# Trojan? Microsoft Security Essentials error message



## sportsmom2x2 (Sep 3, 2007)

My computer is running strange, opens different web sites, slow, when I tried to run Microsoft 
security essentials I get an error message that states Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item. 
Another error message state Windows host process (Rundll32) has stopped working.

I read the rules, and I ran the logs, hope I got everything I was suppose. This is pretty much new to me and I'm a bit lost. 
before doing this I contacted Acer support , sent me to My Tech support http://acer.mytechhelp.com/?cpid=35049&gclid=CObixtD38bcCFZFFMgod6HUArQ They assisted my by taking over my computer told me I have a trojan and showed me lots of files that need to be removed because it is controling my computer. Then they told me it would cost me a one time cost of $150. I became nervous said that I couldn't do that before I talked to a tech person.
Please advise as what I can do to fix the computer.
Post was too long so will send GMer in 2nd post?

I have an Acer Aspire 5560-7696 Window 7 less than 1 year old. AMD Quad-Core Processor A6 3420 M
Thank you. Pam Lowe [email protected]

Logs attached below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:29 AM, on 6/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Download\iCloudServices.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
O4 - HKCU\..\Run: [iCloudServices] C:\Download\iCloudServices.exe
O4 - HKCU\..\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
O4 - HKCU\..\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
O4 - HKCU\..\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
O4 - HKCU\..\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
O4 - HKCU\..\Run: [keodov] C:\Users\Owner\keodov.exe /c
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15177 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by Owner at 0:07:30 on 2013-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.3197 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Download\iCloudServices.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\helppane.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\splwow64.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\Windows\system32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
uRun: [iCloudServices] C:\Download\iCloudServices.exe
uRun: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
uRun: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
uRun: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
uRun: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
uRun: [keodov] C:\Users\Owner\keodov.exe /c
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\055726C69636143636563737 : DHCPNameServer = 10.8.0.1
TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\64D4D27333132627 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C20DA803-903B-4483-827F-4C1850B1404B} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-6-22 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-6-22 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-22 204288]
R2 AmmyyAdmin;Ammyy Admin;C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [2013-6-19 735512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-6-22 352336]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-6-22 872552]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-27 1900728]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-6-22 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-6-22 142632]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-22 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-20 04:03:03	--------	d-----w-	C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-20 04:03:03	--------	d-----w-	C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-20 04:02:53	--------	d-----w-	C:\ProgramData\SparkTrust
2013-06-20 03:53:49	--------	d-----w-	C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-06-20 03:52:26	82432	--sh--r-	C:\Users\Owner\keodov.exe
2013-06-20 03:51:53	100151	----a-w-	C:\Users\Owner\31796.exe
2013-06-20 03:51:51	278528	----a-w-	C:\Users\Owner\21796.exe
2013-06-20 03:51:14	36864	----a-w-	C:\Users\Owner\roror.exe
2013-06-20 03:37:39	--------	d-----w-	C:\ProgramData\AMMYY
2013-06-20 02:58:20	100149	----a-w-	C:\Users\Owner\31335.exe
2013-06-20 02:57:37	36864	----a-w-	C:\Users\Owner\wewew.exe
2013-06-20 02:39:46	9552976	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{050D9CCF-ECC6-4B59-8C13-3CF70CC11CA9}\mpengine.dll
2013-06-20 02:38:33	--------	d-----w-	C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-20 02:13:17	--------	d-----w-	C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-20 02:12:36	76232	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB749678-AF03-4A03-8D09-C225418658FB}\offreg.dll
2013-06-20 02:11:59	9552976	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB749678-AF03-4A03-8D09-C225418658FB}\mpengine.dll
2013-06-19 22:12:08	96168	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 22:05:30	450560	----a-w-	C:\Users\Owner\AppData\Roaming\dmsil.dll
2013-06-19 22:05:20	688128	----a-w-	C:\Users\Owner\AppData\Roaming\oplgb.dll
2013-06-19 21:58:54	--------	d-----w-	C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 12:46:37	--------	d-----w-	C:\ProgramData\RealNetworks
2013-06-19 12:46:37	--------	d-----w-	C:\Program Files (x86)\RealNetworks
2013-06-19 12:46:08	--------	d-----w-	C:\Program Files (x86)\Common Files\xing shared
2013-06-18 23:35:32	9552976	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 18:28:47	--------	d-----w-	C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 03:22:21	--------	d-----w-	C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-14 02:11:04	964552	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A74B644-C909-4658-BB75-83E8A798387B}\gapaengine.dll
2013-06-12 03:10:12	--------	d-----w-	C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-12 02:36:11	1910632	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-06-12 02:36:09	751104	----a-w-	C:\Windows\System32\win32spl.dll
2013-06-12 02:36:09	492544	----a-w-	C:\Windows\SysWow64\win32spl.dll
2013-06-12 02:36:01	1192448	----a-w-	C:\Windows\System32\certutil.exe
2013-06-12 02:36:00	903168	----a-w-	C:\Windows\SysWow64\certutil.exe
2013-06-12 02:36:00	1464320	----a-w-	C:\Windows\System32\crypt32.dll
2013-06-12 02:36:00	1160192	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-06-12 02:35:59	52224	----a-w-	C:\Windows\System32\certenc.dll
2013-06-12 02:35:59	43008	----a-w-	C:\Windows\SysWow64\certenc.dll
2013-06-12 02:35:59	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-06-12 02:35:59	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 02:35:59	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-06-12 02:35:59	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-06-05 05:09:38	--------	d-----w-	C:\Users\Owner\AppData\Roaming\OverDrive
2013-05-28 03:39:17	564432	----a-w-	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-28 03:28:20	--------	d-----w-	C:\ProgramData\regid.1991-06.com.microsoft
2013-05-28 03:14:07	--------	d-----w-	C:\Program Files\Microsoft Office 15
2013-05-25 22:09:51	--------	d-----w-	C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
.
==================== Find3M ====================
.
2013-06-19 12:45:33	499712	----a-w-	C:\Windows\SysWow64\msvcp71.dll
2013-06-19 12:45:33	348160	----a-w-	C:\Windows\SysWow64\msvcr71.dll
2013-06-13 02:48:23	867240	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17	789416	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-06-13 01:57:41	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 01:57:41	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 03:09:56	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29	1392128	----a-w-	C:\Windows\System32\wininet.dll
2013-05-17 03:01:13	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00	599040	----a-w-	C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-04-23 21:48:36	829264	----a-w-	C:\Windows\System32\msvcr100.dll
2013-04-23 21:48:36	608080	----a-w-	C:\Windows\System32\msvcp100.dll
2013-04-12 14:45:08	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54	265064	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53	983400	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50	3153920	----a-w-	C:\Windows\System32\win32k.sys
.
============= FINISH: 0:08:02.89 ===============


----------



## sportsmom2x2 (Sep 3, 2007)

My computer is running strange, opens different web sites, slow, when I tried to run Microsoft 
security essentials I get an error message that states Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item. 
Another error message state Windows host process (Rundll32) has stopped working.

I read the rules, and I ran the logs, hope I got everything I was suppose. This is pretty much new to me and I'm a bit lost. 
before doing this I contacted Acer support , sent me to My Tech support http://acer.mytechhelp.com/?cpid=350...FZFFMgod6HUArQ They assisted my by taking over my computer told me I have a trojan and showed me lots of files that need to be removed because it is controling my computer. Then they told me it would cost me a one time cost of $150. I became nervous said that I couldn't do that before I talked to a tech person.
Please advise as what I can do to fix the computer.
Post was too long so will send GMer in 2nd post?

I have an Acer Aspire 5560-7696 Window 7 less than 1 year old. AMD Quad-Core Processor A6 3420 M
Thank you. Pam Lowe [email protected]file of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:29 AM, on 6/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Download\iCloudServices.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
O4 - HKCU\..\Run: [iCloudServices] C:\Download\iCloudServices.exe
O4 - HKCU\..\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
O4 - HKCU\..\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
O4 - HKCU\..\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
O4 - HKCU\..\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
O4 - HKCU\..\Run: [keodov] C:\Users\Owner\keodov.exe /c
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15177 bytes


----------



## kevinf80 (Mar 21, 2006)

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Kevin


----------



## sportsmom2x2 (Sep 3, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2013
Ran by Owner (administrator) on 20-06-2013 17:12:09
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI2GZ2GX
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Download\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Owner\48812.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
() C:\Users\Owner\fuoibo.exe
(Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot [x]
HKCU\...\Run: [iCloudServices] C:\Download\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-05-29] (Google Inc.)
HKCU\...\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe [306688 2012-10-17] ()
HKCU\...\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError [688128 2013-06-19] (Axacalto)
HKCU\...\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict [450560 2013-06-19] (Axacalto)
HKCU\...\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll [23040 2013-06-19] ()
HKCU\...\Run: [fuoibo] C:\Users\Owner\fuoibo.exe /y [82432 2013-06-20] ()
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716\n. ATTENTION! ====> ZeroAccess
MountPoints2: {a8079e0f-859c-11e2-802b-206a8a7f234d} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-11-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-19] (RealNetworks, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {431FCF70-772C-4336-9395-B9B87CB7CA85} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AmmyyAdmin; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [735512 2013-06-19] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-20 17:11 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
2013-06-20 17:06 - 2013-06-20 17:10 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 17:05 - 2013-06-20 17:04 - 00082432 __RSH C:\Users\Owner\fuoibo.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00446464 ____A C:\Users\Owner\48812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00272384 ____A (?????????? ??????????) C:\Users\Owner\28812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00099092 ____A C:\Users\Owner\38812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00036864 ____A C:\Users\Owner\heheh.exe
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2013-06-20 01:01 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 23:02 - 2013-06-19 23:12 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 22:51 - 2013-06-19 22:51 - 00278528 ____A (?????????? ??????????) C:\Users\Owner\21796.exe
2013-06-19 22:51 - 2013-06-19 22:51 - 00100151 ____A C:\Users\Owner\31796.exe
2013-06-19 22:51 - 2013-06-19 22:51 - 00036864 ____A C:\Users\Owner\roror.exe
2013-06-19 22:44 - 2013-06-20 00:42 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 21:58 - 2013-06-19 21:58 - 00100149 ____A C:\Users\Owner\31335.exe
2013-06-19 21:57 - 2013-06-19 21:57 - 00036864 ____A C:\Users\Owner\wewew.exe
2013-06-19 21:38 - 2013-06-19 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:12 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:11 - 2013-06-19 17:12 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:05 - 2013-06-19 17:05 - 00688128 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\oplgb.dll
2013-06-19 17:05 - 2013-06-19 17:05 - 00450560 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\dmsil.dll
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 12:58 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 10:50 - 2013-06-16 11:04 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-12 23:06 - 2013-05-16 23:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:06 - 2013-05-16 22:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:06 - 2013-05-16 22:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:06 - 2013-05-16 22:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 22:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 23:06 - 2013-05-16 21:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 21:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:06 - 2013-05-16 21:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 21:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:06 - 2013-05-16 21:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 21:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 23:06 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:06 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:06 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:06 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 23:06 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 23:06 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-11 21:36 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:36 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:36 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:36 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:36 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:36 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:36 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:35 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-06 00:28 - 2013-06-17 17:59 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-05 00:12 - 2013-06-18 22:34 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-27 22:14 - 2013-06-19 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-25 17:09 - 2013-05-25 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

==================== One Month Modified Files and Folders =======

2013-06-20 17:11 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
2013-06-20 17:10 - 2013-06-20 17:06 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 17:09 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 17:09 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 17:06 - 2012-10-10 16:04 - 00000000 ____D C:\users\Owner
2013-06-20 17:04 - 2013-06-20 17:05 - 00082432 __RSH C:\Users\Owner\fuoibo.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00446464 ____A C:\Users\Owner\48812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00272384 ____A (?????????? ??????????) C:\Users\Owner\28812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00099092 ____A C:\Users\Owner\38812.exe
2013-06-20 17:04 - 2013-06-20 17:04 - 00036864 ____A C:\Users\Owner\heheh.exe
2013-06-20 17:02 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-20 17:01 - 2013-03-21 20:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 17:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 17:01 - 2009-07-13 23:51 - 00073477 ____A C:\Windows\setupact.log
2013-06-20 01:02 - 2013-02-17 22:42 - 00000000 ____D C:\Users\Owner\Documents\Error Message
2013-06-20 01:02 - 2012-10-10 16:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-06-20 01:02 - 2012-10-10 16:05 - 00112304 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 01:02 - 2012-06-22 22:07 - 01689515 ____A C:\Windows\WindowsUpdate.log
2013-06-20 01:01 - 2013-06-20 00:03 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:57 - 2012-10-10 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 00:56 - 2013-03-21 20:46 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 00:42 - 2013-06-19 22:44 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:17 - 2009-07-14 00:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 23:12 - 2013-06-19 23:02 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 23:12 - 2012-12-20 03:01 - 00000000 ____D C:\Download
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 22:51 - 2013-06-19 22:51 - 00278528 ____A (?????????? ??????????) C:\Users\Owner\21796.exe
2013-06-19 22:51 - 2013-06-19 22:51 - 00100151 ____A C:\Users\Owner\31796.exe
2013-06-19 22:51 - 2013-06-19 22:51 - 00036864 ____A C:\Users\Owner\roror.exe
2013-06-19 22:48 - 2010-11-20 22:47 - 00049012 ____A C:\Windows\PFRO.log
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 22:26 - 2012-10-10 17:12 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-19 22:20 - 2012-10-29 21:01 - 00000463 ____A C:\Users\Owner\Desktop\Google.website
2013-06-19 22:10 - 2013-05-27 22:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-19 21:58 - 2013-06-19 21:58 - 00100149 ____A C:\Users\Owner\31335.exe
2013-06-19 21:57 - 2013-06-19 21:57 - 00036864 ____A C:\Users\Owner\wewew.exe
2013-06-19 21:48 - 2013-06-19 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:38 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-19 17:11 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:12 - 2012-10-10 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 17:05 - 2013-06-19 17:05 - 00688128 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\oplgb.dll
2013-06-19 17:05 - 2013-06-19 17:05 - 00450560 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\dmsil.dll
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-19 07:46 - 2013-04-03 21:08 - 00000000 ____D C:\Program Files (x86)\Real
2013-06-19 07:46 - 2013-04-03 21:06 - 00000000 ____D C:\ProgramData\Real
2013-06-19 07:45 - 2013-04-03 21:08 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-18 22:34 - 2013-06-05 00:12 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-17 23:11 - 2012-11-04 22:18 - 00000000 ____D C:\Users\Owner\Documents\Orders
2013-06-17 17:59 - 2013-06-06 00:28 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 13:28 - 2013-06-16 12:58 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 11:04 - 2013-06-16 10:50 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-15 13:21 - 2009-07-14 00:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:04 - 2012-10-28 20:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2012-10-10 16:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-10-10 16:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 17:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 17:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:57 - 2012-10-10 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:57 - 2011-11-02 17:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 20:52 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-10 21:36 - 2013-04-03 21:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Real
2013-06-09 16:57 - 2013-03-21 20:47 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-06 00:16 - 2011-11-02 17:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-30 19:24 - 2009-07-13 23:45 - 00449576 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-29 23:06 - 2013-02-15 00:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-05-29 21:24 - 2012-06-22 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-29 21:24 - 2011-11-02 18:09 - 00000000 ____D C:\Windows\ShellNew
2013-05-29 21:24 - 2009-07-13 21:34 - 00000419 ____A C:\Windows\win.ini
2013-05-29 21:20 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-28 23:44 - 2012-11-06 22:50 - 00000000 ____D C:\Users\Owner\Documents\Rental Weatherization
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-25 17:10 - 2013-05-25 17:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip
2013-05-21 09:52 - 2012-11-29 23:51 - 00000000 ____D C:\Users\Owner\Documents\Sand Ridge

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716

Files to move or delete:
====================
C:\Users\Owner\21796.exe
C:\Users\Owner\28812.exe
C:\Users\Owner\31335.exe
C:\Users\Owner\31796.exe
C:\Users\Owner\38812.exe
C:\Users\Owner\48812.exe
C:\Users\Owner\fuoibo.exe
C:\Users\Owner\heheh.exe
C:\Users\Owner\roror.exe
C:\Users\Owner\wewew.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-06-13 18:38

==================== End Of Log ============================


----------



## sportsmom2x2 (Sep 3, 2007)

I got an error message FRST64.exe 1.83MB download.bleepingcomputer.com
This program contained a virus and was deleted. 
FarBar
Finally was run and log is in previous post. 

