snap.do infection

[FRANKSNYDER]

Need help....I'm somewhat skilled with computer maintenance, but having problems with removing snap.do after my computer became infected.  I downloaded the free version of malwarebytes, but not sure how to use it. 

[deeprybka]

Hi &

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
• Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

• Start FRST with administator privileges.
• Make sure the option Addition.txt is checked and press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
• Please copy and paste these logs in your next reply.

[FRANKSNYDER]

Jurgen - Download was successful, this is what I got.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Frank (administrator) on FRANK-PC on 20-07-2014 20:01:58
Running from C:\Users\Frank\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\LPT\srptsl.exe
() C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\znjxnhqeua64.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(browser) C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bg.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [548936 2013-08-03] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-08-03] (MindSpark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-08-03] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM-x32\...\Run: [mobilegeni daemon] => "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
HKLM-x32\...\Run: [fst_us_148] => [X]
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-03] (Hewlett-Packard)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [iSUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-24] (Google Inc.)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Frank\AppData\Roaming\newnext.me\nengine.dll",EntryPoint  (the data entry has 5 more characters).
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
URLSearchHook: HKLM-x32 - (No Name) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q={searchTerms}
BHO: Browser_AppS 1.1 -> {11111111-1111-1111-1111-110611031146} -> C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho64.dll (browser)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Browser_AppS 1.1 -> {11111111-1111-1111-1111-110611031146} -> C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho.dll (browser)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: SupraSavings -> {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} -> C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394\xkymsyyrfh.dll ()
BHO-x32: No Name -> {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} ->  No File
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -  No File
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhmmPR3Cli8seX14dwsY34De3_uCijcoqYXoMmzp61wTqPXZtu9ZBkwjEN2mhDkJ
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_cpPWkcPeiE4t9bXmxyfQvpS4rTqsDB9Lkfw9jI5an&q=
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.0 - C:\Users\Frank\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\searchplugins\Web Search.xml
FF Extension: Browser_AppS 1.1 - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\b8c5ecce-0eab-4412-bbe6-6dac31ebfaec@d0bda10d-78c8-4ed2-a9ff-fe1bb21c38dd.com [2014-07-18]
FF Extension: Snap.Do  - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c} [2014-07-15]
FF Extension: Performance Cache - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\islovuivpl@islovuivpl.org.xpi [2012-03-08]
FF Extension: SupraSavings - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\j003-lqgrmgpcekslhg@jetpack.xpi [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\FF [2012-07-21]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi"
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=637421cf-fd72-6039-3694-e9b0932e891e&searchtype=ds&q={searchTerms}&installDate=24/12/2013
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gears.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (getPlusPlus for Adobe 162102) - C:\Program Files (x86)\NOS\bin\np_gp.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.7.0) - C:\Users\Frank\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (New Tab Page) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-12-24]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Default Extension) - C:\Users\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaecogokjgeoahboladcjoldkacibjdj [2012-03-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]

