CreateRestorePoint: 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe [11624 2015-07-24] (Mindspark)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2578401405-4068804440-3125762638-1001\...\Run: [Driver Manager] => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-2578401405-4068804440-3125762638-1001\...\Run: [PCPrivacyDock] => C:\Program Files (x86)\PC Privacy Dock\PCPrivacyDock.exe [4571472 2015-04-14] (PC Privacy Dock)
HKU\S-1-5-21-2578401405-4068804440-3125762638-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs-x32: c:\progra~3\{bf845~1\1173~1.1\taci.dll => "c:\progra~3\{bf845~1\1173~1.1\taci.dll" File not found
Startup: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-07-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
Startup: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk [2015-08-24]
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2578401405-4068804440-3125762638-1006\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2578401405-4068804440-3125762638-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11473&guid={8852908C-DEB4-4535-88DD-654880518ECE}&i=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
BHO-x32: Toolbar BHO -> {312f84fb-8970-4fd3-bddb-7012eac4afc9} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2015-07-24] (Mindspark)
BHO-x32: Search Assistant BHO -> {c547c6c2-561b-4169-a2a5-20ba771ca93b} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2015-07-24] (Mindspark)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2015-07-24] (Mindspark)
Toolbar: HKU\S-1-5-21-2578401405-4068804440-3125762638-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2578401405-4068804440-3125762638-1001 -> No Name - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} -  No File
Toolbar: HKU\S-1-5-21-2578401405-4068804440-3125762638-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2578401405-4068804440-3125762638-1001 -> No Name - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} -  No File
FF Plugin HKU\S-1-5-21-2578401405-4068804440-3125762638-1001: @tnt2npapi.com/Plugin -> C:\Users\Tamara\AppData\Local\TNT2\2.0.0.1995\npTNT2.dll [2015-08-04] (Eshield)
FF user.js: detected! => C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\p0r58nab.default\user.js [2015-08-04]
FF Extension: No Name - C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\p0r58nab.default\extensions\boost@boost.net.xpi [not found]
FF Extension: No Name - C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\p0r58nab.default\extensions\toolbar11473@eshield.com.xpi [not found]
R2 00977a63; c:\Program Files (x86)\LighterInit\LighterInit.dll [2238976 2015-07-23] () [File not signed]
R2 088c3b28; c:\Program Files (x86)\LibrarySystem\LibrarySystem.dll [2622464 2015-08-09] () [File not signed]
R2 310a2fa8; c:\Program Files (x86)\ReactorRise\ReactorRise.dll [2640384 2015-08-06] () [File not signed]
R2 AccountService; C:\Program Files\Kromtech\Common\AccountService.exe [211248 2015-02-04] (Kromtech) <==== ATTENTION
R2 BeFrugal.com Service; C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [348056 2012-12-05] (Capital Intellect, Inc.)
R2 bnFKybbr; C:\ProgramData\siwPSKm\bnFKybbr.exe [2732024 2015-08-24] (Irrational Number Applications)
R2 d3a378f6; c:\Program Files (x86)\RelaySubs\RelaySubs.dll [2477056 2015-08-09] () [File not signed]
R2 Service Mgr GetTheResultsHub; C:\ProgramData\6f66c052-8827-4487-9031-09becb0cf541\plugincontainer.exe [1195224 2015-08-25] ()
R2 Update Mgr GetTheResultsHub; C:\Program Files (x86)\Common Files\6f66c052-8827-4487-9031-09becb0cf541\updater.exe [704728 2015-08-24] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [89448 2015-07-24] (Mindspark)
