Junkaroo Posted June 20, 2014 Share Posted June 20, 2014 Conduit (fs) Toolbar Level 4 1 This is a moderate risk and should be removed... Conduit Toolbar (v) Toolbar Level 4 1 This is a moderate risk and should be removed... Adware.JS.Conduit (v) Toolbar Level 4 1 This is a moderate risk and should be removed... How do I get rid of this tearing my hair out HELP Link to post Share on other sites
Junkaroo Posted June 23, 2014 Author Share Posted June 23, 2014 Please help me ! Why can't I get a answer? Link to post Share on other sites
Juliet Posted June 23, 2014 Share Posted June 23, 2014 (edited) -AdwCleaner-by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop. Install the progamme and select update Once it has updated select Settings > Detection and Protection Tick Scan for rootkits Go back to the Dashboard and select Threat Scan and then click on Scan Now If threats are detected, click the Apply Actions button, MBAM will ask for a reboot. On completion of the scan (or after the reboot) select View Detailed Log Select Export > Select text file and save to the desktop Attach/Post that log Edited June 24, 2014 by Juliet Link to post Share on other sites
Junkaroo Posted July 18, 2014 Author Share Posted July 18, 2014 Hello... Well I have run the programs as you suggested. ADWCleaner has been run about 6 times. MAlwarebites I have paid version brings up nothing but Pup virus. Computer is really draging. My resulets from both scans. ADWCLEANER # AdwCleaner v3.216 - Report created 18/07/2014 at 16:37:56# Updated 17/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Chris Ursu - CHRISURSU-PC# Running from : C:\Users\Chris Ursu\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17207-\\ Mozilla Firefox v31.0 (x86 en-US)[ File : C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\prefs.js ]-\\ Google Chrome v35.0.1916.114[ File : C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [18317 octets] - [17/07/2014 17:32:52]AdwCleaner[R1].txt - [1051 octets] - [17/07/2014 17:40:58]AdwCleaner[R2].txt - [1172 octets] - [17/07/2014 17:55:39]AdwCleaner[R3].txt - [1292 octets] - [17/07/2014 18:23:08]AdwCleaner[R4].txt - [1413 octets] - [17/07/2014 19:24:33]AdwCleaner[R5].txt - [1530 octets] - [18/07/2014 16:07:13]AdwCleaner[R6].txt - [1653 octets] - [18/07/2014 16:13:28]AdwCleaner[R7].txt - [1770 octets] - [18/07/2014 16:34:52]AdwCleaner[s0].txt - [18203 octets] - [17/07/2014 17:34:05]AdwCleaner[s1].txt - [1113 octets] - [17/07/2014 17:42:08]AdwCleaner[s2].txt - [1234 octets] - [17/07/2014 18:19:09]AdwCleaner[s3].txt - [1354 octets] - [17/07/2014 18:50:45]AdwCleaner[s4].txt - [1474 octets] - [17/07/2014 19:25:31]AdwCleaner[s5].txt - [1591 octets] - [18/07/2014 16:08:19]AdwCleaner[s6].txt - [1714 octets] - [18/07/2014 16:15:00]AdwCleaner[s7].txt - [1691 octets] - [18/07/2014 16:37:56]########## EOF - C:\AdwCleaner\AdwCleaner[s7].txt - [1751 octets] ########## WHEN IT RUN THE FIRST TIME i SAW A BIG BLACK BOX WITH WHITE WRITING RUNNING VERY FAST.ALSO SEE IN THE SCAN LOTS OF FAILED AFTER LINES WHERE SCANNING. I ran PCPitstop again and it says conduits adware still in computer. I have downloaded AVG removal tool and removed program.Running Super sheild. Malwarebites well has always been running on my computer and never recived a restart program always quartine all pup virus. So where do I go from here? Link to post Share on other sites
Juliet Posted July 18, 2014 Share Posted July 18, 2014 pup Potentially Unwanted Programs Will need to run other tools to see what their not finding. Will want you to run FRST, then post a new topic in http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/ OR I can just move this topic. Scan with FRST in normal mode Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties) (To use correct version for your system.....Which system am I using?) Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Post the FRST.txt The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply. Link to post Share on other sites
Junkaroo Posted July 18, 2014 Author Share Posted July 18, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 7/18/2014Scan Time: 5:15:08 PMLogfile: desk top.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.07.18.09Rootkit Database: v2014.07.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Chris UrsuScan Type: Threat ScanResult: CompletedObjects Scanned: 288606Time Elapsed: 24 min, 6 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites
Junkaroo Posted July 18, 2014 Author Share Posted July 18, 2014 please just move it...Thank you..I also posted malware bites scan. Thank you will run other test Link to post Share on other sites
Juliet Posted July 19, 2014 Share Posted July 19, 2014 Junkaroo Post your logs here You posted the Additions log now I need to see the FRST.txt Link to post Share on other sites
Junkaroo Posted July 20, 2014 Author Share Posted July 20, 2014 Thank You here is frst.tex Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by Chris Ursu (administrator) on CHRISURSU-PC on 18-07-2014 19:18:14Running from C:\Users\Chris Ursu\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Astonsoft Ltd) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1727600 2014-06-10] (PC Pitstop LLC)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [incrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-03-28] (IncrediMail, Ltd.)HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\MountPoints2: {db606e77-490a-11e1-bb7a-b870f4f481c2} - "E:\WD SmartWare.exe" autoplay=trueShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabHosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{12D75736-79E4-45D5-B3D5-437FDAC93EDD}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{1535B655-C5B7-40FF-8187-A627E3E68B47}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{3BF15144-E0D6-4C4F-8A74-AF71CE8DF05A}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90FireFox:========FF ProfilePath: C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.defaultFF Homepage: www.news.google.com/newsFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No FileFF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Test Pilot - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\[email protected] [2012-05-28]FF Extension: AVG PrivacyFix - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-04-19]FF Extension: Adblock Plus - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19]FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-16]FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FFChrome:=======CHR HomePage:CHR Extension: (RealDownloader) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-27]CHR Extension: (Google Wallet) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]==================== Services (Whitelisted) =================S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [4017264 2014-06-10] (PC Pitstop LLC)R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)==================== Drivers (Whitelisted) ====================S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-07-18 19:18 - 2014-07-18 19:18 - 00018981 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt2014-07-18 19:18 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST2014-07-18 19:17 - 2014-07-18 19:17 - 02086912 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk2014-07-18 10:12 - 2014-07-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe2014-07-17 17:35 - 2014-07-18 16:38 - 00002882 _____ () C:\Windows\PFRO.log2014-07-17 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-17 17:32 - 2014-07-18 16:37 - 00000000 ____D () C:\AdwCleaner2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe2014-07-17 17:29 - 2014-07-17 17:30 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi2014-07-17 13:51 - 2014-07-18 18:00 - 00001120 _____ () C:\Windows\setupact.log2014-07-17 13:51 - 2014-07-17 13:51 - 00000000 _____ () C:\Windows\setuperr.log2014-07-17 09:47 - 2012-10-24 14:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys2014-07-17 09:38 - 2014-07-17 09:56 - 01062421 _____ () C:\Users\Chris Ursu\Downloads\avgremover.log2014-07-14 11:27 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140714-112729.backup2014-07-09 05:26 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-09 05:26 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-09 05:26 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 05:25 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 05:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 05:25 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 05:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-09 05:25 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 05:24 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 05:24 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 05:24 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 05:24 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 05:24 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 05:24 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 05:24 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 05:24 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 05:24 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 05:24 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 05:24 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 05:24 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 05:24 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 05:24 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 05:24 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 05:24 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 05:24 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 05:24 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 05:24 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 05:24 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 05:24 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 05:24 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 05:24 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 05:24 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 05:24 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 05:24 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 05:24 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 05:24 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 05:24 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 05:24 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 05:24 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 05:24 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 05:24 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 05:24 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 05:24 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 05:24 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 05:24 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 05:24 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 05:24 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 05:24 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 05:24 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 05:24 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 05:24 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 05:24 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 05:24 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 05:24 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 05:24 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 05:24 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 05:24 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 05:24 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 05:24 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 05:24 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 05:24 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 05:24 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 05:24 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 05:24 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 05:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 05:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 05:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim2014-06-27 17:16 - 2014-06-27 17:22 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink2014-06-25 17:36 - 2014-06-25 17:36 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140625_1736.epim2014-06-25 13:16 - 2014-06-25 19:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-06-25 13:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-06-25 13:15 - 2014-06-25 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe2014-06-24 14:20 - 2014-06-24 14:21 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV2014-06-19 16:15 - 2014-07-18 19:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat2014-06-19 16:07 - 2014-06-19 16:07 - 00002038 _____ () C:\Users\Chris Ursu\Desktop\PC Matic.lnk2014-06-19 16:06 - 2014-06-19 16:06 - 01399872 _____ (PC Pitstop LLC ) C:\Users\Chris Ursu\Downloads\pcmatic-setup-6398(1).exe2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\Documents\SpeedyComputer2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\SpeedyComputer2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Program Files (x86)\Speeding Software2014-06-19 12:48 - 2014-06-19 12:49 - 107210488 _____ (Microsoft Corporation) C:\Users\Chris Ursu\Downloads\msert.exe2014-06-19 11:25 - 2014-06-19 11:30 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-19 11:25 - 2014-06-19 11:25 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\QuickScan2014-06-19 11:14 - 2013-01-14 12:34 - 00007680 _____ () C:\Users\Chris Ursu\AppData\Local\[email protected]!-32271b4b-536f-4c73-a7cc-f606e9393eb2.tmp2014-06-19 11:14 - 2013-01-14 12:34 - 00007168 _____ () C:\Users\Chris Ursu\AppData\Local\[email protected]!-daca7d09-4eab-4478-af21-5de3ebd9c89c.tmp2014-06-19 11:13 - 2014-06-19 11:40 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-19 11:12 - 2014-07-15 11:07 - 00000784 _____ () C:\Windows\wininit.ini2014-06-19 11:06 - 2014-06-19 11:07 - 05734160 _____ (iYogi) C:\Users\Chris Ursu\Downloads\SDSetup.exe==================== One Month Modified Files and Folders =======2014-07-18 19:18 - 2014-07-18 19:18 - 00018981 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt2014-07-18 19:18 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST2014-07-18 19:17 - 2014-07-18 19:17 - 02086912 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe2014-07-18 19:17 - 2014-06-19 16:15 - 00000000 ____D () C:\ProgramData\PCPitstopDat2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim2014-07-18 18:59 - 2011-12-10 01:52 - 00000000 ____D () C:\Users\Chris Ursu2014-07-18 18:57 - 2012-06-14 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-18 18:09 - 2014-05-26 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt2014-07-18 18:00 - 2014-07-17 13:51 - 00001120 _____ () C:\Windows\setupact.log2014-07-18 18:00 - 2014-05-14 13:40 - 01678120 _____ () C:\Windows\WindowsUpdate.log2014-07-18 16:47 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-18 16:47 