==================== Services (Whitelisted) =================

R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-08-03] (COMPANYVERS_NAME)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [120712 2010-06-09] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [57920 2008-08-11] (LogMeIn, Inc.)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34336 2014-06-10] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SupraSavingsService64; C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\znjxnhqeua64.exe [172544 2014-07-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140720.003\ENG64.SYS [126040 2014-07-08] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140720.003\EX64.SYS [2099288 2014-07-08] (Symantec Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-07-11] (NetFilterSDK.com)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-20] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-20 20:01 - 2014-07-20 20:03 - 00038566 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-07-20 20:00 - 2014-07-20 20:02 - 00000000 ____D () C:\FRST
2014-07-20 19:56 - 2014-07-20 20:00 - 02089984 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-07-20 12:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 12:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 12:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 10:00 - 2014-07-20 10:00 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-20 10:00 - 2014-07-20 10:00 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-18 16:50 - 2014-07-20 19:55 - 00001492 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7.job
2014-07-18 16:50 - 2014-07-20 16:55 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 16:50 - 2014-07-20 16:55 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00003810 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00002440 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00002252 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00001556 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00001556 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00001430 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00001416 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.job
2014-07-18 16:50 - 2014-07-20 16:50 - 00001348 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.job
2014-07-18 16:50 - 2014-07-20 14:47 - 00000000 ____D () C:\Program Files (x86)\Browser_AppS 1.1
2014-07-18 16:50 - 2014-07-20 07:35 - 00000000 ____D () C:\Users\Frank\AppData\Local\WeatherAlerts
2014-07-18 16:50 - 2014-07-18 16:50 - 00006840 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11
2014-07-18 16:50 - 2014-07-18 16:50 - 00005470 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3
2014-07-18 16:50 - 2014-07-18 16:50 - 00005282 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4
2014-07-18 16:50 - 2014-07-18 16:50 - 00004586 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6
2014-07-18 16:50 - 2014-07-18 16:50 - 00004586 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1
2014-07-18 16:50 - 2014-07-18 16:50 - 00004520 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7
2014-07-18 16:50 - 2014-07-18 16:50 - 00004446 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5
2014-07-18 16:50 - 2014-07-18 16:50 - 00004378 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2
2014-07-18 16:50 - 2014-07-18 16:50 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-18 16:50 - 2014-07-18 16:50 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-13 22:23 - 2014-07-13 22:23 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:37 - 2014-07-13 21:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\LPT
2014-07-13 21:34 - 2014-07-20 14:38 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-07-13 21:33 - 2014-07-18 16:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-13 21:33 - 2014-07-13 21:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\Smartbar
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-13 21:33 - 2014-07-13 21:33 - 00000000 ____D () C:\Users\Frank\AppData\Local\globalUpdate
2014-07-13 21:33 - 2014-07-13 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
2014-07-13 21:32 - 2014-07-20 14:47 - 00000000 ____D () C:\Program Files\003
2014-07-13 21:32 - 2014-07-14 10:11 - 00000000 ____D () C:\Program Files (x86)\JFileManager
2014-07-13 21:32 - 2014-07-13 21:32 - 00000000 ____D () C:\Users\Frank\AppData\Local\JFileManager
2014-07-11 10:13 - 2014-07-11 10:13 - 00061736 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 13:09 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:09 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:09 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:09 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:09 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:09 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 13:09 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 13:09 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:09 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:09 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:09 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:09 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:09 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:09 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:09 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 13:09 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 13:09 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 13:09 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:09 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:09 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:09 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-29 13:37 - 2014-06-29 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2014-06-29 13:37 - 2011-10-04 16:29 - 00055952 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-06-29 13:37 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2014-06-29 13:37 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2014-06-29 13:33 - 2014-06-29 13:33 - 00001954 _____ () C:\Users\Public\Desktop\HD Writer LE 2.1.lnk
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files (x86)\Panasonic
2014-06-29 13:32 - 2014-06-29 13:32 - 00440430 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00011646 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition

==================== One Month Modified Files and Folders =======

2014-07-20 20:03 - 2014-07-20 20:01 - 00038566 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-07-20 20:02 - 2014-07-20 20:00 - 00000000 ____D () C:\FRST
2014-07-20 20:00 - 2014-07-20 19:56 - 02089984 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-07-20 19:59 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:59 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:55 - 2014-07-18 16:50 - 00001492 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7.job
2014-07-20 19:46 - 2011-01-06 09:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 19:19 - 2012-04-01 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 17:37 - 2013-10-29 17:35 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB8D0CAD-2E4F-4F57-B583-0459E3885F59}
2014-07-20 17:30 - 2009-07-07 22:20 - 01245473 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 16:55 - 2014-07-18 16:50 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-20 16:55 - 2014-07-18 16:50 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00003810 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00002440 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00002252 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00001556 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00001556 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00001430 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00001416 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.job
2014-07-20 16:50 - 2014-07-18 16:50 - 00001348 _____ () C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.job
2014-07-20 14:47 - 2014-07-18 16:50 - 00000000 ____D () C:\Program Files (x86)\Browser_AppS 1.1
2014-07-20 14:47 - 2014-07-13 21:32 - 00000000 ____D () C:\Program Files\003
2014-07-20 14:38 - 2014-07-13 21:34 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:29 - 2014-07-20 12:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2012-07-20 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 10:02 - 2009-09-08 18:01 - 00003574 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-07-20 10:01 - 2012-10-21 08:14 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-07-20 10:01 - 2012-10-21 08:11 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-07-20 10:00 - 2014-07-20 10:00 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-20 10:00 - 2014-07-20 10:00 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-20 10:00 - 2014-04-03 21:35 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DropboxMaster
2014-07-20 10:00 - 2013-12-24 09:14 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\newnext.me
2014-07-20 10:00 - 2012-10-07 14:17 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-20 10:00 - 2012-10-07 14:17 - 00002844 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-07-20 10:00 - 2012-10-07 14:17 - 00000418 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-07-20 09:59 - 2013-01-15 04:17 - 00013144 _____ () C:\Windows\error.log
2014-07-20 09:59 - 2011-01-06 09:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 09:59 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 09:58 - 2013-01-19 19:35 - 00362492 _____ () C:\Windows\PFRO.log
2014-07-20 09:58 - 2013-01-15 04:16 - 00002996 _____ () C:\Windows\errord.log
2014-07-20 09:57 - 2006-11-02 11:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-20 07:35 - 2014-07-18 16:50 - 00000000 ____D () C:\Users\Frank\AppData\Local\WeatherAlerts
2014-07-20 00:04 - 2010-02-02 14:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-18 16:50 - 2014-07-18 16:50 - 00006840 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11
2014-07-18 16:50 - 2014-07-18 16:50 - 00005470 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3
2014-07-18 16:50 - 2014-07-18 16:50 - 00005282 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4
2014-07-18 16:50 - 2014-07-18 16:50 - 00004586 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6
2014-07-18 16:50 - 2014-07-18 16:50 - 00004586 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1
2014-07-18 16:50 - 2014-07-18 16:50 - 00004520 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7
2014-07-18 16:50 - 2014-07-18 16:50 - 00004446 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5
2014-07-18 16:50 - 2014-07-18 16:50 - 00004378 _____ () C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2
2014-07-18 16:50 - 2014-07-18 16:50 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-18 16:50 - 2014-07-18 16:50 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-18 16:50 - 2014-07-13 21:33 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-18 16:49 - 2013-12-24 09:13 - 00000000 _____ () C:\END
2014-07-18 12:43 - 2009-11-13 13:28 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-14 21:26 - 2011-02-27 20:30 - 00000000 ____D () C:\Users\Frank\AppData\Local\CrashDumps
2014-07-14 20:49 - 2011-09-13 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-14 10:11 - 2014-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\JFileManager
2014-07-13 22:23 - 2014-07-13 22:23 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2013-10-13 13:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-13 21:41 - 2013-10-13 13:19 - 00002139 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-13 21:41 - 2012-10-14 15:42 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-13 21:41 - 2009-11-13 09:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-13 21:37 - 2014-07-13 21:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\LPT
2014-07-13 21:37 - 2014-07-13 21:33 - 00000000 ____D () C:\Users\Frank\AppData\Local\Smartbar
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-13 21:33 - 2014-07-13 21:33 - 00000000 ____D () C:\Users\Frank\AppData\Local\globalUpdate
2014-07-13 21:33 - 2014-07-13 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
2014-07-13 21:32 - 2014-07-13 21:32 - 00000000 ____D () C:\Users\Frank\AppData\Local\JFileManager
2014-07-11 10:13 - 2014-07-11 10:13 - 00061736 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-10 05:25 - 2006-11-02 08:46 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 09:19 - 2011-07-08 11:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 03:22 - 2006-11-02 11:21 - 00336152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:19 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:03 - 2013-07-19 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:00 - 2009-09-09 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:00 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 07:39 - 2012-11-12 21:18 - 00002651 _____ () C:\Users\Frank\Desktop\Microsoft Office Word 2007.lnk
2014-07-01 17:43 - 2013-12-09 12:11 - 00000000 ____D () C:\Users\Frank\Desktop\Stacies Dropbox
2014-07-01 17:29 - 2012-03-06 10:34 - 00000000 ____D () C:\Users\Frank\Desktop\Sofia
2014-06-30 11:37 - 2009-09-09 16:46 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-06-29 13:37 - 2014-06-29 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2014-06-29 13:33 - 2014-06-29 13:33 - 00001954 _____ () C:\Users\Public\Desktop\HD Writer LE 2.1.lnk
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files (x86)\Panasonic
2014-06-29 13:33 - 2009-05-06 06:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-29 13:32 - 2014-06-29 13:32 - 00440430 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00011646 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-25 00:41 - 2011-01-06 09:56 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 00:41 - 2011-01-06 09:56 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb4fwar.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 10:07

==================== End Of Log ============================

[deeprybka]

Hi, I also need the Addition.txt

[FRANKSNYDER]