This is scary!


----------



## sportsmom2x2 (Sep 3, 2007)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2013
Ran by Owner at 2013-06-20 17:13:16 Run:
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI2GZ2GX
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3008)
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer ScreenSaver (Version: 1.1.0902.2011)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Media Foundation Decoders (Version: 1.0.61012.1205)
AMD Steady Video Plug-In (Version: 2.02.0000)
AMD VISION Engine Control Center (Version: 2011.1012.1156.19535)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Backup Manager V3 (Version: 3.0.0.99)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.6.1.3)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
Build-a-lot 4 - Power Source (Version: 2.2.0.97)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1012.1156.19535)
Catalyst Control Center InstallProxy (Version: 2011.1012.1156.19535)
Catalyst Control Center Localization All (Version: 2011.1012.1156.19535)
CCC Help Chinese Standard (Version: 2011.1012.1155.19535)
CCC Help Chinese Traditional (Version: 2011.1012.1155.19535)
CCC Help Czech (Version: 2011.1012.1155.19535)
CCC Help Danish (Version: 2011.1012.1155.19535)
CCC Help Dutch (Version: 2011.1012.1155.19535)
CCC Help English (Version: 2011.1012.1155.19535)
CCC Help Finnish (Version: 2011.1012.1155.19535)
CCC Help French (Version: 2011.1012.1155.19535)
CCC Help German (Version: 2011.1012.1155.19535)
CCC Help Greek (Version: 2011.1012.1155.19535)
CCC Help Hungarian (Version: 2011.1012.1155.19535)
CCC Help Italian (Version: 2011.1012.1155.19535)
CCC Help Japanese (Version: 2011.1012.1155.19535)
CCC Help Korean (Version: 2011.1012.1155.19535)
CCC Help Norwegian (Version: 2011.1012.1155.19535)
CCC Help Polish (Version: 2011.1012.1155.19535)
CCC Help Portuguese (Version: 2011.1012.1155.19535)
CCC Help Russian (Version: 2011.1012.1155.19535)
CCC Help Spanish (Version: 2011.1012.1155.19535)
CCC Help Swedish (Version: 2011.1012.1155.19535)
CCC Help Thai (Version: 2011.1012.1155.19535)
CCC Help Turkish (Version: 2011.1012.1155.19535)
ccc-utility64 (Version: 2011.1012.1156.19535)
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2228.00)
clear.fi (Version: 9.0.8228)
clear.fi Client (Version: 1.00.3500)
Cradle of Rome 2 (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (Version: 7.2.7000.7)
Dora's World Adventure (Version: 2.2.0.95)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 27.0.1453.110)
Google Chrome Frame (Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Match 3 (Version: 2.2.0.97)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4505.1510)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
Nero 7 Essentials (Version: 7.02.5521)
NTI Media Maker 9 (Version: 9.0.2.9002)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1510)
OverDrive Media Console (Version: 3.2.20)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
PowerDVD (Version: 7.0.2414.0)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.6487)
RealUpgrade 1.1 (Version: 1.1.0)
Skype 5.10 (Version: 5.10.116)
Torchlight (Version: 2.2.0.97)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Welcome Center (Version: 1.02.3505)
WildTangent Games App (Version: 4.0.10.5)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma's Revenge (Version: 2.2.0.97)

==================== Restore Points =========================

02-06-2013 00:15:37 Windows Update
05-06-2013 01:19:40 Windows Update
05-06-2013 05:08:30 Installed OverDrive Media Console
09-06-2013 21:29:33 Windows Update
13-06-2013 01:24:04 Windows Update
13-06-2013 04:03:46 Windows Update
17-06-2013 02:48:53 Windows Update
19-06-2013 22:11:03 Installed Java 7 Update 25
20-06-2013 02:38:50 Microsoft Antimalware Checkpoint
20-06-2013 04:14:55 Windows Backup

==================== Scheduled Tasks (whitelisted) =============

Task: {1F0CD60A-7313-4A73-B17E-5A60F060A3A1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: {400CC6E5-1FEC-4339-BF78-FFEA78E0C0EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {489EC641-CAAA-4BDE-8679-2401BC36C1A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {4EBFD99C-7A26-448B-81B5-5DFAA2588946} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {62200642-E631-479B-8107-02E0076AC919} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7D247BFE-A606-4F87-A55C-FCF54D5B390D} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
Task: {82444071-F45D-4201-AF58-E6E830E6A75D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {82E8E264-0757-4F11-8157-28E6930782B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {8DABA620-310A-4140-B790-6AF34FB90A42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {A13A6D2F-1621-4BE5-83A8-2E25D4B841CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {AD131B1B-93ED-4416-902D-472B6CBF122F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {B0237EA9-1314-4F32-98DE-36C7C5579FC4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-06-13] (Microsoft Corporation)
Task: {B5C131ED-C265-4795-85EF-5ED2FD4CF880} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D0189733-7FC6-4B4D-BE1A-519FBF6D5984} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {D8CBA0EB-7F9A-4BE7-A8A5-8C7AF61A2189} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {DB4B4135-D7C0-4B30-BB15-A92FF0721A91} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E32E059E-3D0D-45A5-9651-6C2B170F1151} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 05:11:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02c8f830
Faulting process id: 0xc2c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (06/20/2013 05:04:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: 28812.exe, version: 5.1.2600.5512, time stamp: 0x51c33fc5
Faulting module name: 28812.exe, version: 5.1.2600.5512, time stamp: 0x51c33fc5
Exception code: 0xc0000005
Fault offset: 0x00001f6a
Faulting process id: 0x1020
Faulting application start time: 0x28812.exe0
Faulting application path: 28812.exe1
Faulting module path: 28812.exe2
Report Id: 28812.exe3

Error: (06/20/2013 05:03:08 PM) (Source: Microsoft Office 15) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.

Error: (06/20/2013 00:31:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16490, time stamp: 0x51955cca
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e066
Faulting process id: 0x1654
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/20/2013 00:05:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x854
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (06/20/2013 00:05:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0299fc30
Faulting process id: 0x854
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (06/19/2013 11:11:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: keodov.exe, version: 9.60.0.0, time stamp: 0x51ba39ef
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0018fa85
Faulting process id: 0xa18
Faulting application start time: 0xkeodov.exe0
Faulting application path: keodov.exe1
Faulting module path: keodov.exe2
Report Id: keodov.exe3

Error: (06/19/2013 10:51:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: 21796.exe, version: 5.1.2600.5512, time stamp: 0x51c1fb4e
Faulting module name: 21796.exe, version: 5.1.2600.5512, time stamp: 0x51c1fb4e
Exception code: 0xc0000005
Fault offset: 0x00001f6a
Faulting process id: 0xc54
Faulting application start time: 0x21796.exe0
Faulting application path: 21796.exe1
Faulting module path: 21796.exe2
Report Id: 21796.exe3

Error: (06/19/2013 10:21:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0278e188
Faulting process id: 0xafc
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (06/19/2013 09:56:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 27.0.1453.110, time stamp: 0x51a566a7
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dbe50
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x1138
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

System errors:
=============
Error: (06/20/2013 05:03:21 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (06/20/2013 05:02:11 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891

Error: (06/20/2013 05:02:11 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891

Error: (06/20/2013 05:02:02 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (06/20/2013 05:01:30 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891

Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060

Error: (06/20/2013 05:01:20 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5

Microsoft Office Sessions:
=========================
Error: (06/20/2013 05:11:19 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000502c8f830c2c01ce6e01b9d99e9dC:\Windows\SysWOW64\rundll32.exeunknown54c34cff-d9f6-11e2-9e57-206a8a7f234d

Error: (06/20/2013 05:04:54 PM) (Source: Application Error)(User: )
Description: 28812.exe5.1.2600.551251c33fc528812.exe5.1.2600.551251c33fc5c000000500001f6a102001ce6e023073f0deC:\Users\Owner\28812.exeC:\Users\Owner\28812.exe6f68f9a3-d9f5-11e2-9e57-206a8a7f234d

Error: (06/20/2013 05:03:08 PM) (Source: Microsoft Office 15)(User: )
Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?

Error: (06/20/2013 00:31:07 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1649051955ccantdll.dll6.1.7601.177254ec49b8fc00000050002e066165401ce6d694871bfb4C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll9ace98f7-d96a-11e2-8c5b-206a8a7f234d

Error: (06/20/2013 00:05:33 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c385401ce6d6919f6d931C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dll08f960ef-d967-11e2-8c5b-206a8a7f234d

Error: (06/20/2013 00:05:29 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000050299fc3085401ce6d6919f6d931C:\Windows\SysWOW64\rundll32.exeunknown06832bd8-d967-11e2-8c5b-206a8a7f234d

Error: (06/19/2013 11:11:12 PM) (Source: Application Error)(User: )
Description: keodov.exe9.60.0.051ba39efunknown0.0.0.000000000c00000050018fa85a1801ce6d699e38ff0dC:\Users\Owner\keodov.exeunknown70b036dd-d95f-11e2-8c5b-206a8a7f234d

Error: (06/19/2013 10:51:54 PM) (Source: Application Error)(User: )
Description: 21796.exe5.1.2600.551251c1fb4e21796.exe5.1.2600.551251c1fb4ec000000500001f6ac5401ce6d697fd41d38C:\Users\Owner\21796.exeC:\Users\Owner\21796.exebecb875e-d95c-11e2-8c5b-206a8a7f234d

Error: (06/19/2013 10:21:05 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000050278e188afc01ce6d619cbd5670C:\Windows\SysWOW64\rundll32.exeunknown70a7d02a-d958-11e2-99e5-206a8a7f234d

Error: (06/19/2013 09:56:57 PM) (Source: Application Error)(User: )
Description: chrome.exe27.0.1453.11051a566a7KERNELBASE.dll6.1.7601.17965506dbe500eedfade0000c41f113801ce6d61c397fad1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll11a270c2-d955-11e2-99e5-206a8a7f234d

CodeIntegrity Errors:
===================================
Date: 2013-06-18 22:44:56.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:44:56.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:36:42.546
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:36:42.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 5606.11 MB
Available physical RAM: 3613.95 MB
Total Pagefile: 11210.4 MB
Available Pagefile: 8764.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:449.55 GB) (Free:393.55 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 690B93AE)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## sportsmom2x2 (Sep 3, 2007)

When tried to close down computer. message fuoibo.exe program is preventing windows from shutting down.


----------



## kevinf80 (Mar 21, 2006)

Yep you have new version of ZeroAccess rootkit infection, continue. It is essential the fixes are run in the order given, also make sure each completes before moving to next on...

First:

Download attached *fixlist.txt* file and save it to the Desktop.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB Team Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php 
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post the two produced logs, also confirm if Service repair was ran successfully..

Kevin


----------



## sportsmom2x2 (Sep 3, 2007)

After opening fixlist.txt System care antivirus appeared on my desk top?


----------



## kevinf80 (Mar 21, 2006)

Why did you open fixlist.txt, that should have been d/l to desktop next to FRST and not opened. You should then have ran FRST exactly as instructed and nothing else.

fixlist.txt is only a plain text set of commands for FRST to use as directed, it cannot do anything else. Can you please follow the instructions exactly as I gave them....


----------



## sportsmom2x2 (Sep 3, 2007)

I goofed, I could not find the FRST on my desktop that I down loaded last night. 
Sorry, I am a novice and doing the best I can. I appreciate your help.
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 02
Ran by Owner at 2013-06-22 02:53:27 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Deew => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\oplgb => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dmsil => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\fuoibo => Value not found.
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716 => Moved successfully.

"C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716" directory move:

C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\@ => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\n => Moved successfully.
Could not move "C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716" directory. => Scheduled to move on reboot.

C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\oplgb.dll => Moved successfully.
C:\Users\Owner\AppData\Roaming\dmsil.dll => Moved successfully.
C:\Users\Owner\21796.exe => Moved successfully.
C:\Users\Owner\28812.exe => Moved successfully.
C:\Users\Owner\31335.exe => Moved successfully.
C:\Users\Owner\31796.exe => Moved successfully.
C:\Users\Owner\38812.exe => Moved successfully.
C:\Users\Owner\48812.exe => Moved successfully.
C:\Users\Owner\fuoibo.exe => File/Directory not found.
C:\Users\Owner\heheh.exe => Moved successfully.
C:\Users\Owner\roror.exe => Moved successfully.
C:\Users\Owner\wewew.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

=========== Result of Scheduled Files to move ===========
C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716 => Moved successfully.

==== End of Fixlog ====


----------



## kevinf80 (Mar 21, 2006)

Can you continue and run the Service repair tool and then Malwarebytes?


----------



## sportsmom2x2 (Sep 3, 2007)

I ran the service repair tool, and then Malware but I can not open this forum on the infective computer. It seems that System care is gone, but internet is still not running correctly. example can't open this forum, when I try to open a internet page. Open page doesn not look correct. No ribbon on top and 2 lines at top.