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-18 16:41 - 2011-12-10 03:33 - 00000000 ____D () C:\ProgramData\clear.fi2014-07-18 16:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-18 16:38 - 2014-07-17 17:35 - 00002882 _____ () C:\Windows\PFRO.log2014-07-18 16:38 - 2012-05-25 17:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-07-18 16:37 - 2014-07-17 17:32 - 00000000 ____D () C:\AdwCleaner2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk2014-07-18 15:13 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\PCPitstop2014-07-18 10:13 - 2014-07-18 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe2014-07-17 17:30 - 2014-07-17 17:29 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi2014-07-17 13:51 - 2014-07-17 13:51 - 00000000 _____ () C:\Windows\setuperr.log2014-07-17 10:12 - 2014-04-02 17:27 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\CrashDumps2014-07-17 10:03 - 2014-04-11 11:37 - 00000000 ____D () C:\ProgramData\Avg2014-07-17 10:03 - 2014-04-11 11:36 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\AvgSetupLog2014-07-17 10:03 - 2011-12-10 02:07 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-17 09:56 - 2014-07-17 09:38 - 01062421 _____ () C:\Users\Chris Ursu\Downloads\avgremover.log2014-07-17 09:47 - 2014-02-16 14:08 - 00000000 ____D () C:\Program Files (x86)\PCPitstop2014-07-15 11:07 - 2014-06-19 11:12 - 00000784 _____ () C:\Windows\wininit.ini2014-07-14 11:27 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140715-111103.backup2014-07-13 08:23 - 2014-03-26 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 08:22 - 2014-03-26 17:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-07-10 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 03:44 - 2009-07-14 00:45 - 00453184 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 03:41 - 2014-05-07 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 03:41 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 03:19 - 2013-07-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:15 - 2011-12-27 15:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-08 16:57 - 2012-06-14 10:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 16:57 - 2012-05-28 10:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 16:57 - 2011-07-25 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 15:26 - 2014-01-07 16:59 - 03674112 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.epim2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim2014-07-08 15:22 - 2014-03-28 16:32 - 02834432 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_RESTORED.EPIM2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim2014-07-08 11:12 - 2011-12-10 23:39 - 00000471 _____ () C:\Users\Chris Ursu\Desktop\Webmail - Login.website2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim2014-06-30 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-06-29 22:09 - 2014-07-09 05:26 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-09 05:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-27 17:22 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema2014-06-27 17:19 - 2014-02-07 14:29 - 00048640 ___SH () C:\Users\Chris Ursu\Documents\Thumbs.db2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink2014-06-27 17:16 - 2011-12-10 01:53 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\PowerCinema2014-06-27 17:16 - 2011-09-16 17:00 - 00000000 ____D () C:\ProgramData\CyberLink2014-06-25 19:21 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-25 17:36 - 2014-06-25 17:36 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140625_1736.epim2014-06-25 13:30 - 2014-06-25 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe2014-06-24 14:21 - 2014-06-24 14:20 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV2014-06-22 15:12 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-06-22 15:10 - 2011-07-25 00:23 - 00000000 ____D () C:\ProgramData\WildTangent2014-06-20 16:14 - 2014-07-09 05:24 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-06-20 15:39 - 2014-07-09 05:24 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-06-19 16:07 - 2014-06-19 16:07 - 00002038 _____ () C:\Users\Chris Ursu\Desktop\PC Matic.lnk2014-06-19 16:07 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop2014-06-19 16:06 - 2014-06-19 16:06 - 01399872 _____ (PC Pitstop LLC ) C:\Users\Chris Ursu\Downloads\pcmatic-setup-6398(1).exe2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\Documents\SpeedyComputer2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\SpeedyComputer2014-06-19 16:04 - 2014-06-19 16:04 - 00000000 ____D () C:\Program Files (x86)\Speeding Software2014-06-19 12:49 - 2014-06-19 12:48 - 107210488 _____ (Microsoft Corporation) C:\Users\Chris Ursu\Downloads\msert.exe2014-06-19 11:40 - 2014-06-19 11:13 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-19 11:30 - 2014-06-19 11:25 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-19 11:30 - 2011-12-10 01:53 - 00114824 _____ () C:\Users\Chris Ursu\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-19 11:25 - 2014-06-19 11:25 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\QuickScan2014-06-19 11:07 - 2014-06-19 11:06 - 05734160 _____ (iYogi) C:\Users\Chris Ursu\Downloads\SDSetup.exe2014-06-18 21:39 - 2014-07-09 05:24 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-18 21:06 - 2014-07-09 05:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-18 21:06 - 2014-07-09 05:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-18 20:48 - 2014-07-09 05:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-18 20:42 - 2014-07-09 05:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-18 20:42 - 2014-07-09 05:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-18 20:41 - 2014-07-09 05:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-06-18 20:41 - 2014-07-09 05:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-18 20:32 - 2014-07-09 05:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-18 20:31 - 2014-07-09 05:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-18 20:26 - 2014-07-09 05:24 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-18 20:24 - 2014-07-09 05:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-18 20:24 - 2014-07-09 05:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-18 20:23 - 2014-07-09 05:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-18 20:16 - 2014-07-09 05:24 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-18 20:14 - 2014-07-09 05:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-18 20:09 - 2014-07-09 05:24 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-18 19:59 - 2014-07-09 05:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-18 19:56 - 2014-07-09 05:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-18 19:53 - 2014-07-09 05:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-18 19:51 - 2014-07-09 05:24 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-18 19:50 - 2014-07-09 05:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-18 19:48 - 2014-07-09 05:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-18 19:39 - 2014-07-09 05:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-18 19:38 - 2014-07-09 05:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-18 19:37 - 2014-07-09 05:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-18 19:36 - 2014-07-09 05:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-18 19:35 - 2014-07-09 05:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-06-18 19:33 - 2014-07-09 05:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-18 19:32 - 2014-07-09 05:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-18 19:28 - 2014-07-09 05:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-18 19:28 - 2014-07-09 05:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-18 19:27 - 2014-07-09 05:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-18 19:27 - 2014-07-09 05:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-18 19:25 - 2014-07-09 05:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-18 19:23 - 2014-07-09 05:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-18 19:22 - 2014-07-09 05:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-18 19:12 - 2014-07-09 05:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-18 19:06 - 2014-07-09 05:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-18 19:01 - 2014-07-09 05:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-18 18:59 - 2014-07-09 05:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-18 18:58 - 2014-07-09 05:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-18 18:58 - 2014-07-09 05:24 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-18 18:52 - 2014-07-09 05:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-18 18:51 - 2014-07-09 05:24 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-18 18:49 - 2014-07-09 05:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-18 18:46 - 2014-07-09 05:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-18 18:45 - 2014-07-09 05:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-18 18:35 - 2014-07-09 05:24 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-18 18:34 - 2014-07-09 05:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-18 18:15 - 2014-07-09 05:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-18 18:13 - 2014-07-09 05:24 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-18 18:09 - 2014-07-09 05:24 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-18 18:07 - 2014-07-09 05:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dllSome content of TEMP:====================C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-07-18 10:57==================== End Of Log ============================ Link to post Share on other sites
Junkaroo Posted July 20, 2014 Author Share Posted July 20, 2014 This is second log Thank You dditional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01Ran by Chris Ursu at 2014-07-18 19:19:53Running from C:\Users\Chris Ursu\DownloadsBoot Mode: Normal============================================================================== Security Center ========================AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}==================== Installed Programs ======================Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - ATI) HiddenArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) HiddenBrother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.25.0 - Brother Industries, Ltd.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hiddenccc-utility64 (Version: 2011.0524.2352.41027 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.)clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hiddenclear.fi (x32 Version: 1.0.1720.00 - CyberLink Corp.) Hiddenclear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hiddenclear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version: - Microsoft)eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 4.51 - )ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\{B9082609-19CD-3D8D-B53C-E1F0D3F409E3}) (Version: 65.223.114 - Google, Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenIdentity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)IncrediMail (x32 Version: 6.3.9.5274 - IncrediMail) HiddenIncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) HiddenMicrosoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) HiddenMicrosoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenMozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) HiddenMyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) HiddennewsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) HiddenNTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) HiddenNuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenPaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)PC Matic 1.1.0.51 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.51 - PC Pitstop LLC)PC Matic Super Shield 1.0.0.46 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.46 - PC Pitstop LLC)PC Pitstop Info Center 1.0.0.18 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenScansoft PDF Professional (x32 Version: - ) HiddenService Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) HiddenShredder (Version: 2.0.8.9 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) HiddenSpybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTimes Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)Times Reader (x32 Version: 2.055 - The New York Times Company) HiddenUpdate for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version: - Microsoft)Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{63AED158-0508-4738-A811-840B2053EF3B}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{23073850-B916-414F-9204-AB0512524A6A}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden==================== Restore Points =========================17-07-2014 13:59:05 Removed AVG PC TuneUp 201417-07-2014 14:01:27 Removed AVG PC TuneUp 2014 (en-US)17-07-2014 18:45:01 Installed Microsoft Fix it 5012317-07-2014 18:48:09 Windows Update18-07-2014 07:33:00 PC Pitstop Restore Point==================== Hosts content: ==========================2009-07-13 22:34 - 2014-07-15 11:11 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 123fporn.info127.0.0.1 www.123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.comThere are 1000 more lines.==================== Scheduled Tasks (whitelisted) =============Task: {08C8BB41-4786-47AB-AE07-27E1276D80B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {0B96BFB0-F7E1-4458-B4DF-621FEB096473} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)Task: {140E2D36-F491-4E9E-9D1E-0704A07B5B6A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)Task: {1E56F57E-366E-4E4F-8835-B0C29292D096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {1EC0350A-CDC8-4439-981F-12FF1BD9F9FB} - System32\Tasks\{2AF2A639-0EAB-44EE-8E16-F96DC38617B8} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2010-11-10] (Microsoft Corporation)Task: {356EB764-B4CE-421F-A4CC-EA974A84274A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-349847416-3659534947-3110894470-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)Task: {370B3AF4-A44B-4BD4-A14E-EE23C1913BF2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)Task: {43F0DDF5-C7F1-4951-8A27-3D1AC398A333} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {6E4084A5-A581-4562-9F87-EA9215019A6C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)Task: {6FA1BCBA-FC68-4F94-B8A9-08FA1B041EA8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)Task: {801C3593-4AF4-4A32-9BE0-6A2CA1592BF5} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)Task: {8F0F5C85-E42F-4A55-94E9-9CD2344A4254} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {B98E3A99-8590-44E3-AF0B-9BBD9CEF9B03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {CD04A0CF-2F1E-421C-8066-9E1E7FCF1884} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)Task: {DDC0B459-67C8-4CD0-B698-75BDF6F1DF39} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)Task: {E746E547-7C03-4236-B8A7-8ED295492079} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {E76762CE-8C36-44B2-8580-1DABB6DB131B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {EE0A1E71-C59E-4126-A2CE-5B2C4E2F1DA6} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exeTask: {F48F261C-CF8A-4A05-9971-4557886F1C89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {FA9E9F97-2A94-43E3-B800-E781C23D5640} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (whitelisted) =============2011-12-13 11:26 - 2010-03-15 19:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll2014-07-17 09:47 - 2010-08-19 22:39 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll2014-07-17 09:49 - 2014-06-20 06:08 - 00192376 _____ () C:\ProgramData\PCPitstopDat\datRT\libBase64.dll2014-07-17 09:49 - 2014-06-20 06:08 - 00180088 _____ () C:\ProgramData\PCPitstopDat\datRT\libMachoUniv.dll2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll2011-05-20 14:13 - 2011-05-20 14:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll2011-12-13 11:26 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2014-06-25 13:16 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-06-25 13:16 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-06-25 13:16 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-07-17 09:47 - 2014-06-10 15:41 - 00184944 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll2014-03-28 12:46 - 2014-03-28 12:46 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll2014-07-18 10:12 - 2014-07-18 10:13 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\Temp:0B4227B4AlternateDataStreams: C:\Users\Chris Ursu\Documents\Molly Info PDF.eml:OECustomProperty==================== Safe Mode (whitelisted) ======================================= EXE Association (whitelisted) ================================= MSCONFIG/TASK MANAGER disabled items =========MSCONFIG\Services: avgfws => 2MSCONFIG\Services: AVGIDSAgent => 2MSCONFIG\Services: avgwd => 2MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYMSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot==================== Faulty Device Manager Devices =============Name: Atheros AR5B125 Wireless Network AdapterDescription: Atheros AR5B125 Wireless Network AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (07/18/2014 04:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 04:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 04:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 10:29:38 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 07:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 06:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 06:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 05:44:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (07/18/2014 04:42:06 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:42:06 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:38:06 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (07/18/2014 04:18:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:18:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:15:49 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (07/18/2014 04:11:57 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:11:57 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )Description: 0x80070422Error: (07/18/2014 04:08:46 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (07/18/2014 04:04:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.Microsoft Office Sessions:=========================Error: (07/18/2014 04:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 04:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 04:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2014 10:29:38 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 07:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 06:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 06:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 05:44:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/17/2014 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info ===========================Percentage of memory in use: 46%Total physical RAM: 3818.9 MBAvailable physical RAM: 2031.8 MBTotal Pagefile: 7635.98 MBAvailable Pagefile: 5573.19 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB==================== Drives ================================Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:281.86 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 57247B34)Partition 1: (Not Active) - (Size=15 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites
Junkaroo Posted July 20, 2014 Author Share Posted July 20, 2014 f spybot is disabled do I have to deleat it? or can I run it at times if I want or just clean it out??Also what is this I do not or ever had Norton how do I find and deleat Thank you for your time I hope we can solve this ! Not a very old computer but very discusted now. Help Link to post Share on other sites
Juliet Posted July 20, 2014 Share Posted July 20, 2014 f spybot is disabled do I have to deleat it? or can I run it at times if I want or just clean it out?? Also what is this I do not or ever had Norton how do I find and deleat Thank you for your time I hope we can solve this ! Not a very old computer but very disgusted now. Help We wont delete SpyBot, only needed to be disabled. Your first post to the HJT forum was in someone else's topic. They had Nortons installed not you. In the below script I've created it will reboot your computer, please don't be alarmed. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 Reboot: end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ************************ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. In your next reply please post: Fixlog.txt JRT.txt Link to post Share on other sites
Junkaroo Posted July 21, 2014 Author Share Posted July 21, 2014 I really appreicieat your help and are getting frustrated with me...But...I am just fair at computers.I have all the info you need but I dont know how to attach it to "Farbar Recovery Scan Tool" can you direct me there? ALSO I found that I ran AVG removal tool BUT I have AVG in my tool bar I click on it and it brings up a AVG repair tool that I had I have tried removing it In uninstall Run removal tool again but it will not deleat. I realy think this is my problem. Your thgoughts Please. Help on both subject please 72 yrs old Link to post Share on other sites
Juliet Posted July 21, 2014 Share Posted July 21, 2014 Couple of things we can try. When you downloaded it, it went to Running from C:\Users\Chris Ursu\Downloads What we can do is open that folder and place the Fixlog.txt inside there. Then Open FRST and click on the Fix button just once and wait. Thats pretty much all you have to. Might be a bit complicated or if you rather do it this way: If you can find your Downloads (go to the round Microsoft orb button at the bottom of the screen, a empty search field should be there, type in Downloads. At the top of the results page you should see an Icon named Downloads, open it, right click on the FRST icon and delete it. We will download it again but this time try to get it located on your desktop to run the tools. For the latest version of Firefox Look at the top of the web page, click on the 3 little bars icon tool.(Don't know what you really call it looks like 3 skinny lines) Click on the Options icon. When the page changes, At the top click on the General tab Look to the Downloads indicator, then check the box for "Save files to", here you can choose where to save. I use Desktop because it's the easiest to find things later. Now, we'll download FRST again. Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties) (To use correct version for your system.....Which system am I using?) Don't click on anything yet. NEXT Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 Reboot: end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Link to post Share on other sites
