]
CHR Extension: (Google Wallet) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [4017264 2014-06-10] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)
S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 15:07 - 2014-07-21 15:37 - 00000000 ____D () C:\Users\Chris Ursu\Downloads\FRST-OlderVersion
2014-07-21 10:03 - 2014-07-21 10:03 - 00000628 _____ () C:\Windows\PFRO.log
2014-07-21 10:01 - 2014-07-21 10:01 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140721_1001.epim
2014-07-21 06:48 - 2014-07-21 14:34 - 00000280 _____ () C:\Windows\setupact.log
2014-07-21 06:48 - 2014-07-21 06:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 12:02 - 2014-07-20 12:02 - 00003204 _____ () C:\Windows\System32\Tasks\{BEE07740-CC68-4606-A55A-09DE3A7F7E8E}
2014-07-18 19:19 - 2014-07-20 12:15 - 00045911 _____ () C:\Users\Chris Ursu\Downloads\Addition.txt
2014-07-18 19:18 - 2014-07-21 15:37 - 00000000 ____D () C:\FRST
2014-07-18 19:18 - 2014-07-20 12:15 - 00042276 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt
2014-07-18 19:17 - 2014-07-21 15:07 - 02090496 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe
2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim
2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt
2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk
2014-07-18 10:12 - 2014-07-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe
2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe
2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe
2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe
2014-07-17 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 17:32 - 2014-07-18 16:37 - 00000000 ____D () C:\AdwCleaner
2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe
2014-07-17 17:29 - 2014-07-17 17:30 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi
2014-07-17 09:47 - 2012-10-24 14:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-07-14 11:27 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140714-112729.backup
2014-07-09 05:26 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 05:26 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 05:26 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 05:25 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 05:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 05:25 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 05:25 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 05:25 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 05:25 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 05:24 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 05:24 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 05:24 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 05:24 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 05:24 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 05:24 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 05:24 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 05:24 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 05:24 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 05:24 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 05:24 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 05:24 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 05:24 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 05:24 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 05:24 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 05:24 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 05:24 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 05:24 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 05:24 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 05:24 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 05:24 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 05:24 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 05:24 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 05:24 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 05:24 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 05:24 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 05:24 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 05:24 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 05:24 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 05:24 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 05:24 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 05:24 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 05:24 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 05:24 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 05:24 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 05:24 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 05:24 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 05:24 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 05:24 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 05:24 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 05:24 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 05:24 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 05:24 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 05:24 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 05:24 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 05:24 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 05:24 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 05:24 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 05:24 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 05:24 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 05:24 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 05:24 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 05:24 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 05:24 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 05:24 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 05:24 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 05:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 05:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 05:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim
2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim
2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim
2014-06-27 17:16 - 2014-06-27 17:22 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink
2014-06-25 13:16 - 2014-06-25 19:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-25 13:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-25 13:15 - 2014-06-25 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe
2014-06-24 14:20 - 2014-06-24 14:21 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV

==================== One Month Modified Files and Folders =======

2014-07-21 15:37 - 2014-07-21 15:07 - 00000000 ____D () C:\Users\Chris Ursu\Downloads\FRST-OlderVersion
2014-07-21 15:37 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST
2014-07-21 15:22 - 2014-05-26 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:07 - 2014-07-18 19:17 - 02090496 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe
2014-07-21 15:07 - 2014-06-19 16:15 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2014-07-21 14:57 - 2012-06-14 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 14:47 - 2014-02-07 14:29 - 00048640 ___SH () C:\Users\Chris Ursu\Documents\Thumbs.db
2014-07-21 14:43 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 14:43 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 14:38 - 2014-05-14 13:40 - 01739174 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 14:37 - 2011-12-10 03:33 - 00000000 ____D () C:\ProgramData\clear.fi
2014-07-21 14:34 - 2014-07-21 06:48 - 00000280 _____ () C:\Windows\setupact.log
2014-07-21 14:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 10:05 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-07-21 10:03 - 2014-07-21 10:03 - 00000628 _____ () C:\Windows\PFRO.log
2014-07-21 10:01 - 2014-07-21 10:01 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140721_1001.epim
2014-07-21 10:01 - 2014-01-07 16:59 - 03674112 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.epim
2014-07-21 10:01 - 2011-12-10 01:52 - 00000000 ____D () C:\Users\Chris Ursu
2014-07-21 06:48 - 2014-07-21 06:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 12:15 - 2014-07-18 19:19 - 00045911 _____ () C:\Users\Chris Ursu\Downloads\Addition.txt
2014-07-20 12:15 - 2014-07-18 19:18 - 00042276 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt
2014-07-20 12:02 - 2014-07-20 12:02 - 00003204 _____ () C:\Windows\System32\Tasks\{BEE07740-CC68-4606-A55A-09DE3A7F7E8E}
2014-07-19 18:28 - 2014-06-19 11:12 - 00001033 _____ () C:\Windows\wininit.ini
2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim
2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt
2014-07-18 16:38 - 2012-05-25 17:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-18 16:37 - 2014-07-17 17:32 - 00000000 ____D () C:\AdwCleaner
2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk
2014-07-18 10:13 - 2014-07-18 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe
2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe
2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe
2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe
2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe
2014-07-17 17:30 - 2014-07-17 17:29 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi
2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi
2014-07-17 10:12 - 2014-04-02 17:27 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\CrashDumps
2014-07-17 10:03 - 2014-04-11 11:37 - 00000000 ____D () C:\ProgramData\Avg
2014-07-17 10:03 - 2014-04-11 11:36 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\AvgSetupLog
2014-07-17 09:47 - 2014-02-16 14:08 - 00000000 ____D () C:\Program Files (x86)\PCPitstop
2014-07-14 11:27 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140715-111103.backup
2014-07-13 08:23 - 2014-03-26 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 08:22 - 2014-03-26 17:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-10 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:44 - 2009-07-14 00:45 - 00453184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:41 - 2014-05-07 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:41 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:19 - 2013-07-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:15 - 2011-12-27 15:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:57 - 2012-06-14 10:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:57 - 2012-05-28 10:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:57 - 2011-07-25 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim
2014-07-08 15:22 - 2014-03-28 16:32 - 02834432 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_RESTORED.EPIM
2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim
2014-07-08 11:12 - 2011-12-10 23:39 - 00000471 _____ () C:\Users\Chris Ursu\Desktop\Webmail - Login.website
2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim
2014-06-30 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-29 22:09 - 2014-07-09 05:26 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 05:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 17:22 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink
2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink
2014-06-27 17:16 - 2011-12-10 01:53 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\PowerCinema
2014-06-27 17:16 - 2011-09-16 17:00 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-25 19:21 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-25 13:30 - 2014-06-25 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe
2014-06-24 14:21 - 2014-06-24 14:20 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV
2014-06-22 15:12 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 15:10 - 2011-07-25 00:23 - 00000000 ____D () C:\ProgramData\WildTangent