----------



## kevinf80 (Mar 21, 2006)

Can you run the following,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## sportsmom2x2 (Sep 3, 2007)

Farbar Service Scanner Version: 16-06-2013
Ran by Owner (administrator) on 22-06-2013 at 14:04:35
Running from "C:\Users\Owner\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-11 21:36] - [2013-05-08 01:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-11 21:35] - [2013-05-13 00:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## sportsmom2x2 (Sep 3, 2007)

I was able to final open this forum on my infected computer, before I received your last replay. But I did run the scan see above. Here are the logs from the Malware scan earlier
Malwarebytes Anti-Malware 1.75.0.1300 6/22/2013 3:43:18 AM

www.malwarebytes.org

Database version: v2013.06.22.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

6/22/2013 3:43:18 AM
mbam-log-2013-06-22 (03-43-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338818
Time elapsed: 38 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|4C7AB9302E32EE4600004C7A6CBAF378 (Trojan.FakeAlert.SSGen) -> Data: C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378\4C7AB9302E32EE4600004C7A6CBAF378.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
C:\FRST\Quarantine\21796.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\28812.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\31335.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\31796.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\38812.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\48812.exe (Trojan.FakeAlert.SRE) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\deew.exe (Trojan.Agent.rf) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\Users\Owner\3793.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsb698C.tmp\hdjlybhd.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsgD75B.tmp\wwbpywzv.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsr60C6.tmp\zzwvysxv.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsrB09A.tmp\pqcjoctg.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Queqza\etyq.exe (Trojan.Agent.rf) -> Quarantined and deleted successfully.
C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378\4C7AB9302E32EE4600004C7A6CBAF378.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300 6/22/2013 3:43:18 AM

www.malwarebytes.org

Database version: v2013.06.22.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

6/22/2013 3:43:18 AM
mbam-log-2013-06-22 (03-43-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338818
Time elapsed: 38 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|4C7AB9302E32EE4600004C7A6CBAF378 (Trojan.FakeAlert.SSGen) -> Data: C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378\4C7AB9302E32EE4600004C7A6CBAF378.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
C:\FRST\Quarantine\21796.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\28812.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\31335.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\31796.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\38812.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\48812.exe (Trojan.FakeAlert.SRE) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\deew.exe (Trojan.Agent.rf) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\Users\Owner\3793.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsb698C.tmp\hdjlybhd.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsgD75B.tmp\wwbpywzv.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsr60C6.tmp\zzwvysxv.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsrB09A.tmp\pqcjoctg.exe (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Queqza\etyq.exe (Trojan.Agent.rf) -> Quarantined and deleted successfully.
C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378\4C7AB9302E32EE4600004C7A6CBAF378.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.22.02 6/22/2013 4:47:01 AM

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

6/22/2013 4:47:01 AM
mbam-log-2013-06-22 (04-47-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211165
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

Can you post the log from Farbar Service Scanner, i`d also like to see a fresh log from FRST. Igive instruction again just incase,

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

***Edit I see you`ve already posted FSS log, just run FRST......


----------



## sportsmom2x2 (Sep 3, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Owner (administrator) on 22-06-2013 15:06:47
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Download\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot [x]
HKCU\...\Run: [iCloudServices] C:\Download\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-14] (Google Inc.)
HKCU\...\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll [23040 2013-06-19] ()
MountPoints2: {a8079e0f-859c-11e2-802b-206a8a7f234d} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-11-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-19] (RealNetworks, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {431FCF70-772C-4336-9395-B9B87CB7CA85} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AmmyyAdmin; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [735512 2013-06-19] ()
R2 MBAMScheduler; C:\Download\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Download\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-22 15:05 - 2013-06-22 15:06 - 01931364 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 14:04 - 2013-06-22 14:04 - 00002570 ____A C:\Users\Owner\Desktop\FSS.txt
2013-06-22 14:02 - 2013-06-22 14:02 - 00355927 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-06-22 03:41 - 2013-06-22 03:41 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 03:40 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-22 03:39 - 2013-06-22 03:39 - 00002566 ____A C:\Users\Owner\Desktop\Rkill2.txt
2013-06-22 03:29 - 2013-06-22 03:29 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\iExplore64.exe
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 03:16 - 2013-06-22 03:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 04009167 ____A C:\Users\Owner\Desktop\ServicesRepair.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-06-22 02:40 - 2013-06-22 03:37 - 00002566 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-22 02:40 - 2013-06-22 02:40 - 00000000 ____D C:\Users\Owner\Desktop\rkill
2013-06-22 01:36 - 2013-06-22 01:37 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-22 01:34 - 2013-06-22 01:40 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-20 17:11 - 2013-06-22 02:55 - 00000000 ____D C:\FRST
2013-06-20 17:06 - 2013-06-20 17:10 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2013-06-20 01:01 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 23:02 - 2013-06-19 23:12 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 22:44 - 2013-06-20 00:42 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 21:38 - 2013-06-19 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:12 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:11 - 2013-06-19 17:12 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 12:58 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 10:50 - 2013-06-16 11:04 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-12 23:06 - 2013-05-16 23:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:06 - 2013-05-16 22:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:06 - 2013-05-16 22:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:06 - 2013-05-16 22:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 22:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 23:06 - 2013-05-16 21:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 21:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:06 - 2013-05-16 21:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 21:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:06 - 2013-05-16 21:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 21:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 23:06 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:06 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:06 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:06 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 23:06 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 23:06 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-11 21:36 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:36 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:36 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:36 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:36 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:36 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:36 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:35 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-06 00:28 - 2013-06-17 17:59 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-05 00:12 - 2013-06-18 22:34 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-27 22:14 - 2013-06-19 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-25 17:09 - 2013-05-25 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

==================== One Month Modified Files and Folders =======

2013-06-22 15:06 - 2013-06-22 15:05 - 01931364 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 14:57 - 2012-10-10 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 14:56 - 2013-03-21 20:46 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 14:45 - 2012-06-22 22:07 - 01866442 ____A C:\Windows\WindowsUpdate.log
2013-06-22 14:04 - 2013-06-22 14:04 - 00002570 ____A C:\Users\Owner\Desktop\FSS.txt
2013-06-22 14:02 - 2013-06-22 14:02 - 00355927 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-06-22 11:54 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:54 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-22 11:47 - 2013-03-21 20:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 11:47 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 11:46 - 2009-07-13 23:51 - 00073813 ____A C:\Windows\setupact.log
2013-06-22 04:50 - 2012-10-10 16:04 - 00000000 ____D C:\users\Owner
2013-06-22 04:26 - 2010-11-20 22:47 - 00052630 ____A C:\Windows\PFRO.log
2013-06-22 04:24 - 2012-10-12 09:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Queqza
2013-06-22 03:41 - 2013-06-22 03:41 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 03:41 - 2012-10-29 21:01 - 00000463 ____A C:\Users\Owner\Desktop\Google.website
2013-06-22 03:40 - 2012-12-20 03:01 - 00000000 ____D C:\Download
2013-06-22 03:39 - 2013-06-22 03:39 - 00002566 ____A C:\Users\Owner\Desktop\Rkill2.txt
2013-06-22 03:37 - 2013-06-22 02:40 - 00002566 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-22 03:29 - 2013-06-22 03:29 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\iExplore64.exe
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 03:16 - 2013-06-22 03:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 04009167 ____A C:\Users\Owner\Desktop\ServicesRepair.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-06-22 03:07 - 2012-10-10 16:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-06-22 02:55 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
2013-06-22 02:53 - 2012-10-17 01:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Akhuw
2013-06-22 02:40 - 2013-06-22 02:40 - 00000000 ____D C:\Users\Owner\Desktop\rkill
2013-06-22 01:59 - 2013-03-21 20:47 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-22 01:40 - 2013-06-22 01:34 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-22 01:37 - 2013-06-22 01:36 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-20 17:10 - 2013-06-20 17:06 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 01:02 - 2013-02-17 22:42 - 00000000 ____D C:\Users\Owner\Documents\Error Message
2013-06-20 01:02 - 2012-10-10 16:05 - 00112304 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 01:01 - 2013-06-20 00:03 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:42 - 2013-06-19 22:44 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:17 - 2009-07-14 00:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 23:12 - 2013-06-19 23:02 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 22:26 - 2012-10-10 17:12 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-19 22:10 - 2013-05-27 22:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-19 21:48 - 2013-06-19 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:38 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-19 17:11 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:12 - 2012-10-10 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-19 07:46 - 2013-04-03 21:08 - 00000000 ____D C:\Program Files (x86)\Real
2013-06-19 07:46 - 2013-04-03 21:06 - 00000000 ____D C:\ProgramData\Real
2013-06-19 07:45 - 2013-04-03 21:08 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-18 22:34 - 2013-06-05 00:12 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-17 23:11 - 2012-11-04 22:18 - 00000000 ____D C:\Users\Owner\Documents\Orders
2013-06-17 17:59 - 2013-06-06 00:28 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 13:28 - 2013-06-16 12:58 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 11:04 - 2013-06-16 10:50 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-15 13:21 - 2009-07-14 00:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:04 - 2012-10-28 20:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2012-10-10 16:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-10-10 16:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 17:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 17:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:57 - 2012-10-10 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:57 - 2011-11-02 17:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 20:52 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-10 21:36 - 2013-04-03 21:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Real
2013-06-06 00:16 - 2011-11-02 17:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-30 19:24 - 2009-07-13 23:45 - 00449576 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-29 23:06 - 2013-02-15 00:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-05-29 21:24 - 2012-06-22 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-29 21:24 - 2011-11-02 18:09 - 00000000 ____D C:\Windows\ShellNew
2013-05-29 21:24 - 2009-07-13 21:34 - 00000419 ____A C:\Windows\win.ini
2013-05-29 21:20 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-28 23:44 - 2012-11-06 22:50 - 00000000 ____D C:\Users\Owner\Documents\Rental Weatherization
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-25 17:10 - 2013-05-25 17:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-13 18:38

==================== End Of Log ============================
Had to reload FRST error message for the one I down loaded yesterday saying needed to be updated


----------



## sportsmom2x2 (Sep 3, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Owner (administrator) on 22-06-2013 15:17:33
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Download\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Download\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot [x]
HKCU\...\Run: [iCloudServices] C:\Download\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-14] (Google Inc.)
HKCU\...\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll [23040 2013-06-19] ()
MountPoints2: {a8079e0f-859c-11e2-802b-206a8a7f234d} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-11-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-19] (RealNetworks, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {431FCF70-772C-4336-9395-B9B87CB7CA85} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AmmyyAdmin; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [735512 2013-06-19] ()
R2 MBAMScheduler; C:\Download\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Download\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-22 15:05 - 2013-06-22 15:06 - 01931364 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 14:04 - 2013-06-22 14:04 - 00002570 ____A C:\Users\Owner\Desktop\FSS.txt
2013-06-22 14:02 - 2013-06-22 14:02 - 00355927 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-06-22 03:41 - 2013-06-22 03:41 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 03:40 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-22 03:39 - 2013-06-22 03:39 - 00002566 ____A C:\Users\Owner\Desktop\Rkill2.txt
2013-06-22 03:29 - 2013-06-22 03:29 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\iExplore64.exe
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 03:16 - 2013-06-22 03:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 04009167 ____A C:\Users\Owner\Desktop\ServicesRepair.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-06-22 02:40 - 2013-06-22 03:37 - 00002566 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-22 02:40 - 2013-06-22 02:40 - 00000000 ____D C:\Users\Owner\Desktop\rkill
2013-06-22 01:36 - 2013-06-22 01:37 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-22 01:34 - 2013-06-22 01:40 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-20 17:11 - 2013-06-22 02:55 - 00000000 ____D C:\FRST
2013-06-20 17:06 - 2013-06-20 17:10 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2013-06-20 01:01 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 23:02 - 2013-06-19 23:12 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 22:44 - 2013-06-20 00:42 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 21:38 - 2013-06-19 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:12 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:11 - 2013-06-19 17:12 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 12:58 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 10:50 - 2013-06-16 11:04 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-12 23:06 - 2013-05-16 23:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 23:06 - 2013-05-16 22:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 23:06 - 2013-05-16 22:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:06 - 2013-05-16 22:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 23:06 - 2013-05-16 22:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 22:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 23:06 - 2013-05-16 21:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 23:06 - 2013-05-16 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 21:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:06 - 2013-05-16 21:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 21:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 23:06 - 2013-05-16 21:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 21:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 23:06 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:06 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 23:06 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:06 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 23:06 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 23:06 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 23:06 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:06 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 23:06 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 23:06 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 23:06 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 23:06 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:06 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-11 21:36 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:36 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:36 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:36 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:36 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:36 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:36 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:35 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-06 00:28 - 2013-06-17 17:59 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-05 00:12 - 2013-06-18 22:34 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-27 22:14 - 2013-06-19 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-25 17:09 - 2013-05-25 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

==================== One Month Modified Files and Folders =======

2013-06-22 15:06 - 2013-06-22 15:05 - 01931364 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 14:57 - 2012-10-10 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 14:56 - 2013-03-21 20:46 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 14:45 - 2012-06-22 22:07 - 01866442 ____A C:\Windows\WindowsUpdate.log
2013-06-22 14:04 - 2013-06-22 14:04 - 00002570 ____A C:\Users\Owner\Desktop\FSS.txt
2013-06-22 14:02 - 2013-06-22 14:02 - 00355927 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-06-22 11:54 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:54 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-22 11:47 - 2013-03-21 20:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 11:47 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 11:46 - 2009-07-13 23:51 - 00073813 ____A C:\Windows\setupact.log
2013-06-22 04:50 - 2012-10-10 16:04 - 00000000 ____D C:\users\Owner
2013-06-22 04:26 - 2010-11-20 22:47 - 00052630 ____A C:\Windows\PFRO.log
2013-06-22 04:24 - 2012-10-12 09:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Queqza
2013-06-22 03:41 - 2013-06-22 03:41 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 03:41 - 2012-10-29 21:01 - 00000463 ____A C:\Users\Owner\Desktop\Google.website
2013-06-22 03:40 - 2012-12-20 03:01 - 00000000 ____D C:\Download
2013-06-22 03:39 - 2013-06-22 03:39 - 00002566 ____A C:\Users\Owner\Desktop\Rkill2.txt
2013-06-22 03:37 - 2013-06-22 02:40 - 00002566 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-06-22 03:29 - 2013-06-22 03:29 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\iExplore64.exe
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 03:16 - 2013-06-22 03:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 04009167 ____A C:\Users\Owner\Desktop\ServicesRepair.exe
2013-06-22 03:07 - 2013-06-22 03:07 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-06-22 03:07 - 2012-10-10 16:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-06-22 02:55 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
2013-06-22 02:53 - 2012-10-17 01:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Akhuw
2013-06-22 02:40 - 2013-06-22 02:40 - 00000000 ____D C:\Users\Owner\Desktop\rkill
2013-06-22 01:59 - 2013-03-21 20:47 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-22 01:40 - 2013-06-22 01:34 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-22 01:37 - 2013-06-22 01:36 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-20 17:10 - 2013-06-20 17:06 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 01:02 - 2013-02-17 22:42 - 00000000 ____D C:\Users\Owner\Documents\Error Message
2013-06-20 01:02 - 2012-10-10 16:05 - 00112304 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 01:01 - 2013-06-20 00:03 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:42 - 2013-06-19 22:44 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:17 - 2009-07-14 00:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 23:12 - 2013-06-19 23:02 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-19 22:26 - 2012-10-10 17:12 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-19 22:10 - 2013-05-27 22:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-19 21:48 - 2013-06-19 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:38 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-19 17:11 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:12 - 2012-10-10 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-19 07:46 - 2013-04-03 21:08 - 00000000 ____D C:\Program Files (x86)\Real
2013-06-19 07:46 - 2013-04-03 21:06 - 00000000 ____D C:\ProgramData\Real
2013-06-19 07:45 - 2013-04-03 21:08 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-18 22:34 - 2013-06-05 00:12 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-17 23:11 - 2012-11-04 22:18 - 00000000 ____D C:\Users\Owner\Documents\Orders
2013-06-17 17:59 - 2013-06-06 00:28 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
2013-06-16 13:28 - 2013-06-16 12:58 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 11:04 - 2013-06-16 10:50 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
2013-06-15 13:21 - 2009-07-14 00:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:04 - 2012-10-28 20:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2012-10-10 16:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-10-10 16:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 17:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 17:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:57 - 2012-10-10 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:57 - 2011-11-02 17:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 20:52 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
2013-06-10 21:36 - 2013-04-03 21:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Real
2013-06-06 00:16 - 2011-11-02 17:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
2013-05-30 19:24 - 2009-07-13 23:45 - 00449576 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-29 23:06 - 2013-02-15 00:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-05-29 21:24 - 2012-06-22 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-29 21:24 - 2011-11-02 18:09 - 00000000 ____D C:\Windows\ShellNew
2013-05-29 21:24 - 2009-07-13 21:34 - 00000419 ____A C:\Windows\win.ini
2013-05-29 21:20 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
2013-05-28 23:44 - 2012-11-06 22:50 - 00000000 ____D C:\Users\Owner\Documents\Rental Weatherization
2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
2013-05-25 17:10 - 2013-05-25 17:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-13 18:38

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Logs look good, how is your system responding. What issues/concerns remain? Also run the following and post its log:

Download Security Check by screen317 from either of the following: 
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin...