Junkaroo Posted July 23, 2014 Author Share Posted July 23, 2014 wow I have everything I need to do this but have two questions.. Note book takes your post I was to copie and paset...But I also put the frts in and try to put frst64 in and it wont take like note pad is full. Do I make two note pads or is me doing something wrong? Also please tell my exactly how do I attatch note book to Farbar? Once I know how I can run this program. Link to post Share on other sites
Juliet Posted July 23, 2014 Share Posted July 23, 2014 wow I have everything I need to do this but have two questions.. Note book takes your post I was to copie and paset...But I also put the frts in and try to put frst64 in and it wont take like note pad is full. Do I make two note pads or is me doing something wrong? Also please tell my exactly how do I attatch note book to Farbar? Once I know how I can run this program. when you locate FRST icon, place the saved notepad script I created NEXT to it. Then, open FRST (right click and select open, might get a permissions warning) then click on the Fix button. Did this help? Link to post Share on other sites
Junkaroo Posted July 23, 2014 Author Share Posted July 23, 2014 Ok still learning.Hear is what is in notepad..Is this correct? If this is right how do I attach it to farbar64? This is where I am getting stuck. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014Ran by Chris Ursu (administrator) on CHRISURSU-PC on 21-07-2014 15:37:38Running from C:\Users\Chris Ursu\Downloads\FRST-OlderVersionPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1727600 2014-06-10] (PC Pitstop LLC)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [incrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-03-28] (IncrediMail, Ltd.)HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)HKU\S-1-5-21-349847416-3659534947-3110894470-1000\...\MountPoints2: {db606e77-490a-11e1-bb7a-b870f4f481c2} - "E:\WD SmartWare.exe" autoplay=trueShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll ()BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabHosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{12D75736-79E4-45D5-B3D5-437FDAC93EDD}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{1535B655-C5B7-40FF-8187-A627E3E68B47}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{3BF15144-E0D6-4C4F-8A74-AF71CE8DF05A}: [NameServer]184.172.114.130,208.43.110.90Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90FireFox:========FF ProfilePath: C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.defaultFF Homepage: www.news.google.com/newsFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No FileFF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Test Pilot - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\[email protected] [2012-05-28]FF Extension: AVG PrivacyFix - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-04-19]FF Extension: Adblock Plus - C:\Users\Chris Ursu\AppData\Roaming\Mozilla\Firefox\Profiles\k8z6xrij.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19]FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-16]FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FFChrome:=======CHR HomePage:CHR Extension: (RealDownloader) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-27]CHR Extension: (Google Wallet) - C:\Users\Chris Ursu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]==================== Services (Whitelisted) =================S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [4017264 2014-06-10] (PC Pitstop LLC)R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)==================== Drivers (Whitelisted) ====================S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-07-21 15:07 - 2014-07-21 15:37 - 00000000 ____D () C:\Users\Chris Ursu\Downloads\FRST-OlderVersion2014-07-21 10:03 - 2014-07-21 10:03 - 00000628 _____ () C:\Windows\PFRO.log2014-07-21 10:01 - 2014-07-21 10:01 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140721_1001.epim2014-07-21 06:48 - 2014-07-21 14:34 - 00000280 _____ () C:\Windows\setupact.log2014-07-21 06:48 - 2014-07-21 06:48 - 00000000 _____ () C:\Windows\setuperr.log2014-07-20 12:02 - 2014-07-20 12:02 - 00003204 _____ () C:\Windows\System32\Tasks\{BEE07740-CC68-4606-A55A-09DE3A7F7E8E}2014-07-18 19:19 - 2014-07-20 12:15 - 00045911 _____ () C:\Users\Chris Ursu\Downloads\Addition.txt2014-07-18 19:18 - 2014-07-21 15:37 - 00000000 ____D () C:\FRST2014-07-18 19:18 - 2014-07-20 12:15 - 00042276 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt2014-07-18 19:17 - 2014-07-21 15:07 - 02090496 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk2014-07-18 10:12 - 2014-07-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe2014-07-17 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-17 17:32 - 2014-07-18 16:37 - 00000000 ____D () C:\AdwCleaner2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe2014-07-17 17:29 - 2014-07-17 17:30 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi2014-07-17 09:47 - 2012-10-24 14:39 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys2014-07-14 11:27 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140714-112729.backup2014-07-09 05:26 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-09 05:26 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-09 05:26 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 05:25 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 05:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 05:25 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 05:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-09 05:25 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-09 05:25 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-09 05:25 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 05:24 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 05:24 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 05:24 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 05:24 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 05:24 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 05:24 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 05:24 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 05:24 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 05:24 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 05:24 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 05:24 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 05:24 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 05:24 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 05:24 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 05:24 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 05:24 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 05:24 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 05:24 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 05:24 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 05:24 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 05:24 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 05:24 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 05:24 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 05:24 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 05:24 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 