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:57

==================== End Of Log ============================ start
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF
C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
Reboot:
end

[Juliet]

We might be getting closer.

 

Let's do this

 

Running from

C:\Users\Chris Ursu\Downloads\FRST-OlderVersion please find this, then right click on it and select CUT

 

then go to an open spot on your computer desktop, right click on the open spot and select Paste.

 

this should move the FRST download to desktop and look like this

next

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. At the top of the notepad you'll see the options

FILE - EDIT- FORMAT-VIEW- HELP

click on FILE, you'll see a drop down window, click on save as, located at the side is where the options are as to where you can save this file.

Look for desktop (Only if you were able to save/move FRST tool to desktop first)and click on that.

near the bottom you'll then type in fixlist in the open area.

save it to the Desktop as fixlist.txt

start

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()

FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF

C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

Reboot:

end

After you have saved this file named fixlist.txt , slide it next to the Icon.

Don't do anything.

 

Next

Double click on the above FRST Icon.

 

when it opens you'll see

Next click on the FIX option on the FRST control panel.

 

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Edited July 23, 2014 by Juliet

[Juliet]

If the above still comes to difficult, let's try this:

 

Reset browsers

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

 

Internet Explorer

How to reset Internet Explorer settings

 

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

 

support link

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

******************

 

Download OTM by OldTimer Here & save it to your desktop.

• Double click on OTM.exe to run it
• Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

 

 

:Files
C:\Program Files (x86)\Perk Prize Panel\pp.dll
C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}]
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Click on MoveIt!
• When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

**************************

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post

OTM log

JRT.txt

[Junkaroo]

I really want to finish this one...But this is where I get stuck.All is saved to desk top as you said.I slide fixlist.txt next to FRSTicon.JPG icon. This where It all stops. I click on FRST64 exe and it pops up Nothing is in thre I click fix it says you dont know what your doing (I belive that But want to learn ) and closes. Are we close?? What could I be doing wrong?

 

 

 

After you have saved this file named fixlist.txt , slide it next to the Icon. (don't understand won't work )
Don't do anything.

Next
Double click on the above FRST Icon.

when it opens you'll see

Next click on the FIX option on the FRST control panel.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Edited by Juliet, Yesterday, 07:45 PM.

[Juliet]

If the above still comes to difficult, let's try this:

 

Reset browsers

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

 

Internet Explorer

How to reset Internet Explorer settings

 

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

 

support link

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

******************

 

Download OTM by OldTimer Here & save it to your desktop.

• Double click on OTM.exe to run it
• Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

 

 

:Files
C:\Program Files (x86)\Perk Prize Panel\pp.dll
C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}]
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Click on MoveIt!
• When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

**************************

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post

OTM log

JRT.txt

 

For the time being, let's just continue with these instructions.

[Junkaroo]

Wow.... Great that reset browesers was the trick. I found a AVG toolbar in firefos extevsioin. Deleated it rebooted run PCPitstop and NO conduits or malware No Threats...Wahooo.., Thank you ever so much! Your time and patince was appricated. Thank you.

[Junkaroo]

I have a new problem that I belive should be simple.. Its too many programs running and high cPU usage like 79 to 100-Percent and really 10 min to boopt up about 35 programs running in task manager.

 

Where do I post this ? Again Thank you !

[Juliet]

Wow.... Great that reset browesers was the trick. I found a AVG toolbar in firefos extevsioin. Deleated it rebooted run PCPitstop and NO conduits or malware No Threats...Wahooo.., Thank you ever so much! Your time and patince was appricated. Thank you.

Yeah!!!!

 

I have a new problem that I belive should be simple.. Its too many programs running and high cPU usage like 79 to 100-Percent and really 10 min to boopt up about 35 programs running in task manager.

 

Where do I post this ? Again Thank you !

This can be from antivirus updating definitions to something but I wont know just yet.

 

 

Find on your desktop ADWCleaner, please right click and select delete.

I want you to download again and let it run. There is no update function with this tool so we need to redownload it.

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

please post these 2 logs.