----------



## sportsmom2x2 (Sep 3, 2007)

Results of screen317's Security Check version 0.99.67 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 10 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.75.0.1300 
Java 7 Update 25 
Adobe Reader XI 
Google Chrome 27.0.1453.110 
Google Chrome 27.0.1453.116 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## kevinf80 (Mar 21, 2006)

Security Check looks 100% correct, how is your system responding, are there any remaining issues or concerns....


----------



## sportsmom2x2 (Sep 3, 2007)

computer is still running very slow when I try to hook up to the internet. Other problem, when you respond I get an e-mail notfiication with a link--click on the link, takes me to the forum, but it won't load. Just get the little spinning icon and page remains frozen---I get to the forum page, but it never allows me to click on anything

Also I have about 94 process running when I open the task manager. This is much more that I usually have.

Before the problem the computer was significantly faster


By the way---I reallly really appreciate your help!! You have been awesome.


----------



## kevinf80 (Mar 21, 2006)

We continue the search, run the following....

Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
Change *Drivers* to *All*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin....


----------



## sportsmom2x2 (Sep 3, 2007)

tried to attach a capture of what the forum looks like but couldn't upload it.
The ribbon 
In Private in a blue box then the usually address http://forums.techguy.org/vi

Are there thing I should be deleting off my desk top? Also when I started I ran a program so a program like nero wouldn't load?


----------



## kevinf80 (Mar 21, 2006)

Can you run OTL as posted?


----------



## sportsmom2x2 (Sep 3, 2007)

I've run the scan but I can't post it I keep getting sorry message can't process it at this time


----------



## sportsmom2x2 (Sep 3, 2007)

attached is a print screen of what my internet screen looks like when I try to open a program


----------



## sportsmom2x2 (Sep 3, 2007)

I will try to attach it on a word doc


----------



## sportsmom2x2 (Sep 3, 2007)

will try again with one at a time


----------



## sportsmom2x2 (Sep 3, 2007)

attached


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.