05:24 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 05:24 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 05:24 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 05:24 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 05:24 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 05:24 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 05:24 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 05:24 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 05:24 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 05:24 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 05:24 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 05:24 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 05:24 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 05:24 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 05:24 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 05:24 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 05:24 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 05:24 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 05:24 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 05:24 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 05:24 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 05:24 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 05:24 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 05:24 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 05:24 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 05:24 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 05:24 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 05:24 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 05:24 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 05:24 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 05:24 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 05:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 05:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 05:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim2014-06-27 17:16 - 2014-06-27 17:22 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink2014-06-25 13:16 - 2014-06-25 19:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-06-25 13:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-06-25 13:15 - 2014-06-25 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe2014-06-24 14:20 - 2014-06-24 14:21 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV==================== One Month Modified Files and Folders =======2014-07-21 15:37 - 2014-07-21 15:07 - 00000000 ____D () C:\Users\Chris Ursu\Downloads\FRST-OlderVersion2014-07-21 15:37 - 2014-07-18 19:18 - 00000000 ____D () C:\FRST2014-07-21 15:22 - 2014-05-26 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-21 15:07 - 2014-07-18 19:17 - 02090496 _____ (Farbar) C:\Users\Chris Ursu\Downloads\FRST64.exe2014-07-21 15:07 - 2014-06-19 16:15 - 00000000 ____D () C:\ProgramData\PCPitstopDat2014-07-21 14:57 - 2012-06-14 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-21 14:47 - 2014-02-07 14:29 - 00048640 ___SH () C:\Users\Chris Ursu\Documents\Thumbs.db2014-07-21 14:43 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-21 14:43 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-21 14:38 - 2014-05-14 13:40 - 01739174 _____ () C:\Windows\WindowsUpdate.log2014-07-21 14:37 - 2011-12-10 03:33 - 00000000 ____D () C:\ProgramData\clear.fi2014-07-21 14:34 - 2014-07-21 06:48 - 00000280 _____ () C:\Windows\setupact.log2014-07-21 14:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-21 10:05 - 2014-02-16 14:08 - 00000000 ____D () C:\ProgramData\PCPitstop2014-07-21 10:03 - 2014-07-21 10:03 - 00000628 _____ () C:\Windows\PFRO.log2014-07-21 10:01 - 2014-07-21 10:01 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140721_1001.epim2014-07-21 10:01 - 2014-01-07 16:59 - 03674112 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.epim2014-07-21 10:01 - 2011-12-10 01:52 - 00000000 ____D () C:\Users\Chris Ursu2014-07-21 06:48 - 2014-07-21 06:48 - 00000000 _____ () C:\Windows\setuperr.log2014-07-20 12:15 - 2014-07-18 19:19 - 00045911 _____ () C:\Users\Chris Ursu\Downloads\Addition.txt2014-07-20 12:15 - 2014-07-18 19:18 - 00042276 _____ () C:\Users\Chris Ursu\Downloads\FRST.txt2014-07-20 12:02 - 2014-07-20 12:02 - 00003204 _____ () C:\Windows\System32\Tasks\{BEE07740-CC68-4606-A55A-09DE3A7F7E8E}2014-07-19 18:28 - 2014-06-19 11:12 - 00001033 _____ () C:\Windows\wininit.ini2014-07-18 18:59 - 2014-07-18 18:59 - 01206272 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140718_1859.epim2014-07-18 18:02 - 2014-07-18 18:02 - 00001061 _____ () C:\desk top.txt2014-07-18 16:38 - 2012-05-25 17:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-07-18 16:37 - 2014-07-17 17:32 - 00000000 ____D () C:\AdwCleaner2014-07-18 16:33 - 2014-07-18 16:33 - 00013402 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner - Shortcut.lnk2014-07-18 10:13 - 2014-07-18 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 19:24 - 2014-07-17 19:24 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(5).exe2014-07-17 18:22 - 2014-07-17 18:22 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(4).exe2014-07-17 17:55 - 2014-07-17 17:55 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(3).exe2014-07-17 17:40 - 2014-07-17 17:40 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(2).exe2014-07-17 17:31 - 2014-07-17 17:31 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner(1).exe2014-07-17 17:30 - 2014-07-17 17:29 - 01354223 _____ () C:\Users\Chris Ursu\Downloads\AdwCleaner.exe2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123.msi2014-07-17 14:44 - 2014-07-17 14:44 - 00985600 _____ () C:\Users\Chris Ursu\Downloads\MicrosoftFixit50123(1).msi2014-07-17 10:12 - 2014-04-02 17:27 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\CrashDumps2014-07-17 10:03 - 2014-04-11 11:37 - 00000000 ____D () C:\ProgramData\Avg2014-07-17 10:03 - 2014-04-11 11:36 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\AvgSetupLog2014-07-17 09:47 - 2014-02-16 14:08 - 00000000 ____D () C:\Program Files (x86)\PCPitstop2014-07-14 11:27 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140715-111103.backup2014-07-13 08:23 - 2014-03-26 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 08:22 - 2014-03-26 17:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-07-10 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 03:44 - 2009-07-14 00:45 - 00453184 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 03:41 - 2014-05-07 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 03:41 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 03:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 03:19 - 2013-07-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:15 - 2011-12-27 15:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-08 16:57 - 2012-06-14 10:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 16:57 - 2012-05-28 10:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 16:57 - 2011-07-25 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 15:22 - 2014-07-08 15:22 - 01205760 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED- 01-07-2014.backup_20140708_1522.epim2014-07-08 15:22 - 2014-03-28 16:32 - 02834432 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_RESTORED.EPIM2014-07-08 15:06 - 2014-07-08 15:06 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140708_1506.epim2014-07-08 11:12 - 2011-12-10 23:39 - 00000471 _____ () C:\Users\Chris Ursu\Desktop\Webmail - Login.website2014-07-05 16:31 - 2014-07-05 