S1 csfd_1_10_0_17; system32\drivers\csfd_1_10_0_17.sys [X]
2015-08-24 23:31 - 2015-08-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
2015-08-24 23:31 - 2015-08-24 23:31 - 00000000 ____D C:\Users\Tamara\AppData\Local\speed browser
2015-08-24 23:31 - 2015-08-24 23:31 - 00000000 ____D C:\Program Files (x86)\speed browser
2015-08-24 18:29 - 2015-08-24 18:29 - 00003364 _____ C:\Windows\System32\Tasks\{EB8E5C55-830D-4446-8A2A-97ED2AD69720}
2015-08-24 17:55 - 2015-08-24 18:28 - 00453203 _____ (Applon ) C:\Users\Tamara\Downloads\RapidMediaConverter (1).exe.7x3ppbx.partial
2015-08-24 17:46 - 2015-08-24 18:28 - 01053643 _____ (Applon ) C:\Users\Tamara\Downloads\RapidMediaConverter.exe.4echy0u.partial
2015-08-24 16:56 - 2015-08-24 16:56 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z
2015-08-24 15:19 - 2015-08-25 01:31 - 00000000 ____D C:\Users\Tamara\AppData\Local\WebShield
2015-08-24 15:15 - 2015-08-25 21:01 - 00003434 _____ C:\Windows\System32\Tasks\Aorewumi
2015-08-24 15:10 - 2015-08-24 15:15 - 00000000 ____D C:\ProgramData\Aorewumi
2015-08-24 15:04 - 2015-08-24 15:18 - 00000000 ____D C:\ProgramData\siwPSKm
2015-08-24 15:04 - 2015-08-24 15:04 - 00000000 ____D C:\ProgramData\WebShield
2015-08-24 14:52 - 2015-08-24 20:15 - 00000000 ____D C:\Users\Tamara\AppData\Local\RapidMediaConverter
2015-08-24 14:52 - 2015-08-24 14:52 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-08-24 14:52 - 2015-08-24 14:52 - 00000000 ____D C:\Program Files (x86)\RapidMediaConverter
2015-08-10 10:04 - 2015-08-24 23:18 - 00000000 ____D C:\ProgramData\Browser
2015-08-10 05:57 - 2015-08-10 05:57 - 00000000 ____D C:\CrimeWatch
2015-08-10 04:58 - 2015-08-10 04:58 - 00000000 ____D C:\ProgramData\PC Privacy Dock
2015-08-10 04:52 - 2015-08-10 22:09 - 00003511 _____ C:\Windows\SysWOW64\mlogger.log
2015-08-10 03:38 - 2015-08-10 03:38 - 00003200 _____ C:\Windows\System32\Tasks\PROPCCleaner_Start
2015-08-10 03:37 - 2015-08-10 03:37 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall
2015-08-10 03:37 - 2015-08-10 03:37 - 00000000 ____D C:\Users\Tamara\AppData\Local\PRO_PC_Cleaner
2015-08-10 01:36 - 2015-08-10 01:36 - 00000000 ____D C:\Spacekace
2015-08-09 20:49 - 2015-08-09 20:49 - 00000000 ____D C:\Program Files (x86)\LibrarySystem
2015-08-09 18:38 - 2015-08-09 18:38 - 00000000 ____D C:\Program Files (x86)\List Progress Bar for Trello
2015-08-09 18:33 - 2015-08-09 18:33 - 00000000 ____D C:\Program Files (x86)\TakeTTheCouupOn
2015-08-09 18:32 - 2015-08-09 18:32 - 00000000 ____D C:\Program Files (x86)\TakeTheeCouponn
2015-08-09 17:52 - 2015-08-09 17:52 - 00000000 ____D C:\Program Files (x86)\RelaySubs
2015-08-06 22:51 - 2015-08-06 22:51 - 00005923 _____ C:\Users\Tamara\Downloads\aolauth.min.js
2015-08-06 22:48 - 2015-08-06 22:48 - 00008797 _____ C:\Users\Tamara\Downloads\map more info
2015-08-06 22:45 - 2015-08-06 22:45 - 00001151 _____ C:\Users\Tamara\Downloads\Store.html
2015-08-06 22:43 - 2015-08-06 22:43 - 00005309 _____ C:\Users\Tamara\Downloads\map more info.ttj
2015-08-06 22:42 - 2015-08-06 22:42 - 00114710 _____ C:\Users\Tamara\Downloads\map with more info moatuac.js
2015-08-06 22:40 - 2015-08-06 22:40 - 00000953 ____R C:\Users\Tamara\Downloads\get time privacy_banner.js
2015-08-06 22:37 - 2015-08-06 22:37 - 00036804 _____ C:\Users\Tamara\Downloads\adsWrapper.js
2015-08-06 22:26 - 2015-08-06 22:26 - 00141993 _____ C:\Users\Tamara\Downloads\map2015
2015-08-06 07:01 - 2015-08-06 07:01 - 00000000 ____D C:\Program Files (x86)\ReactorRise