Under the







box at the bottom, paste in the following, start with and include the colon plus OTL . *:OTL*


```
:OTL
SRV - [2013/06/19 22:37:39 | 000,735,512 | ---- | M] () [Auto | Running] -- C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe -- (AmmyyAdmin)
IE - HKU\S-1-5-21-54217543-3094785001-244447589-1000\..\SearchScopes\{431FCF70-772C-4336-9395-B9B87CB7CA85}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:[b]64bit:[/b] - Protocol\Handler\gcf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
[2013/06/19 22:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2013/06/16 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
[2013/06/15 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
[2013/06/11 22:10:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
[2013/06/22 02:53:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Akhuw
[2013/06/22 04:24:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Queqza
:Files
ipconfig /flushdns /c
C:\Users\Owner\Desktop\FRST64.exe
C:\Users\Owner\Desktop\FSS.exe
C:\Users\Owner\Desktop\iExplore64.exe
C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
C:\Users\Owner\Desktop\rkill
C:\FRST
C:\Users\Owner\Desktop\iExplore64.exe
C:\Users\Owner\Desktop\ServicesRepair.exe
:Commands
[emptytemp]
[ResetHosts
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

Go here http://support.microsoft.com/kb/923737 follow the instructions and reset Internet Explorer to Default settings..

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.


 Turn off the real time scanner of any existing antivirus program while performing the online scan
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish
*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found
*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish
*close program*
*copy and paste the report here*

Post the logs from OTL and ESET online scan. Also give update on current issues concerns....


----------



## sportsmom2x2 (Sep 3, 2007)

All processes killed
========== OTL ==========
Service AmmyyAdmin stopped successfully!
Service AmmyyAdmin deleted successfully!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-54217543-3094785001-244447589-1000\Software\Microsoft\Internet Explorer\SearchScopes\{431FCF70-772C-4336-9395-B9B87CB7CA85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{431FCF70-772C-4336-9395-B9B87CB7CA85}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gcf\ deleted successfully.
File Protocol\Handler\gcf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\ProgramData\AMMYY folder moved successfully.
C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05} folder moved successfully.
C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D} folder moved successfully.
C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1} folder moved successfully.
C:\Users\Owner\AppData\Roaming\Akhuw folder moved successfully.
C:\Users\Owner\AppData\Roaming\Queqza folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
C:\Users\Owner\Desktop\FRST64.exe moved successfully.
C:\Users\Owner\Desktop\FSS.exe moved successfully.
C:\Users\Owner\Desktop\iExplore64.exe moved successfully.
C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe moved successfully.
C:\Users\Owner\Desktop\rkill folder moved successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716\U folder moved successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716\L folder moved successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716\$862474f02b6b2c40b9f78eb69c755716 folder moved successfully.
C:\FRST\Quarantine\$862474f02b6b2c40b9f78eb69c755716 folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
File\Folder C:\Users\Owner\Desktop\iExplore64.exe not found.
C:\Users\Owner\Desktop\ServicesRepair.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 170037837 bytes
->Temporary Internet Files folder emptied: 370965630 bytes
->Java cache emptied: 219600 bytes
->Google Chrome cache emptied: 376883501 bytes
->Flash cache emptied: 734 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 478049814 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119224299 bytes
RecycleBin emptied: 2087552 bytes

Total Files Cleaned = 1,447.00 mb

Error: Unable to interpret <[ResetHosts> in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06232013_141821

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WZ5J4QQ3\1101659-trojan-microsoft-security-essentials-error-3[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V9IRPGPP\1176774255[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V9IRPGPP\data_sync[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TOA4VS2U\959943721[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JUGTU752\ba[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JUGTU752\PIE[1].htc not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IMFZP8UC\01[4].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CAPOP88Y\si[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CAPOP88Y\si[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AG1EWXHT\127121[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AG1EWXHT\360331[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AG1EWXHT\follow_button.1340179658[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AG1EWXHT\tweet_button.1340179658[1].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\FireFly(201306231248478EC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201306231248478EC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201306231248478EC).log moved successfully.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Have you reset IE and run ESET..


----------



## sportsmom2x2 (Sep 3, 2007)

I have reset IE and ran ESET but it has stopped at 99% I may have to restart it It has taken all afternoon


----------



## kevinf80 (Mar 21, 2006)

ESET is a very thorough scan and can take several hours depending on the size of your system, what is installed, data etc etc... It is very well worth completing. Before running the scan all security should be off and the system idle, no open windows etc...
How is the system responding at present, any obvious isssues/concerns..


----------



## sportsmom2x2 (Sep 3, 2007)

this is what they have so far attached


----------



## sportsmom2x2 (Sep 3, 2007)

try again


----------



## kevinf80 (Mar 21, 2006)

Nothing serious yet, just Adware....


----------



## sportsmom2x2 (Sep 3, 2007)

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z	Win32/Bundled.Toolbar.Ask.B application	
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll	Win32/Bundled.Toolbar.Ask.B application	
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z	Win32/Bundled.Toolbar.Ask.B application	deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll	Win32/Bundled.Toolbar.Ask.B application	cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab	Win32/OpenCandy application	deleted - quarantined
C:\_OTL\MovedFiles\06232013_141821\C_FRST\Quarantine\dmsil.dll	a variant of Win32/Medfos.RA trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06232013_141821\C_FRST\Quarantine\oplgb.dll	a variant of Win32/Medfos.QY trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06232013_141821\C_Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe	Win32/RemoteAdmin.Ammyy.A application	cleaned by deleting - quarantined
Operating memory	a variant of Win32/Boaxxe.G trojan


----------



## sportsmom2x2 (Sep 3, 2007)

attached screen print


----------



## sportsmom2x2 (Sep 3, 2007)

Attached


----------



## sportsmom2x2 (Sep 3, 2007)

still have 90 processes in task manager. Doesn't that seem excessive?


----------



## kevinf80 (Mar 21, 2006)

90 processes is not unusual, on my Windows 7 system I have 112, Windows 8 is only 55 but system is new not installed many apps yet. It really depends on size of system etc...

Run the following two final scans, after that hopefully we can complete and remove all tools used etc....

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php 
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks,

Kevin


----------



## sportsmom2x2 (Sep 3, 2007)

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 23:13:03
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\APN
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\Roaming\DriverCure

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1880 octets] - [24/06/2013 23:13:03]

########## EOF - C:\AdwCleaner[R1].txt - [1940 octets] ##########


----------



## sportsmom2x2 (Sep 3, 2007)

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 23:17:59
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2009 octets] - [24/06/2013 23:13:03]
AdwCleaner[R2].txt - [2069 octets] - [24/06/2013 23:16:31]
AdwCleaner[R3].txt - [2129 octets] - [24/06/2013 23:17:43]
AdwCleaner[S1].txt - [2104 octets] - [24/06/2013 23:17:59]

########## EOF - C:\AdwCleaner[S1].txt - [2164 octets] ##########


----------



## kevinf80 (Mar 21, 2006)

That error code in the thumbnail seems to indicate MSE is not running, is that correct? Select start > in the search box type in *services.msc* in the service window scroll to MSE, what is the status? should be running and startup type should be automatic.
If those settings are incorrect right click on the MSE line and select Properties, in the new window hit the drop down next to *Start up type* and select *Automatic* apply and ok that action. Reboot your PC, does MSE run ok now? if not run FRST again... I give full instruction if needed..

download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Kevin


----------



## sportsmom2x2 (Sep 3, 2007)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

6/24/2013 11:30:34 PM
mbam-log-2013-06-24 (23-30-34).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331952
Time elapsed: 51 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

Why do you run Malwarebytes? Is Microsoft Security Essentials OK, I can only go by the error code thumbnail you posted previously. Please tell me what issues/concerns you have..


----------



## kevinf80 (Mar 21, 2006)

Apologies I will be offline for maybe next 24 hours


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> That error code in the thumbnail seems to indicate MSE is not running, is that correct? Select start > in the search box type in *services.msc* in the service window scroll to MSE, what is the status? should be running and startup type should be automatic.
> If those settings are incorrect right click on the MSE line and select Properties, in the new window hit the drop down next to *Start up type* and select *Automatic* apply and ok that action. Reboot your PC, does MSE run ok now? if not run FRST again... I give full instruction if needed..
> 
> download Farbar Recovery Scan Tool and save it to your desktop.
> ...


I don't have MSE in the service see attached. This is just part of the list.
Plus I got a new error message when I tried to open your forum from the outlook message I received with the link


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Why do you run Malwarebytes? Is Microsoft Security Essentials OK, I can only go by the error code thumbnail you posted previously. Please tell me what issues/concerns you have..


You instructed me to use Malwarebytes?? 
90 processes is not unusual, on my Windows 7 system I have 112, Windows 8 is only 55 but system is new not installed many apps yet. It really depends on size of system etc...

Run the following two final scans, after that hopefully we can complete and remove all tools used etc....

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.
 Please close all open programs and internet browsers.
 Double click on Adwcleaner.exe to run the tool.
 Click on Delete.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php 
http://www.softpedia.com/get/Antivir...-Malware.shtml
http://www.majorgeeks.com/Malwarebyt...are_d5756.html

Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


----------



## kevinf80 (Mar 21, 2006)

Yes but your reply did not give Malwarebytes log after AdwCleaner log, you gave thumbnail with error code.... Unfortunately i'm still in hospital maybe a further 24 hours. I have no pc access only mob fone, no good for fixes...


----------



## Mark1956 (May 7, 2011)

I'm just jumping in here to take over from Kevin while he is in hospital with no PC. I see you did post both the ADWCleaner log and Malwarebytes which is clean.

The ADWCleaner log does show some adware, as a precaution please run it again using the Delete button and post the new log.

Have you been able to confirm if MSE is running, it will usually show a bright green icon in the lower right corner of the screen with a tick on it, if it isn't running it will show a bright red icon with a cross on it, tell me what you see.


----------



## sportsmom2x2 (Sep 3, 2007)

I can't get MSE to run. When I try to get it to run I get the error message problem with initialization. attachment above. 

Kevin sorry to hear you are in the hospital--take care and I hope you are doing ok.


----------



## sportsmom2x2 (Sep 3, 2007)

sportsmom2x2 said:


> I can't get MSE to run. When I try to get it to run I get the error message problem with initialization. attachment above.
> 
> Kevin sorry to hear you are in the hospital--take care and I hope you are doing ok.


# AdwCleaner v2.303 - Logfile created 06/26/2013 at 21:53:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2009 octets] - [24/06/2013 23:13:03]
AdwCleaner[R2].txt - [2069 octets] - [24/06/2013 23:16:31]
AdwCleaner[R3].txt - [2129 octets] - [24/06/2013 23:17:43]
AdwCleaner[R4].txt - [1024 octets] - [26/06/2013 21:49:40]
AdwCleaner[R5].txt - [897 octets] - [26/06/2013 21:53:32]
AdwCleaner[S1].txt - [2233 octets] - [24/06/2013 23:17:59]
AdwCleaner[S2].txt - [1085 octets] - [26/06/2013 21:50:00]

########## EOF - C:\AdwCleaner[R5].txt - [1076 octets] ##########


----------



## sportsmom2x2 (Sep 3, 2007)

Issues: unable to open links from e-mail resolved by this last action

MSE still get error message when I try to open it.


----------



## Mark1956 (May 7, 2011)

I think MSE might be damaged.

FYI. MSE shows as Microsoft Anti Malware in the list of services which you posted a screenshot of in post 51, it shows it as running.

Lets try reinstalling it. Go here: Microsoft Security Essentials download it to your desktop. Disconnect from the internet and then go into Programs and Features via the Control Panel and uninstall MSE. Then double click on the MSE download and it will reinstall, reconnect to the internet, open MSE and let it update and run a *Full* system scan with it and delete anything it finds.

Let me know if it finds anything and if the reinstall fixes the problem.


----------



## sportsmom2x2 (Sep 3, 2007)

When I tried to unintall MSE I get the error message that Microsoft Securityclient installation wizzard can't find files that are necessary to install. When I try to reinstall I get the message that it is installed, delete and I get error message 0x4FF02. I don't know how to uninstall MSE??


----------



## kevinf80 (Mar 21, 2006)

Go here http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/ download and run the Microsoft Security Essentials removal tool, does that remove it?


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Go here http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/ download and run the Microsoft Security Essentials removal tool, does that remove it?


Followed your instructions but now I got a different error message when I tried to down load it 
Error code 0x80070643 An error has prevented Sercurity Essentials setup wizzard from completing successfully. Restart computer and try again. I did this but still got the same error message. Could the other programs I installed to get rid of the virus be stopping it from installing?

I have AdwCleaner, FRST64, Malware, OTL All the programs that helped get rid of the virus that you had me install.

thanks


----------



## kevinf80 (Mar 21, 2006)

Click Start, type *Run* in the Search box and then press Enter, type *msiexec /unregister* in the Open box, and then click OK. (note the space between *msiexec* and */unregister*

Next,

Click Start, type *Run* in the Search box and then press Enter, type *msiexec /regserver* in the Open box, and then click OK. (note the space between *msiexec* and */regserver*

Restart your computer. Will MSE install now? if not continue:

Next,

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste *sfc /scannow* > then tap enter.When finished type *exit* Tap enter, re-boot your PC.

***Note the space between *sfc* and */scannow*.

To get report, again at an elevated command promt type or copy and paste:

*findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*

Does MSE install now?


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Click Start, type *Run* in the Search box and then press Enter, type *msiexec /unregister* in the Open box, and then click OK. (note the space between *msiexec* and */unregister*
> 
> Next,
> 
> ...


no still got error message


----------



## kevinf80 (Mar 21, 2006)

download Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"










From the main GUI do the following:

Select *Tab 2* and allow it to run *Disk check*










Select *Tab 3* and allow it to run *SFC*










Select *Tab 4* and Create *System Restore Point*










Select *Repairs tab* => Click the *Start*










The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...










DON'T use the computer while each scan is in progress.

Post the log that will be saved in this folder *C:\Tweaking.com_windows_Repair_Logs* named *_Windows_Repair_Log*

Will MSE install now?


----------



## sportsmom2x2 (Sep 3, 2007)

Running Repair Under System Account
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (6/30/2013 10:29:03 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (6/30/2013 10:29:03 PM)
Running Repair Under Current User Account
Done (6/30/2013 10:29:08 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (6/30/2013 10:29:08 PM)
Running Repair Under System Account
Done (6/30/2013 10:30:57 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (6/30/2013 10:30:57 PM)
Running Repair Under System Account
Done (6/30/2013 10:31:44 PM)

Reset File Permissions 01/17
C:\BOOK & Sub Folders
Start (6/30/2013 10:31:44 PM)
Running Repair Under System Account
Done (6/30/2013 10:31:53 PM)

Reset File Permissions 02/17
C:\Dolby PCEE4 & Sub Folders
Start (6/30/2013 10:31:53 PM)
Running Repair Under System Account
Done (6/30/2013 10:31:56 PM)

Reset File Permissions 03/17
C:\Download & Sub Folders
Start (6/30/2013 10:31:56 PM)
Running Repair Under System Account
Done (6/30/2013 10:31:58 PM)

Reset File Permissions 04/17
C:\Drivers & Sub Folders
Start (6/30/2013 10:31:58 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:05 PM)

Reset File Permissions 05/17
C:\elements & Sub Folders
Start (6/30/2013 10:32:05 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:08 PM)

Reset File Permissions 06/17
C:\FRST & Sub Folders
Start (6/30/2013 10:32:08 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:10 PM)

Reset File Permissions 07/17
C:\MSOCache & Sub Folders
Start (6/30/2013 10:32:10 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:13 PM)

Reset File Permissions 08/17
C:\OEM & Sub Folders
Start (6/30/2013 10:32:13 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:28 PM)

Reset File Permissions 09/17
C:\PerfLogs & Sub Folders
Start (6/30/2013 10:32:28 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:30 PM)

Reset File Permissions 10/17
C:\Pictures to move & Sub Folders
Start (6/30/2013 10:32:30 PM)
Running Repair Under System Account
Done (6/30/2013 10:32:33 PM)

Reset File Permissions 11/17
C:\Program Files & Sub Folders
Start (6/30/2013 10:32:33 PM)
Running Repair Under System Account
Done (6/30/2013 10:33:03 PM)

Reset File Permissions 12/17
C:\Program Files (x86) & Sub Folders
Start (6/30/2013 10:33:03 PM)
Running Repair Under System Account
Done (6/30/2013 10:34:44 PM)

Reset File Permissions 13/17
C:\ProgramData & Sub Folders
Start (6/30/2013 10:34:44 PM)
Running Repair Under System Account
Done (6/30/2013 10:34:59 PM)

Reset File Permissions 14/17
C:\Programme & Sub Folders
Start (6/30/2013 10:34:59 PM)
Running Repair Under System Account
Done (6/30/2013 10:35:01 PM)

Reset File Permissions 15/17
C:\Recovery & Sub Folders
Start (6/30/2013 10:35:01 PM)
Running Repair Under System Account
Done (6/30/2013 10:35:04 PM)

Reset File Permissions 16/17
C:\Windows & Sub Folders
Start (6/30/2013 10:35:04 PM)
Running Repair Under System Account
Done (6/30/2013 10:39:46 PM)

Reset File Permissions 17/17
C:\_OTL & Sub Folders
Start (6/30/2013 10:39:46 PM)
Running Repair Under System Account
Done (6/30/2013 10:39:48 PM)

Reset File Permissions: Cleanup
& Sub Folders
Start (6/30/2013 10:39:48 PM)
Running Repair Under System Account
Done (6/30/2013 10:39:53 PM)

Register System Files
Start (6/30/2013 10:39:53 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:40:20 PM)

Repair WMI
Start (6/30/2013 10:40:20 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (6/30/2013 10:42:25 PM)

Repair Windows Firewall
Start (6/30/2013 10:42:25 PM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (6/30/2013 10:42:56 PM)

Repair Internet Explorer
Start (6/30/2013 10:42:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:43:25 PM)

Repair MDAC/MS Jet
Start (6/30/2013 10:43:25 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:43:40 PM)

Repair Hosts File
Start (6/30/2013 10:43:40 PM)
Running Repair Under System Account
Done (6/30/2013 10:43:43 PM)

Remove Policies Set By Infections
Start (6/30/2013 10:43:43 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:43:47 PM)

Repair Missing Start Menu Icons Removed By Infections
Start (6/30/2013 10:43:47 PM)
Running Repair Under System Account
Done (6/30/2013 10:43:50 PM)

Repair Icons
Start (6/30/2013 10:43:50 PM)
Running Repair Under System Account
Could Not Find C:\Users\Owner\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Owner\AppData\Local\IconCache.db
Done (6/30/2013 10:43:52 PM)

Repair Winsock & DNS Cache
Start (6/30/2013 10:43:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:44:07 PM)

Remove Temp Files
Start (6/30/2013 10:44:07 PM)
Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\aipflib.log - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\LManager.log - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\LMworker.log - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\MMDUtl.log - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\~DF21A9AB6D6773AEE6.TMP - Access is denied.
C:\Users\Owner\AppData\Local\Temp\~DF8681E7CAC75C1BD9.TMP - Access is denied.
C:\Users\Owner\AppData\Local\Temp\~DFC90EEF2C27DE080E.TMP - Access is denied.
C:\Users\Owner\AppData\Local\Temp\~DFE2070A6CB21ADF1E.TMP - The process cannot access the file because it is being used by another process.
C:\Users\Owner\AppData\Local\Temp\~DFE3A60EF81CB1BF2C.TMP - Access is denied.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\Windows\Temp\dsiwmis.log - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\FireFly(20130630122934834).log - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\integratedoffice.exe_c2ruidll(20130630122934834).log - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\integratedoffice.exe_streamserver(20130630122936834).log - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\LMutilps.log - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\ood_stream.x86.en-us.dat - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\ood_stream.x86.x-none.dat - The process cannot access the file because it is being used by another process.
C:\Windows\Temp\TMP00002C7019D0E5333ED4DC47 - The process cannot access the file because it is being used by another process.
Done (6/30/2013 10:44:10 PM)

Repair Proxy Settings
Start (6/30/2013 10:44:10 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:44:14 PM)

Unhide Non System Files
Start (6/30/2013 10:44:14 PM)
C:\ - Total Files Unhidden: 344
Q:\ - Total Files Unhidden: 0
Done (6/30/2013 10:45:04 PM)

Repair Windows Updates
Start (6/30/2013 10:45:04 PM)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (6/30/2013 10:45:19 PM)

Repair CD/DVD Missing/Not Working
Start (6/30/2013 10:45:19 PM)
Done (6/30/2013 10:45:19 PM)

Repair Volume Shadow Copy Service
Start (6/30/2013 10:45:19 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (6/30/2013 10:45:24 PM)

Repair Windows Sidebar/Gadgets
Start (6/30/2013 10:45:24 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:29 PM)

Repair MSI (Windows Installer)
Start (6/30/2013 10:45:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:38 PM)

Repair Windows Snipping Tool
Start (6/30/2013 10:45:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:42 PM)

Repair bat Association
Start (6/30/2013 10:45:43 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:47 PM)

Repair cmd Association
Start (6/30/2013 10:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:52 PM)

Repair com Association
Start (6/30/2013 10:45:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:45:57 PM)

Repair Directory Association
Start (6/30/2013 10:45:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:02 PM)

Repair Drive Association
Start (6/30/2013 10:46:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:07 PM)

Repair exe Association
Start (6/30/2013 10:46:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:11 PM)

Repair Folder Association
Start (6/30/2013 10:46:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:16 PM)

Repair inf Association
Start (6/30/2013 10:46:16 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:21 PM)

Repair lnk (Shortcuts) Association
Start (6/30/2013 10:46:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:26 PM)

Repair msc Association
Start (6/30/2013 10:46:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:31 PM)

Repair reg Association
Start (6/30/2013 10:46:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:35 PM)

Repair scr Association
Start (6/30/2013 10:46:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:40 PM)

Repair Windows Safe Mode
Start (6/30/2013 10:46:40 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:45 PM)

Repair Print Spooler
Start (6/30/2013 10:46:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:46:58 PM)

Restore Important Windows Services
Start (6/30/2013 10:46:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:47:03 PM)

Set Windows Services To Default Startup
Start (6/30/2013 10:47:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 10:47:12 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (6/30/2013 10:47:12 PM)
Total Repair Time: 00:18:09


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Starting Repairs...
Start (6/30/2013 11:19:40 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (6/30/2013 11:19:40 PM)
Running Repair Under Current User Account
Done (6/30/2013 11:19:46 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (6/30/2013 11:19:46 PM)
Running Repair Under System Account
Done (6/30/2013 11:21:24 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (6/30/2013 11:21:24 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:06 PM)

Reset File Permissions 01/17
C:\BOOK & Sub Folders
Start (6/30/2013 11:22:06 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:09 PM)

Reset File Permissions 02/17
C:\Dolby PCEE4 & Sub Folders
Start (6/30/2013 11:22:09 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:11 PM)

Reset File Permissions 03/17
C:\Download & Sub Folders
Start (6/30/2013 11:22:11 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:14 PM)

Reset File Permissions 04/17
C:\Drivers & Sub Folders
Start (6/30/2013 11:22:14 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:20 PM)

Reset File Permissions 05/17
C:\elements & Sub Folders
Start (6/30/2013 11:22:20 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:23 PM)

Reset File Permissions 06/17
C:\FRST & Sub Folders
Start (6/30/2013 11:22:23 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:25 PM)

Reset File Permissions 07/17
C:\MSOCache & Sub Folders
Start (6/30/2013 11:22:26 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:28 PM)

Reset File Permissions 08/17
C:\OEM & Sub Folders
Start (6/30/2013 11:22:28 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:43 PM)

Reset File Permissions 09/17
C:\PerfLogs & Sub Folders
Start (6/30/2013 11:22:43 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:46 PM)

Reset File Permissions 10/17
C:\Pictures to move & Sub Folders
Start (6/30/2013 11:22:46 PM)
Running Repair Under System Account
Done (6/30/2013 11:22:48 PM)

Reset File Permissions 11/17
C:\Program Files & Sub Folders
Start (6/30/2013 11:22:48 PM)
Running Repair Under System Account
Done (6/30/2013 11:23:28 PM)

Reset File Permissions 12/17
C:\Program Files (x86) & Sub Folders
Start (6/30/2013 11:23:28 PM)
Running Repair Under System Account
Done (6/30/2013 11:25:34 PM)

Reset File Permissions 13/17
C:\ProgramData & Sub Folders
Start (6/30/2013 11:25:34 PM)
Running Repair Under System Account
Done (6/30/2013 11:25:51 PM)

Reset File Permissions 14/17
C:\Programme & Sub Folders
Start (6/30/2013 11:25:51 PM)
Running Repair Under System Account
Done (6/30/2013 11:25:54 PM)

Reset File Permissions 15/17
C:\Recovery & Sub Folders
Start (6/30/2013 11:25:54 PM)
Running Repair Under System Account
Done (6/30/2013 11:25:56 PM)

Reset File Permissions 16/17
C:\Windows & Sub Folders
Start (6/30/2013 11:25:56 PM)
Running Repair Under System Account
Done (6/30/2013 11:31:40 PM)

Reset File Permissions 17/17
C:\_OTL & Sub Folders
Start (6/30/2013 11:31:40 PM)
Running Repair Under System Account
Done (6/30/2013 11:31:42 PM)

Reset File Permissions: Cleanup
& Sub Folders
Start (6/30/2013 11:31:42 PM)
Running Repair Under System Account
Done (6/30/2013 11:31:47 PM)

Register System Files
Start (6/30/2013 11:31:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:32:12 PM)

Repair WMI
Start (6/30/2013 11:32:12 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (6/30/2013 11:34:07 PM)

Repair Windows Firewall
Start (6/30/2013 11:34:07 PM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (6/30/2013 11:34:39 PM)

Repair Internet Explorer
Start (6/30/2013 11:34:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:35:02 PM)

Repair MDAC/MS Jet
Start (6/30/2013 11:35:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:35:18 PM)

Repair Hosts File
Start (6/30/2013 11:35:18 PM)
Running Repair Under System Account
Done (6/30/2013 11:35:20 PM)

Remove Policies Set By Infections
Start (6/30/2013 11:35:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:35:25 PM)

Repair Icons
Start (6/30/2013 11:35:25 PM)
Running Repair Under System Account
Could Not Find C:\Users\Owner\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Owner\AppData\Local\IconCache.db
Done (6/30/2013 11:35:27 PM)

Repair Winsock & DNS Cache
Start (6/30/2013 11:35:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:35:43 PM)

Repair Proxy Settings
Start (6/30/2013 11:35:43 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:35:47 PM)

Repair Windows Updates
Start (6/30/2013 11:35:47 PM)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (6/30/2013 11:36:05 PM)

Repair CD/DVD Missing/Not Working
Start (6/30/2013 11:36:05 PM)
Done (6/30/2013 11:36:05 PM)

Repair Volume Shadow Copy Service
Start (6/30/2013 11:36:05 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (6/30/2013 11:36:09 PM)

Repair MSI (Windows Installer)
Start (6/30/2013 11:36:10 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:18 PM)

Repair bat Association
Start (6/30/2013 11:36:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:23 PM)

Repair cmd Association
Start (6/30/2013 11:36:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:28 PM)

Repair com Association
Start (6/30/2013 11:36:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:33 PM)

Repair Directory Association
Start (6/30/2013 11:36:33 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:37 PM)

Repair Drive Association
Start (6/30/2013 11:36:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:42 PM)

Repair exe Association
Start (6/30/2013 11:36:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:47 PM)

Repair Folder Association
Start (6/30/2013 11:36:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:52 PM)

Repair inf Association
Start (6/30/2013 11:36:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:36:56 PM)

Repair lnk (Shortcuts) Association
Start (6/30/2013 11:36:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:01 PM)

Repair msc Association
Start (6/30/2013 11:37:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:06 PM)

Repair reg Association
Start (6/30/2013 11:37:06 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:11 PM)

Repair scr Association
Start (6/30/2013 11:37:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:15 PM)

Repair Windows Safe Mode
Start (6/30/2013 11:37:15 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:20 PM)

Repair Print Spooler
Start (6/30/2013 11:37:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:33 PM)

Restore Important Windows Services
Start (6/30/2013 11:37:33 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:38 PM)

Set Windows Services To Default Startup
Start (6/30/2013 11:37:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/30/2013 11:37:45 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (6/30/2013 11:37:45 PM)
Total Repair Time: 00:18:05


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account


----------



## sportsmom2x2 (Sep 3, 2007)

still can not start MSE.....Could any of the extra scans, maleware, etc that I installed to fix the original issue be causing it not to install?


----------



## kevinf80 (Mar 21, 2006)

The scanners we`ve used should have no impact on MSE installation, but can be removed...

Delete the following:

*C:\Users\Owner\Desktop\FRST64.exe
C:\Users\Owner\Downloads\FRST64.exe
C:\Users\Owner\Desktop\FSS.txt
C:\Users\Owner\Desktop\FSS.exe
C:\Users\Owner\Desktop\Rkill2.txt
C:\Users\Owner\Desktop\iExplore64.exe
C:\Users\Owner\Downloads\iExplore.exe
C:\Users\Owner\Desktop\ServicesRepair.exe
C:\Users\Owner\Desktop\Rkill.txt
C:\Users\Owner\Desktop\rkill
C:\Users\Owner\Downloads\fixlist.txt
C:\FRST
C:\Users\Owner\Downloads\FRST.exe*

Next,


 Please close all open programs and internet browsers.
 Double click on adwcleaner.exe to run the tool.
 Click on *Uninstall*
 Click *Yes* at *Would you like to Uninstall Adwcleaner*

Next,


Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
Double click







icon to start the program. 
If you are using Vista or Windows 7 accept UAC
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

Next,

Download and save MSE installer to your Desktop. Go to the following link http://support.microsoft.com/kb/929135 Expand the section for Windows 7 and follow the instructions to perform a *"Clean Boot"*

Run MSE installer from a clean boot state....


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> The scanners we`ve used should have no impact on MSE installation, but can be removed...
> 
> Delete the following:
> 
> ...


It still won't load


----------



## sportsmom2x2 (Sep 3, 2007)

continue to have error code 0x80070643


----------



## kevinf80 (Mar 21, 2006)

Go here http://support.microsoft.com/kb/976982 Scroll down to *Resolution* expand *Method 1* and *Method 2* and run the "Fixit" tools, re-boot and see if MSE will install


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Go here http://support.microsoft.com/kb/976982 Scroll down to *Resolution* expand *Method 1* and *Method 2* and run the "Fixit" tools, re-boot and see if MSE will install


Still will not install....
I am getting a lot of pop ups because I don't have a virus protection.
When I open the internet explore I sometimes get the private browsing blue box and when I do, my computer seems to freeze


----------



## kevinf80 (Mar 21, 2006)

See if the free version of Avast will install http://www.avast.com/en-gb/index


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> See if the free version of Avast will install http://www.avast.com/en-gb/index


I installed Avg because I was afraid of getting another virus. I did this after our last attempt to install MSE. Is Avast better than AVG. I ran a complete scan with AVG, but it still seems to run slow. I will uninstall A VG if Avast is a better choice


----------



## kevinf80 (Mar 21, 2006)

I personally use Microsoft Security Essentials, it is down to personal choice whether you prefer AVG or Avast. I`m conerned that MSE will not install yet you`ve installed AVG ok. Maybe there are remnants still present from old version of MSE on your system.

We know for sure your system was infected with ZeroAccess, the latest version does play havoc with Microsoft Security Essentials and/or Windows Defender, as far as i`m aware those issues were cleared, junctions removed and services repaired. However, since that was done MSE will not reinstall.

Run the following to see if we have missed anything:

download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.


 Double-click on the Rkill desktop icon to run the tool.
 If using Vista or Windows 7, right-click on it and Run As Administrator.
 A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
 A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
 If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
 If the tool does not run from any of the links provided, please let me know.

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Next,

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Let me see those new logs...


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> I personally use Microsoft Security Essentials, it is down to personal choice whether you prefer AVG or Avast. I`m conerned that MSE will not install yet you`ve installed AVG ok. Maybe there are remnants still present from old version of MSE on your system.
> 
> We know for sure your system was infected with ZeroAccess, the latest version does play havoc with Microsoft Security Essentials and/or Windows Defender, as far as i`m aware those issues were cleared, junctions removed and services repaired. However, since that was done MSE will not reinstall.
> 
> ...


Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/04/2013 08:02:24 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/04/2013 08:04:03 PM
Execution time: 0 hours(s), 1 minute(s), and 38 seconds(s)


----------



## sportsmom2x2 (Sep 3, 2007)

Sorry the first time I ran Rkill I didn't run it as an administrator. This second scan I did run it as an administrator
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/04/2013 08:05:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/04/2013 08:05:50 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)


----------



## sportsmom2x2 (Sep 3, 2007)

Farbar Service Scanner Version: 27-06-2013
Ran by Owner (administrator) on 04-07-2013 at 20:09:17
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## sportsmom2x2 (Sep 3, 2007)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Owner at 2013-07-04 20:13:40
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer ScreenSaver (x32 Version: 1.1.0902.2011)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Media Foundation Decoders (Version: 1.0.61012.1205)
AMD Steady Video Plug-In (Version: 2.02.0000)
AMD VISION Engine Control Center (x32 Version: 2011.1012.1156.19535)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG SafeGuard toolbar (x32 Version: 15.3.0.11)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.6.1.3)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1012.1156.19535)
Catalyst Control Center InstallProxy (x32 Version: 2011.1012.1156.19535)
Catalyst Control Center Localization All (x32 Version: 2011.1012.1156.19535)
CCC Help Chinese Standard (x32 Version: 2011.1012.1155.19535)
CCC Help Chinese Traditional (x32 Version: 2011.1012.1155.19535)
CCC Help Czech (x32 Version: 2011.1012.1155.19535)
CCC Help Danish (x32 Version: 2011.1012.1155.19535)
CCC Help Dutch (x32 Version: 2011.1012.1155.19535)
CCC Help English (x32 Version: 2011.1012.1155.19535)
CCC Help Finnish (x32 Version: 2011.1012.1155.19535)
CCC Help French (x32 Version: 2011.1012.1155.19535)
CCC Help German (x32 Version: 2011.1012.1155.19535)
CCC Help Greek (x32 Version: 2011.1012.1155.19535)
CCC Help Hungarian (x32 Version: 2011.1012.1155.19535)
CCC Help Italian (x32 Version: 2011.1012.1155.19535)
CCC Help Japanese (x32 Version: 2011.1012.1155.19535)
CCC Help Korean (x32 Version: 2011.1012.1155.19535)
CCC Help Norwegian (x32 Version: 2011.1012.1155.19535)
CCC Help Polish (x32 Version: 2011.1012.1155.19535)
CCC Help Portuguese (x32 Version: 2011.1012.1155.19535)
CCC Help Russian (x32 Version: 2011.1012.1155.19535)
CCC Help Spanish (x32 Version: 2011.1012.1155.19535)
CCC Help Swedish (x32 Version: 2011.1012.1155.19535)
CCC Help Thai (x32 Version: 2011.1012.1155.19535)
CCC Help Turkish (x32 Version: 2011.1012.1155.19535)
ccc-utility64 (Version: 2011.1012.1156.19535)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2228.00)
clear.fi (x32 Version: 9.0.8228)
clear.fi Client (x32 Version: 1.00.3500)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESET Online Scanner v3 (x32)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.97)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4505.1510)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