16:31 - 00719872 _____ () C:\Users\Chris Ursu\ESSPMASD_RESTORED_restored.backup_20140705_1631.epim2014-06-30 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-06-29 22:09 - 2014-07-09 05:26 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-09 05:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-27 17:22 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Roaming\PowerCinema2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\Documents\CyberLink2014-06-27 17:16 - 2014-06-27 17:16 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\Cyberlink2014-06-27 17:16 - 2011-12-10 01:53 - 00000000 ____D () C:\Users\Chris Ursu\AppData\Local\PowerCinema2014-06-27 17:16 - 2011-09-16 17:00 - 00000000 ____D () C:\ProgramData\CyberLink2014-06-25 19:21 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-25 13:30 - 2014-06-25 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-06-25 13:16 - 2014-06-25 13:16 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-25 13:16 - 2014-06-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-06-25 13:14 - 2014-06-25 13:14 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chris Ursu\Downloads\spybot-2.3.exe2014-06-24 14:21 - 2014-06-24 14:20 - 00011684 _____ () C:\Users\Chris Ursu\Downloads\EXPORT.CSV2014-06-22 15:12 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-06-22 15:10 - 2011-07-25 00:23 - 00000000 ____D () C:\ProgramData\WildTangent==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-07-18 10:57==================== End Of Log ============================ start SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 Reboot: end Link to post Share on other sites
Juliet Posted July 23, 2014 Share Posted July 23, 2014 (edited) We might be getting closer. Let's do this Running from C:\Users\Chris Ursu\Downloads\FRST-OlderVersion please find this, then right click on it and select CUT then go to an open spot on your computer desktop, right click on the open spot and select Paste. this should move the FRST download to desktop and look like this next Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. At the top of the notepad you'll see the options FILE - EDIT- FORMAT-VIEW- HELP click on FILE, you'll see a drop down window, click on save as, located at the side is where the options are as to where you can save this file. Look for desktop (Only if you were able to save/move FRST tool to desktop first)and click on that. near the bottom you'll then type in fixlist in the open area. save it to the Desktop as fixlist.txt start SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll () FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Perk Prize Panel\FF C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 Reboot: end After you have saved this file named fixlist.txt , slide it next to the Icon. Don't do anything. Next Double click on the above FRST Icon. when it opens you'll see Next click on the FIX option on the FRST control panel. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Edited July 23, 2014 by Juliet Link to post Share on other sites
Juliet Posted July 24, 2014 Share Posted July 24, 2014 If the above still comes to difficult, let's try this: Reset browsers Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet Explorer How to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. support link https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems ****************** Download OTM by OldTimer Here & save it to your desktop. Double click on OTM.exe to run it Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved Note: Do not type it out to minimize the risk of typo error :Files C:\Program Files (x86)\Perk Prize Panel\pp.dll C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}] :Commands [emptytemp] [EMPTYFLASH] [Reboot] Click on MoveIt! When done, click on Exit Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply. ************************** Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please postOTM log JRT.txt Link to post Share on other sites
Junkaroo Posted July 24, 2014 Author Share Posted July 24, 2014 I really want to finish this one...But this is where I get stuck.All is saved to desk top as you said.I slide fixlist.txt next to FRSTicon.JPG icon. This where It all stops. I click on FRST64 exe and it pops up Nothing is in thre I click fix it says you dont know what your doing (I belive that But want to learn ) and closes. Are we close?? What could I be doing wrong? After you have saved this file named fixlist.txt , slide it next to the Icon. (don't understand won't work )Don't do anything.NextDouble click on the above FRST Icon.when it opens you'll see Next click on the FIX option on the FRST control panel.When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Edited by Juliet, Yesterday, 07:45 PM. Link to post Share on other sites
Juliet Posted July 24, 2014 Share Posted July 24, 2014 If the above still comes to difficult, let's try this: Reset browsers Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet Explorer How to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. support link https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems ****************** Download OTM by OldTimer Here & save it to your desktop. Double click on OTM.exe to run it Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved Note: Do not type it out to minimize the risk of typo error :Files C:\Program Files (x86)\Perk Prize Panel\pp.dll C:\Users\Chris Ursu\AppData\Local\Temp\Quarantine.exe :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}] :Commands [emptytemp] [EMPTYFLASH] [Reboot] Click on MoveIt! When done, click on Exit Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply. ************************** Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please postOTM log JRT.txt For the time being, let's just continue with these instructions. Link to post Share on other sites
Junkaroo Posted July 27, 2014 Author Share Posted July 27, 2014 Wow.... Great that reset browesers was the trick. I found a AVG toolbar in firefos extevsioin. Deleated it rebooted run PCPitstop and NO conduits or malware No Threats...Wahooo.., Thank you ever so much! Your time and patince was appricated. Thank you. Link to post Share on other sites
Junkaroo Posted July 27, 2014 Author Share Posted July 27, 2014 I have a new problem that I belive should be simple.. Its too many programs running and high cPU usage like 79 to 100-Percent and really 10 min to boopt up about 35 programs running in task manager. Where do I post this ? Again Thank you ! Link to post Share on other sites
Juliet Posted July 27, 2014 Share Posted July 27, 2014 Wow.... Great that reset browesers was the trick. I found a AVG toolbar in firefos extevsioin. Deleated it rebooted run PCPitstop and NO conduits or malware No Threats...Wahooo.., Thank you ever so much! Your time and patince was appricated. Thank you. Yeah!!!! I have a new problem that I belive should be simple.. Its too many programs running and high cPU usage like 79 to 100-Percent and really 10 min to boopt up about 35 programs running in task manager. Where do I post this ? Again Thank you ! This can be from antivirus updating definitions to something but I wont know just yet. Find on your desktop ADWCleaner, please right click and select delete. I want you to download again and let it run. There is no update function with this tool so we need to redownload it. -AdwCleaner-by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. please post these 2 logs. Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now