2015-08-05 20:28 - 2015-08-05 20:28 - 00010403 _____ C:\Users\Tamara\Downloads\cb=gapi.loaded_1
2015-08-05 20:26 - 2015-08-05 20:26 - 00113519 _____ C:\Users\Tamara\Downloads\cb=gapi.loaded_0
2015-08-05 04:45 - 2015-08-05 04:45 - 00000000 ____D C:\Users\Tamara\AppData\Local\{98FC7EB0-0331-439C-976E-46284944AEB1}
2015-08-03 00:15 - 2015-08-03 00:16 - 00000000 ____D C:\Users\Tamara\AppData\Local\{C4460E98-73DE-47D3-AAD7-CE7DEC77C6AA}
2015-08-01 03:14 - 2015-08-01 03:14 - 00000593 _____ C:\Users\Tamara\Downloads\7FBE.tmp
2015-08-01 03:10 - 2015-08-01 03:10 - 00000593 _____ C:\Users\Tamara\Downloads\708D.tmp
2015-07-30 22:50 - 2015-07-30 22:50 - 00000000 ____D C:\Users\Tamara\AppData\Local\{19638CB5-8B5F-4F76-95FD-FC0A52B3A83C}
2015-07-30 14:33 - 2015-07-30 14:33 - 00000000 ____D C:\Users\Tamara\AppData\Local\{E0F3D240-7B23-4E9C-BB51-0386E069E33E}
2015-07-30 13:52 - 2015-08-10 16:10 - 00003322 _____ C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2015-07-26 04:52 - 2015-07-26 04:52 - 00000000 ____D C:\Users\Tamara\AppData\Local\{423BD323-F769-402D-8A9A-DBFD96A69F1F}
2015-08-25 21:00 - 2015-06-16 13:12 - 00000000 ____D C:\Users\Tamara\Documents\PCPrivacyDock
2015-08-25 20:58 - 2015-07-02 16:16 - 00000404 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-08-25 20:57 - 2012-07-26 19:08 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Skype
2015-08-25 20:56 - 2015-06-16 13:12 - 00003388 _____ C:\Windows\System32\Tasks\PCPrivacyDock_Popup
2015-08-25 20:56 - 2015-06-14 16:47 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup
2015-08-25 20:56 - 2015-06-14 16:47 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2015-08-25 20:55 - 2013-04-05 18:28 - 00000430 _____ C:\Windows\Tasks\BeFrugal.com Toolbar.job
2015-08-25 19:18 - 2015-07-20 03:18 - 00000000 ____D C:\ProgramData\6f66c052-8827-4487-9031-09becb0cf541
2015-08-24 22:12 - 2015-07-02 16:12 - 00000342 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-08-24 16:18 - 2015-07-02 16:16 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2015-08-10 02:57 - 2015-07-02 16:06 - 00000621 _____ C:\Users\Tamara\Downloads\freefileviewer-setup (1).website
2015-08-09 20:25 - 2015-07-24 04:14 - 00000000 ____D C:\Program Files (x86)\BrowwSeeaNdshopp
2015-08-09 18:39 - 2015-07-24 04:14 - 00000000 ____D C:\ProgramData\2753230890292649159
2015-08-02 04:24 - 2015-07-24 04:12 - 00000000 ____D C:\ProgramData\{4ebbcc12-b465-cb48-4ebb-bcc12b46304a}
2015-07-07 02:17 - 2015-07-07 02:29 - 6420480 _____ () C:\Program Files (x86)\GUTAD75.tmp
2015-07-23 20:53 - 2015-07-23 20:53 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-01-27 15:38 - 2015-01-27 15:38 - 0000088 _____ () C:\Users\Tamara\AppData\Local\fd085c24e1db67146ef33388fc5e490b
C:\Program Files (x86)\Itibiti Soft Phone
c:\Program Files (x86)\LighterInit
C:\Program Files (x86)\LibrarySystem
c:\Program Files (x86)\ReactorRise
c:\Program Files (x86)\RelaySubs
C:\windows\system32\drivers\csfd_1_10_0_17.sys
C:\Users\Tamara\AppData\Local\RapidMediaConverter
C:\Program Files (x86)\speed browser
C:\Program Files (x86)\OLBPre
C:\Program Files (x86)\RapidMediaConverter
C:\Program Files (x86)\PC Privacy Dock
C:\Program Files (x86)\File Type Assistant
C:\ProgramData\siwPSKm
C:\Program Files (x86)\Common Files\6f66c052-8827-4487-9031-09becb0cf541
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\ProgramData\6f66c052-8827-4487-9031-09becb0cf541
C:\Program Files (x86)\Common Files\BeFrugal.com
C:\Program Files\Kromtech
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp: 
CMD: bitsadmin /reset /allusers