Nero 7 Essentials (x32 Version: 7.02.5521)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1510)
OverDrive Media Console (x32 Version: 3.2.20)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
PowerDVD (x32 Version: 7.0.2414.0)
QuickTime (x32 Version: 7.74.80.86)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6487)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Skype 5.10 (x32 Version: 5.10.116)
Torchlight (x32 Version: 2.2.0.97)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Welcome Center (x32 Version: 1.02.3505)
WildTangent Games App (x32 Version: 4.0.10.5)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.97)

==================== Restore Points =========================

23-06-2013 19:22:08 OTL Restore Point - 6/23/2013 2:22:04 PM
23-06-2013 19:42:47 Installed Microsoft Fix it 50195
26-06-2013 03:49:55 Windows Update
29-06-2013 08:06:25 Installed Microsoft Fix it 50535
29-06-2013 08:08:56 Windows Update
01-07-2013 04:15:44 Tweaking.com - Windows Repair
01-07-2013 04:16:40 Tweaking.com - Windows Repair
02-07-2013 03:53:41 Installed AVG 2013
02-07-2013 03:54:15 Installed AVG 2013
02-07-2013 04:07:14 Installed AVG PC TuneUp
02-07-2013 04:26:13 Removed AVG PC TuneUp
02-07-2013 04:26:43 Removed AVG PC TuneUp Language Pack (en-US)
02-07-2013 04:27:57 Windows Update
03-07-2013 00:07:58 Removed AVG 2013
03-07-2013 00:10:17 Removed AVG 2013
03-07-2013 00:16:53 Windows Update
03-07-2013 01:13:53 Installed AVG 2013
03-07-2013 01:14:30 Installed AVG 2013
03-07-2013 04:26:56 Windows Update
04-07-2013 06:19:13 Windows Update
05-07-2013 00:46:01 Removed AVG 2013
05-07-2013 00:48:38 Removed AVG 2013

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-06-30 23:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1F0CD60A-7313-4A73-B17E-5A60F060A3A1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: {1FEAD1B2-4998-471C-8911-B30DDDC5532B} - System32\Tasks\{EB97F87D-DC62-42F1-8F0E-5435BF48950D} => C:\Program Files\Microsoft Security Client\msseces.exe No File
Task: {400CC6E5-1FEC-4339-BF78-FFEA78E0C0EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {489EC641-CAAA-4BDE-8679-2401BC36C1A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {4D711DBA-9B62-4ACA-AD66-D711781B78DC} - System32\Tasks\{E8EDAA9E-F179-4C0E-A4AD-8FE38E8EB1D4} => C:\Program Files\Microsoft Security Client\msseces.exe No File
Task: {530A693A-194F-4C19-8198-5C0D137A72A6} - System32\Tasks\{1B9F417A-94CD-4BE5-BA3B-46BACEB46BEE} => C:\Program Files\Microsoft Security Client\msseces.exe No File
Task: {7D247BFE-A606-4F87-A55C-FCF54D5B390D} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
Task: {7E74668C-BF14-484D-908B-10C8FF1A1E27} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {82444071-F45D-4201-AF58-E6E830E6A75D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {82E8E264-0757-4F11-8157-28E6930782B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {8DABA620-310A-4140-B790-6AF34FB90A42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {9B67013F-DF16-4AFF-AF3F-D39ED3F9B5B3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A14A02A9-CFDC-4827-8861-7DE5F2A432F8} - System32\Tasks\{26B761E7-7D10-45AE-A998-241DDB662F73} => C:\Program Files\Microsoft Security Client\msseces.exe No File
Task: {AC0129DC-290C-4FCF-B97B-68702DEDAEB6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {B0237EA9-1314-4F32-98DE-36C7C5579FC4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-06-13] (Microsoft Corporation)
Task: {B5C131ED-C265-4795-85EF-5ED2FD4CF880} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D0189733-7FC6-4B4D-BE1A-519FBF6D5984} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {D8CBA0EB-7F9A-4BE7-A8A5-8C7AF61A2189} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
Task: {E32E059E-3D0D-45A5-9651-6C2B170F1151} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)
Task: {E485276E-FD5D-4FA4-83C0-870BAAE6E83D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 10:35:05 PM) (Source: Microsoft Security Client Setup) (User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 10:17:28 PM) (Source: Microsoft Security Client Setup) (User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 08:38:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4505.1510, time stamp: 0x51aa0d55
Faulting module name: avgoutlookx.dll, version: 13.0.0.2780, time stamp: 0x508527b1
Exception code: 0xc0000005
Fault offset: 0x00033d4b
Faulting process id: 0xcbc
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (07/02/2013 08:38:55 PM) (Source: Outlook) (User: )
Description: Add-in execution error. Outlook crashed during the 'GetCustomUI' callback of the 'IRibbonExtensibility' interface while calling into the 'AVG Addin for MS Outlook' add-in.

Error: (07/02/2013 08:37:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4505.1510, time stamp: 0x51aa0d55
Faulting module name: avgoutlookx.dll, version: 13.0.0.2780, time stamp: 0x508527b1
Exception code: 0xc0000005
Fault offset: 0x00033d4b
Faulting process id: 0x1b04
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (07/02/2013 08:37:33 PM) (Source: Outlook) (User: )
Description: Add-in execution error. Outlook crashed during the 'GetCustomUI' callback of the 'IRibbonExtensibility' interface while calling into the 'AVG Addin for MS Outlook' add-in.

Error: (07/02/2013 08:09:51 PM) (Source: Microsoft Security Client Setup) (User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 08:06:47 PM) (Source: Microsoft Security Client Setup) (User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 07:49:10 PM) (Source: Microsoft Security Client Setup) (User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 07:40:05 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16618 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1488

Start Time: 01ce7785d64b7914

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 18924d1c-e379-11e2-8198-206a8a7f234d

System errors:
=============
Error: (07/04/2013 07:56:37 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (07/04/2013 07:56:37 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (07/04/2013 07:56:37 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (07/04/2013 07:56:13 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2

Error: (07/04/2013 07:45:06 PM) (Source: DCOM) (User: )
Description: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Error: (07/04/2013 07:44:21 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (07/04/2013 07:43:39 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (07/04/2013 07:43:35 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (07/04/2013 07:43:35 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (07/04/2013 07:43:35 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (07/02/2013 10:35:05 PM) (Source: Microsoft Security Client Setup)(User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 10:17:28 PM) (Source: Microsoft Security Client Setup)(User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 08:38:55 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4505.151051aa0d55avgoutlookx.dll13.0.0.2780508527b1c000000500033d4bcbc01ce778df843df9dC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files (x86)\AVG\AVG2013\avgoutlookx.dll527a4b01-e381-11e2-bdd7-206a8a7f234d

Error: (07/02/2013 08:38:55 PM) (Source: Outlook)(User: )
Description: GetCustomUIIRibbonExtensibilityAVG Addin for MS Outlook

Error: (07/02/2013 08:37:35 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4505.151051aa0d55avgoutlookx.dll13.0.0.2780508527b1c000000500033d4b1b0401ce778dd7d361c9C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files (x86)\AVG\AVG2013\avgoutlookx.dll224aaede-e381-11e2-bdd7-206a8a7f234d

Error: (07/02/2013 08:37:33 PM) (Source: Outlook)(User: )
Description: GetCustomUIIRibbonExtensibilityAVG Addin for MS Outlook

Error: (07/02/2013 08:09:51 PM) (Source: Microsoft Security Client Setup)(User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 08:06:47 PM) (Source: Microsoft Security Client Setup)(User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 07:49:10 PM) (Source: Microsoft Security Client Setup)(User: Owner-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/02/2013 07:40:05 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16618148801ce7785d64b79140C:\Program Files\Internet Explorer\iexplore.exe18924d1c-e379-11e2-8198-206a8a7f234d

CodeIntegrity Errors:
===================================
Date: 2013-06-23 01:05:16.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 01:05:16.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 01:05:06.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 01:05:06.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:44:56.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:44:56.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:36:42.546
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 22:36:42.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 5606.11 MB
Available physical RAM: 3730.39 MB
Total Pagefile: 11210.4 MB
Available Pagefile: 8891.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:449.55 GB) (Free:393.35 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 690B93AE)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## sportsmom2x2 (Sep 3, 2007)

Farbar Service Scanner Version: 27-06-2013
Ran by Owner (administrator) on 04-07-2013 at 20:09:17
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## sportsmom2x2 (Sep 3, 2007)

These scans are confusing to me I hope I got all that you needed


----------



## sportsmom2x2 (Sep 3, 2007)

sportsmom2x2 said:


> These scans are confusing to me I hope I got all that you needed


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Owner (administrator) on 04-07-2013 20:19:52
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13320808 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKCU\...\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll [23040 2013-06-19] () <===== ATTENTION
HKCU\...\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [x]
MountPoints2: {a8079e0f-859c-11e2-802b-206a8a7f234d} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [2236080 2013-07-02] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-06-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM-x32 SearchScopes: DefaultScope {E74A4401-569F-4126-A593-B2E60E0DE337} URL = 
HKCU SearchScopes: DefaultScope {E74A4401-569F-4126-A593-B2E60E0DE337} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN32048958541363215&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7564B528-7A19-4677-9FEE-21D445A715A4}&mid=82f0223ad4d947d3a6d8f123cc9bcabe-50bc6e1d72aae87dad2f923a4c1fb8b01f79cd13&lang=en&ds=AVG&pr=pr&d=2013-07-02 20:15:45&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {E74A4401-569F-4126-A593-B2E60E0DE337} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN32048958541363215&UM=2
BHO-x32: No Name - {878B8524-AED5-4870-9A96-A515440DAC75} - No File
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-01] (AVG Secure Search)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-01] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-04 20:13 - 2013-07-04 20:13 - 00025579 ____A C:\Users\Owner\Desktop\Addition.txt
2013-07-04 20:12 - 2013-07-04 20:12 - 00000000 ____D C:\FRST
2013-07-04 20:11 - 2013-07-04 20:11 - 01934636 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-07-04 20:09 - 2013-07-04 20:16 - 00001982 ____A C:\Users\Owner\Desktop\FSS.txt
2013-07-04 20:08 - 2013-07-04 20:08 - 00356397 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-07-04 20:02 - 2013-07-04 20:05 - 00002120 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-07-04 20:02 - 2013-07-04 20:02 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2013-07-02 22:47 - 2013-07-02 22:47 - 00000124 ____A C:\Users\Owner\Desktop\Facebook.url
2013-07-02 22:45 - 2013-07-02 22:45 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer.lnk
2013-07-02 22:40 - 2011-04-05 22:26 - 00252712 ____A (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2013-07-02 20:15 - 2013-07-02 20:15 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\Documents\My Weblog Posts
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Windows Live Writer
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live Writer
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{212BE87D-C310-4669-BEF2-9146A96491DA}
2013-07-01 23:32 - 2013-07-01 23:32 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-01 23:32 - 2013-07-01 23:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-01 23:32 - 2013-07-01 23:32 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-01 23:32 - 2013-07-01 23:32 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-01 23:32 - 2013-07-01 23:32 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-01 23:32 - 2013-07-01 23:32 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-01 23:32 - 2013-07-01 23:32 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-01 23:32 - 2013-07-01 23:32 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-01 23:32 - 2013-07-01 23:32 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-01 23:32 - 2013-07-01 23:32 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-01 23:32 - 2013-07-01 23:32 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-01 23:30 - 2013-07-01 23:30 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-01 23:28 - 2013-07-01 23:34 - 00008378 ____A C:\Windows\IE10_main.log
2013-07-01 23:07 - 2013-07-01 23:08 - 00000000 ____D C:\ProgramData\AVG
2013-07-01 23:07 - 2013-07-01 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2013-07-01 23:06 - 2013-07-01 23:06 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-01 22:56 - 2013-07-02 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-07-01 22:55 - 2013-07-01 23:03 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-07-01 22:55 - 2013-07-01 22:55 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-01 22:55 - 2013-07-01 22:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2013-07-01 22:49 - 2013-07-04 19:55 - 00000000 ____D C:\ProgramData\MFAData
2013-07-01 22:49 - 2013-07-01 22:49 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2013-07-01 22:24 - 2013-07-01 22:24 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 22:24 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 21:53 - 2013-07-02 20:24 - 00000000 ____D C:\Windows\pss
2013-07-01 21:27 - 2013-07-01 21:27 - 00201728 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTC.exe
2013-07-01 00:01 - 2013-07-01 23:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Conduit
2013-07-01 00:01 - 2013-07-01 00:01 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-06-30 23:59 - 2013-07-01 00:01 - 00000009 ____A C:\END
2013-06-30 23:59 - 2013-06-30 23:59 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-30 22:52 - 2013-06-30 22:52 - 00003288 ____N C:\bootsqm.dat
2013-06-30 22:29 - 2013-06-30 23:37 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 22:21 - 2013-06-30 22:21 - 03517580 ____A C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio.zip
2013-06-30 02:14 - 2013-06-30 02:44 - 00036804 ____A C:\Users\Owner\Desktop\sfcdetails.txt
2013-06-29 13:58 - 2013-06-29 13:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{5EA553C8-75C5-43F5-9275-3EB7B4F4F896}
2013-06-29 03:06 - 2013-06-29 03:06 - 00016094 ____A C:\FixitRegBackup.reg
2013-06-28 22:53 - 2013-06-28 23:20 - 00000000 ____D C:\Pictures to move
2013-06-28 22:49 - 2013-06-28 22:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{5471ACA7-B60F-4ADC-8A3A-6C755A01FB90}
2013-06-28 15:47 - 2013-06-28 15:47 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2013-06-26 23:50 - 2013-06-26 23:50 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-26 23:49 - 2013-06-26 23:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 23:49 - 2013-06-26 23:50 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 23:49 - 2013-06-26 23:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 23:49 - 2013-06-26 23:49 - 00000000 ____D C:\Program Files\iPod
2013-06-26 23:44 - 2013-06-26 23:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-26 22:30 - 2013-06-26 22:30 - 00002405 ____A C:\Users\Owner\Desktop\Word 2013.lnk
2013-06-26 21:04 - 2013-07-03 23:40 - 00007609 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg
2013-06-25 22:10 - 2013-06-25 22:11 - 01931844 ____A (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2013-06-23 15:08 - 2013-06-23 15:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 18:03 - 2013-06-22 18:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{40FD51C6-FC09-4EF9-B52E-CA1947B9E10D}
2013-06-22 17:38 - 2013-06-22 17:38 - 00890978 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 01:36 - 2013-06-22 01:37 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-22 01:34 - 2013-06-22 01:40 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-20 17:06 - 2013-06-20 17:10 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2013-06-20 01:01 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 23:02 - 2013-06-19 23:12 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 21:38 - 2013-06-19 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:12 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:11 - 2013-06-19 17:12 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-16 12:58 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 10:50 - 2013-06-16 11:04 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-11 21:36 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:36 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:36 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:36 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:36 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:36 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:36 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:35 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:35 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:35 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:35 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-06 00:28 - 2013-06-17 17:59 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-05 00:12 - 2013-06-18 22:34 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache

==================== One Month Modified Files and Folders =======

2013-07-04 20:16 - 2013-07-04 20:09 - 00001982 ____A C:\Users\Owner\Desktop\FSS.txt
2013-07-04 20:13 - 2013-07-04 20:13 - 00025579 ____A C:\Users\Owner\Desktop\Addition.txt
2013-07-04 20:12 - 2013-07-04 20:12 - 00000000 ____D C:\FRST
2013-07-04 20:11 - 2013-07-04 20:11 - 01934636 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-07-04 20:08 - 2013-07-04 20:08 - 00356397 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-07-04 20:05 - 2013-07-04 20:02 - 00002120 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-07-04 20:04 - 2009-07-13 23:45 - 00024656 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:04 - 2009-07-13 23:45 - 00024656 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 20:02 - 2013-07-04 20:02 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2013-07-04 20:00 - 2012-06-22 22:07 - 01842540 ____A C:\Windows\WindowsUpdate.log
2013-07-04 19:57 - 2012-10-10 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 19:56 - 2012-06-22 22:50 - 00000000 ____D C:\ProgramData\clear.fi
2013-07-04 19:56 - 2010-11-20 22:47 - 00062834 ____A C:\Windows\PFRO.log
2013-07-04 19:56 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 19:56 - 2009-07-13 23:51 - 00076917 ____A C:\Windows\setupact.log
2013-07-04 19:55 - 2013-07-01 22:49 - 00000000 ____D C:\ProgramData\MFAData
2013-07-03 23:40 - 2013-06-26 21:04 - 00007609 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg
2013-07-02 22:47 - 2013-07-02 22:47 - 00000124 ____A C:\Users\Owner\Desktop\Facebook.url
2013-07-02 22:45 - 2013-07-02 22:45 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer.lnk
2013-07-02 22:35 - 2012-10-10 17:12 - 00002150 ____A C:\Windows\epplauncher.mif
2013-07-02 22:04 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-02 21:56 - 2013-02-15 00:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-07-02 20:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-02 20:24 - 2013-07-01 21:53 - 00000000 ____D C:\Windows\pss
2013-07-02 20:16 - 2013-07-01 22:56 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-07-02 20:15 - 2013-07-02 20:15 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-02 19:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\Documents\My Weblog Posts
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Windows Live Writer
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live Writer
2013-07-02 18:49 - 2013-07-02 18:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{212BE87D-C310-4669-BEF2-9146A96491DA}
2013-07-02 18:47 - 2009-07-14 00:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 18:40 - 2009-07-13 23:45 - 00449576 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-02 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-02 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-02 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-02 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-02 18:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-01 23:34 - 2013-07-01 23:28 - 00008378 ____A C:\Windows\IE10_main.log
2013-07-01 23:32 - 2013-07-01 23:32 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-01 23:32 - 2013-07-01 23:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-01 23:32 - 2013-07-01 23:32 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-01 23:32 - 2013-07-01 23:32 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-01 23:32 - 2013-07-01 23:32 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-01 23:32 - 2013-07-01 23:32 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-01 23:32 - 2013-07-01 23:32 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-01 23:32 - 2013-07-01 23:32 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-01 23:32 - 2013-07-01 23:32 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-01 23:32 - 2013-07-01 23:32 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-01 23:32 - 2013-07-01 23:32 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-01 23:32 - 2013-07-01 23:32 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-01 23:32 - 2013-07-01 23:32 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-01 23:30 - 2013-07-01 23:30 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-01 23:30 - 2013-07-01 23:30 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-01 23:08 - 2013-07-01 23:07 - 00000000 ____D C:\ProgramData\AVG
2013-07-01 23:07 - 2013-07-01 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2013-07-01 23:06 - 2013-07-01 23:06 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-01 23:04 - 2013-07-01 00:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Conduit
2013-07-01 23:03 - 2013-07-01 22:55 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-07-01 22:55 - 2013-07-01 22:55 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-01 22:55 - 2013-07-01 22:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2013-07-01 22:49 - 2013-07-01 22:49 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2013-07-01 22:24 - 2013-07-01 22:24 - 00000843 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 22:24 - 2012-12-20 03:01 - 00000000 ____D C:\Download
2013-07-01 21:27 - 2013-07-01 21:27 - 00201728 ____A (OldTimer Tools) C:\Users\Owner\Downloads\OTC.exe
2013-07-01 00:01 - 2013-07-01 00:01 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-01 00:01 - 2013-06-30 23:59 - 00000009 ____A C:\END
2013-06-30 23:59 - 2013-06-30 23:59 - 00000000 ____D C:\Users\Owner\AppData\Local\CRE
2013-06-30 23:39 - 2012-10-10 16:05 - 00112304 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-30 23:39 - 2009-07-14 00:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-30 23:37 - 2013-06-30 22:29 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 23:34 - 2009-07-13 21:34 - 00000455 ____A C:\Windows\win.ini
2013-06-30 23:33 - 2012-06-22 22:33 - 00779724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-30 22:52 - 2013-06-30 22:52 - 00003288 ____N C:\bootsqm.dat
2013-06-30 22:43 - 2009-07-13 21:34 - 00000855 ____A C:\Windows\System32\Drivers\etc\hosts_bak_726
2013-06-30 22:21 - 2013-06-30 22:21 - 03517580 ____A C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio.zip
2013-06-30 02:44 - 2013-06-30 02:14 - 00036804 ____A C:\Users\Owner\Desktop\sfcdetails.txt
2013-06-29 13:58 - 2013-06-29 13:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{5EA553C8-75C5-43F5-9275-3EB7B4F4F896}
2013-06-29 03:06 - 2013-06-29 03:06 - 00016094 ____A C:\FixitRegBackup.reg
2013-06-28 23:20 - 2013-06-28 22:53 - 00000000 ____D C:\Pictures to move
2013-06-28 22:49 - 2013-06-28 22:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{5471ACA7-B60F-4ADC-8A3A-6C755A01FB90}
2013-06-28 15:47 - 2013-06-28 15:47 - 13475464 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2013-06-27 00:06 - 2012-12-29 15:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2013-06-26 23:50 - 2013-06-26 23:50 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-26 23:50 - 2013-06-26 23:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 23:50 - 2013-06-26 23:49 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 23:50 - 2013-06-26 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 23:50 - 2012-10-10 16:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-06-26 23:49 - 2013-06-26 23:49 - 00000000 ____D C:\Program Files\iPod
2013-06-26 23:44 - 2013-06-26 23:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-26 22:45 - 2012-12-02 22:58 - 00000000 ____D C:\Users\Owner\Documents\New LisbonPFC
2013-06-26 22:30 - 2013-06-26 22:30 - 00002405 ____A C:\Users\Owner\Desktop\Word 2013.lnk
2013-06-26 21:51 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files\Google
2013-06-26 20:52 - 2012-12-29 15:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-26 20:52 - 2012-12-02 14:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2013-06-25 22:11 - 2013-06-25 22:10 - 01931844 ____A (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2013-06-23 15:08 - 2013-06-23 15:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 18:03 - 2013-06-22 18:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{40FD51C6-FC09-4EF9-B52E-CA1947B9E10D}
2013-06-22 17:38 - 2013-06-22 17:38 - 00890978 ____A C:\Users\Owner\Downloads\SecurityCheck.exe
2013-06-22 15:04 - 2013-06-22 15:04 - 01931364 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-06-22 04:50 - 2012-10-10 16:04 - 00000000 ____D C:\users\Owner
2013-06-22 03:28 - 2013-06-22 03:28 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2013-06-22 01:40 - 2013-06-22 01:34 - 00000000 ____D C:\ProgramData\4C7AB9302E32EE4600004C7A6CBAF378
2013-06-22 01:37 - 2013-06-22 01:36 - 00001478 ____A C:\Users\Owner\Downloads\fixlist.txt
2013-06-20 17:10 - 2013-06-20 17:06 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-20 01:02 - 2013-02-17 22:42 - 00000000 ____D C:\Users\Owner\Documents\Error Message
2013-06-20 01:01 - 2013-06-20 00:03 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-06-20 00:03 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2013-06-19 23:12 - 2013-06-19 23:02 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-19 22:10 - 2013-05-27 22:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-19 21:48 - 2013-06-19 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2013-06-19 21:38 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
2013-06-19 17:12 - 2013-06-19 17:11 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:12 - 2012-10-10 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-19 07:46 - 2013-04-03 21:08 - 00000000 ____D C:\Program Files (x86)\Real
2013-06-19 07:46 - 2013-04-03 21:06 - 00000000 ____D C:\ProgramData\Real
2013-06-19 07:45 - 2013-04-03 21:08 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-06-19 07:45 - 2013-04-03 21:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-06-19 07:45 - 2011-10-28 17:04 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-18 22:34 - 2013-06-05 00:12 - 00000000 ____D C:\Users\Owner\Documents\My Media
2013-06-17 23:11 - 2012-11-04 22:18 - 00000000 ____D C:\Users\Owner\Documents\Orders
2013-06-17 17:59 - 2013-06-06 00:28 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2013-06-16 13:28 - 2013-06-16 12:58 - 00000000 ____D C:\Users\Owner\Documents\For Sale
2013-06-16 11:04 - 2013-06-16 10:50 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
2013-06-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:04 - 2012-10-28 20:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2012-10-10 16:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-10-10 16:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 17:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 17:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:57 - 2012-10-10 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:57 - 2011-11-02 17:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 20:52 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-10 21:36 - 2013-04-03 21:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Real
2013-06-06 00:16 - 2011-11-02 17:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 13:10

==================== End Of Log ============================


----------



## sportsmom2x2 (Sep 3, 2007)

I was able to install Avast. Remove AVG and installed Avast


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system now, what issues/concerns remain...


----------



## sportsmom2x2 (Sep 3, 2007)

The computer seems to be running slower. It takes long a longer time to open software programs and the internet. When I am typing, the curser seems unstabl for exaemple as I was typing this word, when I went to type e the curser jumped back to the middle of the word. Sometimes it will highlight a sentence and erase it. This is something that is different than before the virus hit and all the clean up began&#8230;.another example&#8230;..when I was typing begin the curser jumped to in the middle of example in the above sentence.
I really appreciate all your help and patience. 
When I open a new tab in the internet, instead of opening a new one on google (my home page) I get a tab named blank. 
The typing though is really the most frustrating. I end up stopping and correcting because the curser jumped to a new place.


----------



## sportsmom2x2 (Sep 3, 2007)

Figured out how to fix the blank tab to open to my goggle place.


----------



## kevinf80 (Mar 21, 2006)

Yep this has been a bit of a journey for sure, can you run OTL one more time, I give full instruction (only d/l again if necessary)..

Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
Change *Drivers* to *All*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Yep this has been a bit of a journey for sure, can you run OTL one more time, I give full instruction (only d/l again if necessary)..
> 
> Download *OTL* from any of the following links and save to your desktop.
> 
> ...


----------



## sportsmom2x2 (Sep 3, 2007)

I can't get the logs to post


----------



## sportsmom2x2 (Sep 3, 2007)

OTL Extras logfile created on: 7/8/2013 10:27:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 73.16% Memory free
10.95 Gb Paging File | 9.08 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.55 Gb Total Space | 392.97 Gb Free Space | 87.41% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C9176DC-6CC1-4715-B6A6-19F485EB8D05}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6E52784B-4F7B-443D-B302-F0D3B1663A5A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8F910201-7CB6-4E6C-8742-C71986AD9848}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"TCP Query User{2DDB9B02-B7D8-488F-AF60-8CE92F7B013A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{65F98C7B-4734-4144-9A85-145E7B7F08BD}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"TCP Query User{F8011D35-8C98-4114-9897-84144F369F5D}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"UDP Query User{11B61136-A41D-4671-A0DB-87B11CC464A1}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"UDP Query User{F3453616-3F0C-48B2-83F8-316F91D0F3DA}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In 
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995841E6-A7D8-2742-606C-98E350507317}" = AMD Catalyst Install Manager
"{B74F365F-CC7D-8B37-F0CE-9C934F370C87}" = ccc-utility64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F945735F-DCCA-9B0F-3916-A9D35ADD710A}" = AMD Media Foundation Decoders
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018469E1-1FF6-4680-A7A5-0E04E8DB4FFB}" = CCC Help Danish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{076457B0-2CCD-1775-53BE-10B2D80BBB11}" = CCC Help Greek
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{13476808-986D-2ADC-878A-60DD241E344D}" = CCC Help Swedish
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A3C311D-F115-E44B-B9B8-DC09D549BDEB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2792AA53-D556-9092-69BF-339B25BFDF14}" = CCC Help Turkish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A8C5C0E-DC54-46BF-92AE-A062C63A1033}" = Nero 7 Essentials
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39E1A8AF-751D-4E6D-D55D-368B13A7913B}" = CCC Help Russian
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54CDE4C0-9CDD-2DC5-2518-FFCAC0AB2443}" = CCC Help Spanish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6229FCC3-24D7-46BC-581F-C15A8EB9D477}" = Catalyst Control Center InstallProxy
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64AE97EB-B2C7-EE97-931C-E44C6584CEA0}" = CCC Help French
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{686DD43A-9C33-19C3-3EBA-28EB9D109791}" = CCC Help Italian
"{6A99D59B-2620-9104-E80A-F35BE16958FE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{70C48A1D-40F1-44A2-CC3E-C0C75E11C7EC}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A85B92-44F8-1F70-90C3-C48EEC9D64D7}" = CCC Help Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA3BFEE-4546-0580-9DEA-4C6E6BD47605}" = CCC Help Japanese
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A27C7332-2211-BF1C-A11D-63F15855D693}" = CCC Help Finnish
"{A3AE9B69-9205-4472-2711-96292C9C3662}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B1BC96B5-2064-21FC-F7BD-497A84C43ECD}" = CCC Help Norwegian
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D184E1-B0E3-E76D-CCA5-E1C1F6979BE5}" = CCC Help Thai
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9E1BC15-AA94-A94E-C51F-7CA8598EAA0D}" = CCC Help Korean
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1B8B7BC-F89D-E4D1-B325-9387FD9700A4}" = Catalyst Control Center Localization All
"{C5C52F9E-F728-D3F9-3C15-7597A3AB627A}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6F3D04A-E9DD-3D17-BE77-08CB6A6F1F15}" = CCC Help Czech
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CC0AE06B-E4E5-D9CF-96CD-C5A2FBE1B79F}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF72CF42-FA17-1273-0325-4F32B64CAB43}" = AMD VISION Engine Control Center
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFC1993-99B8-560D-BFCE-AAD412710262}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E4BF50-279D-4C87-ED5A-E6850DA915AA}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 16.0" = RealPlayer
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-373e0ada-a9b1-48c9-ae69-ab5a517f45fc" = Chuzzle Deluxe
"WTA-38ee7bde-84b0-40e4-8ca5-024192532e49" = Governor of Poker 2 Premium Edition
"WTA-3f81fd3e-9526-4765-a2e3-3884131ec1b1" = Polar Golfer
"WTA-490d524a-c8b0-4551-9a10-dacdc223899c" = Build-a-lot 4 - Power Source
"WTA-5a7e3b9f-3db9-46fb-8940-a53a44d4a225" = Jewel Match 3
"WTA-5e0f7651-112b-4cf3-9dde-246789eb8854" = Plants vs. Zombies - Game of the Year
"WTA-6d106d6e-53b1-40cf-921c-d923bbd44b94" = Penguins!
"WTA-6e7056ee-fa20-4809-9a23-cbaed0020384" = FATE: The Cursed King
"WTA-731a82ed-5c95-4571-ab1f-14a986377a0d" = Bejeweled 2 Deluxe
"WTA-909840bd-fec2-4043-a434-f64a341ed23b" = Mystery of Mortlake Mansion
"WTA-945df9d7-8481-4593-8329-917287d313a5" = Torchlight
"WTA-97c276ce-0f2e-4075-9dae-ee4185024946" = Agatha Christie - Death on the Nile
"WTA-9978f279-f5a1-437f-b8f6-559313d7bff7" = Chronicles of Albian
"WTA-a3c262d0-da47-40cd-860a-9e944509a832" = Virtual Villagers 5 - New Believers
"WTA-ad9ff3d9-4e05-4a24-a01b-e2e43155bbdc" = Zuma's Revenge
"WTA-c06471c8-41e5-48eb-8703-e069b9f2ede9" = Final Drive: Nitro
"WTA-ec9c2049-fa84-43ac-bd82-e8dd5418b96a" = Polar Bowler
"WTA-f2f3e31d-fe8f-41f1-b832-2e92dc783127" = Cradle of Rome 2
"WTA-fb8568b8-9563-4026-8507-5a08991b80d3" = Dora's World Adventure

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-54217543-3094785001-244447589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2013 8:40:05 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16618 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1488 Start
Time: 01ce7785d64b7914 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 18924d1c-e379-11e2-8198-206a8a7f234d

Error - 7/2/2013 8:49:10 PM | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from 
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 7/2/2013 9:06:47 PM | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from 
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 7/2/2013 9:09:51 PM | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from 
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 7/2/2013 9:37:33 PM | Computer Name = Owner-PC | Source = Outlook | ID = 1000
Description = Add-in execution error. Outlook crashed during the 'GetCustomUI' callback
of the 'IRibbonExtensibility' interface while calling into the 'AVG Addin for MS
Outlook' add-in.

Error - 7/2/2013 9:37:35 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 15.0.4505.1510, time
stamp: 0x51aa0d55 Faulting module name: avgoutlookx.dll, version: 13.0.0.2780, time
stamp: 0x508527b1 Exception code: 0xc0000005 Fault offset: 0x00033d4b Faulting process
id: 0x1b04 Faulting application start time: 0x01ce778dd7d361c9 Faulting application
path: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE Faulting module
path: C:\Program Files (x86)\AVG\AVG2013\avgoutlookx.dll Report Id: 224aaede-e381-11e2-bdd7-206a8a7f234d

Error - 7/2/2013 9:38:55 PM | Computer Name = Owner-PC | Source = Outlook | ID = 1000
Description = Add-in execution error. Outlook crashed during the 'GetCustomUI' callback
of the 'IRibbonExtensibility' interface while calling into the 'AVG Addin for MS
Outlook' add-in.

Error - 7/2/2013 9:38:55 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 15.0.4505.1510, time
stamp: 0x51aa0d55 Faulting module name: avgoutlookx.dll, version: 13.0.0.2780, time
stamp: 0x508527b1 Exception code: 0xc0000005 Fault offset: 0x00033d4b Faulting process
id: 0xcbc Faulting application start time: 0x01ce778df843df9d Faulting application
path: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE Faulting module
path: C:\Program Files (x86)\AVG\AVG2013\avgoutlookx.dll Report Id: 527a4b01-e381-11e2-bdd7-206a8a7f234d

Error - 7/2/2013 11:17:28 PM | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from 
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 7/2/2013 11:35:05 PM | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from 
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

[ Media Center Events ]
Error - 12/7/2012 11:15:26 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:15:26 PM - Error connecting to the internet. 9:15:26 PM - Unable
to contact server..

Error - 12/7/2012 11:15:36 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:15:31 PM - Error connecting to the internet. 9:15:31 PM - Unable
to contact server..

[ System Events ]
Error - 3/30/2013 3:17:28 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 3/30/2013 3:17:29 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 3/30/2013 3:31:00 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 3/30/2013 3:31:02 PM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{361380D7-1A5D-4D34-A53D-80BAE3D010F3}
because another computer on the network has the same name. The server could not
start.

Error - 3/30/2013 3:31:02 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 3/30/2013 3:31:14 PM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{361380D7-1A5D-4D34-A53D-80BAE3D010F3}
because another computer on the network has the same name. The server could not
start.

Error - 3/30/2013 3:31:14 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 3/30/2013 3:31:14 PM | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 192.168.10.136. The computer with the IP address 192.168.10.101 
did not allow the name to be claimed by this computer.

Error - 4/12/2013 10:14:57 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 4/19/2013 5:09:54 AM | Computer Name = Owner-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

I also need to see OTL.txt, if that will not post try zipping up the file and attaching it. Right click on the file > select > send to > Compressed (zipped) folder. That zipped folder will save in the same place as the file... Use "Manage Attachments" tab under the main reply box to attach to your reply..


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> I also need to see OTL.txt, if that will not post try zipping up the file and attaching it. Right click on the file > select > send to > Compressed (zipped) folder. That zipped folder will save in the same place as the file... Use "Manage Attachments" tab under the main reply box to attach to your reply..


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.


Under the







box at the bottom, paste in the following, start with and include the colon plus OTL . *:OTL*


```
:OTL
PRC - [2013/07/01 22:55:41 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/07/01 22:55:41 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
SRV - [2013/07/01 22:55:41 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
DRV:[b]64bit:[/b] - [2013/07/01 22:55:42 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE - HKU\S-1-5-21-54217543-3094785001-244447589-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={7564B528-7A19-4677-9FEE-21D445A715A4}&mid=82f0223ad4d947d3a6d8f123cc9bcabe-50bc6e1d72aae87dad2f923a4c1fb8b01f79cd13&lang=en&ds=AVG&pr=pr&d=2013-07-02 20:15:45&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-54217543-3094785001-244447589-1000\..\SearchScopes\{E74A4401-569F-4126-A593-B2E60E0DE337}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN32048958541363215&UM=2
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O3 - HKU\S-1-5-21-54217543-3094785001-244447589-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{a8079e0f-859c-11e2-802b-206a8a7f234d}\Shell - "" = AutoRun
O33 - MountPoints2\{a8079e0f-859c-11e2-802b-206a8a7f234d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Users\Owner\AppData\Roaming\AVG
C:\ProgramData\AVG
C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
C:\Windows\SysNative\drivers\avgtpx64.sys
C:\ProgramData\AVG SafeGuard toolbar
C:\Program Files (x86)\Conduit
C:\Users\Owner\AppData\Local\Conduit
:Commands
[emptytemp]
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Any improvement?


----------



## sportsmom2x2 (Sep 3, 2007)

kevinf80 said:


> Re-Run
> 
> 
> 
> ...


All processes killed
========== OTL ==========
Process ToolbarUpdater.exe killed successfully!
Process loggingserver.exe killed successfully!
Service vToolbarUpdater15.3.0 stopped successfully!
Service vToolbarUpdater15.3.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe moved successfully.
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Registry key HKEY_USERS\S-1-5-21-54217543-3094785001-244447589-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-54217543-3094785001-244447589-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E74A4401-569F-4126-A593-B2E60E0DE337}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E74A4401-569F-4126-A593-B2E60E0DE337}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}\ not found.
Registry value HKEY_USERS\S-1-5-21-54217543-3094785001-244447589-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8079e0f-859c-11e2-802b-206a8a7f234d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8079e0f-859c-11e2-802b-206a8a7f234d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8079e0f-859c-11e2-802b-206a8a7f234d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8079e0f-859c-11e2-802b-206a8a7f234d}\ not found.
File E:\LaunchU3.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Licenses folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeGuardRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11 folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG\AWL2012 folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG folder moved successfully.
C:\ProgramData\AVG\AWL2012 folder moved successfully.
C:\ProgramData\AVG\AWL\Program Statistics folder moved successfully.
C:\ProgramData\AVG\AWL folder moved successfully.
C:\ProgramData\AVG folder moved successfully.
C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} folder moved successfully.
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully.
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully.
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar\Chrome\Default folder moved successfully.
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar\Chrome folder moved successfully.
C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
File\Folder C:\Windows\SysNative\drivers\avgtpx64.sys not found.
C:\ProgramData\AVG SafeGuard toolbar\Toolbar folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\Logger folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Owner\AppData\Local\Conduit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 168019865 bytes
->Temporary Internet Files folder emptied: 159074729 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 64452 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31748973 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 17719 bytes

Total Files Cleaned = 383.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 07112013_205619

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\FireFly(201307112049288D4).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201307112049288D4).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201307112049338D4).log moved successfully.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## sportsmom2x2 (Sep 3, 2007)

It still seems slow to load when hooking to the internet...slower significantly than before this started. It took approximately 30 seconds for the internet to load. The cursers does not seem to jump around now. 
Avast has lots of pop ups, Telling me when it blocks something, etc.


----------



## sportsmom2x2 (Sep 3, 2007)

also just got an error message from a web site I have used numerous time .... system is designed for use with Internet Explorer 6.0 or above. The application will not work properly with other browsers. If IE 6.0 or above is not installed on your work PC, please contact your supervisor. Otherwise, you may use the link below to download a compatible version of Internet Explorer on your personal system. If you are using IE 10 you will need to turn on compatibility mode for PTAWeb to function correctly, please contact your agency help desk for assistance.


----------



## kevinf80 (Mar 21, 2006)

Can you post some screen shots showing the popups from Avast.

If you are seeing errors from websites when using Internet Explorer can you try running IE with addons disabled, see if the issue stops...

I do not see anything malicious in your recent logs, obviously if errors persist something is being missed...


----------



## sportsmom2x2 (Sep 3, 2007)

I am still having problems. Curser jumps all over when typing and when using google have done a search and click on the correct option address instead of going to the site I chose, it will go to an advertising site.
Appreciate all your help.


----------