Here is the addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Frank at 2014-07-20 20:03:42
Running from C:\Users\Frank\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Labs' Natural Voices 1.4 - Desktop Runtime (HKLM-x32\...\AT&T Labs' Natural Voices 1.4 - Desktop Runtime_is1) (Version: 1.4.0916 - AT&T Labs)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist 1.0 (HKLM-x32\...\Bejeweled Twist 1.0) (Version: 1.0 - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser_AppS 1.1 (HKLM-x32\...\Browser_AppS 1.1) (Version: 1.34.7.1 - browser)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
D7500 (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
D7500_Help (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 10.0 - Driver-Soft Inc.)
DriverUpdate (HKLM-x32\...\{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GPBaseService (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HD Writer LE 2.1 (HKLM-x32\...\{DD982DF5-0402-4749-AAE3-0EFFE345E5CF}) (Version: 2.01.014.1033 - Panasonic Corporation)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.2.2719 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2809 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D7500 Printer Driver Software 11.0 Rel .4 (HKLM\...\{57A62553-DA56-431d-92FA-02133BF95DC0}) (Version: 11.0 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (x32 Version: 92.0.0.11 - Hewlet Packard Company) Hidden
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe Applications (HKLM-x32\...\{7D8B9DA5-370A-48B6-AD8D-63574C974AAC}) (Version: 1.18.26.7 - LightScribe)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.552.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MPM (HKLM-x32\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}) (Version: 12.0 - HP)
PanoStandAlone (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Creator Packages (HKCU\...\PDF Creator Packages) (Version:  - ) <==== ATTENTION
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
PhotoSync (HKLM\...\{679C79D2-15C6-45DE-B846-B5196B1C36DE}) (Version: 1.6.2 - touchbyte GmbH)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_ProductContext (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_Software (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_Software_Min (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResumeMaker (HKLM-x32\...\{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}) (Version: 16.0.0 - Individual Software Inc.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snap.Do Engine (HKCU\...\{945a1f8c-5384-40ac-a697-3a0343a9281c}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOK_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Project 2007 Help (KB963668) (HKLM-x32\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Yahoo! BrowserPlus 2.7.0 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version:  - )
YouTube Downloader 2.6.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
YouTube Downloader Toolbar v6.1 (HKLM-x32\...\{6B1907E6-1CF2-4B54-A0A7-E880927FDCE6}) (Version: 6.1 - Spigot, Inc.) <==== ATTENTION

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 08:34 - 2012-07-29 10:16 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A83B01C-3BD0-450B-B93A-D05564686F01} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {11EBD322-041F-4F57-8628-187490FFF237} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6 => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-novainstaller.exe [2014-07-18] (browser)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1C2C6688-2008-430C-9EAF-F26E8C7190BF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1C538700-C234-438F-9201-0584F91AC5C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23A80926-9794-4A87-84BF-C9BB3DDCEB09} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1 => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-codedownloader.exe [2014-07-18] (browser)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2ACB04F2-2BA3-443A-846D-B3621F37DC44} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {2B169828-A038-4686-B5E1-57F3BA36AF48} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5 => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.exe
Task: {323A33F1-D87A-465B-8F7C-754317B1D851} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06] (Google Inc.)
Task: {33EFA158-4344-4A41-906F-5D1CFA538074} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {3C1B5682-B556-4CC6-96D1-F9C6E2A14972} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {42920688-A908-40B9-B7F4-993EA58D7254} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11 => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.exe
Task: {4466C202-4F97-4F00-922D-0B64E92114A3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {49EE8790-3848-4971-B293-E3A791232DFA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.exe
Task: {540FCDB5-A8CA-4A8E-899E-451679EF0EFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06] (Google Inc.)
Task: {5E8CB0E9-262A-4669-8E03-A688505DCA7E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {6B5D2180-DF12-4F62-BF50-3CCE2AB62091} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6CD473F5-24BE-48B1-BEF4-07652E85B44A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {956BA0E2-6C7D-4899-ADF1-D46A1B14B22C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {BAAC502B-21E0-49FF-8DBF-BD99DAA75F8A} - System32\Tasks\SearchGuardPlusUpdater => C:\Program Files\Search Guard PlusU\sgpupdaters.exe
Task: {C9BE50B4-5E36-4E71-8F05-FE15EC6DF729} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA7CD84E-EB7A-437D-933E-D1329E515D30} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2 => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.exe
Task: {D301B96B-0F36-48D1-A415-A620DF6E343F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E5A642A2-16D4-48A9-85FC-71ABA050B448} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E9452928-5D08-4476-B633-B39F37B5B3F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {F4038EE8-9478-4BC8-905D-C328632661B8} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3 => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.exe
Task: {F5D54983-7EA5-4725-B413-4C3312A7540C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F5FC5884-DAE3-4CAD-8823-A9368377F856} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7 => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe [2014-07-18] (browser)
Task: {F8888602-1F75-497E-9920-6E06305F5D65} - System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4 => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1.job => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-codedownloader.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user.job => C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6.job => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-novainstaller.exe
Task: C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7.job => C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2012-10-16 11:22 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2013-08-03 19:46 - 2013-08-03 19:46 - 00292424 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll
2009-02-06 16:11 - 2009-02-06 16:11 - 00172032 _____ () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2009-02-06 16:11 - 2009-02-06 16:11 - 00385024 _____ () C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2013-08-03 19:46 - 2013-08-03 19:46 - 00548936 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
2013-08-03 19:46 - 2013-08-03 19:46 - 00442952 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HPG64.DLL
2009-09-15 19:07 - 2010-06-09 09:12 - 01709904 _____ () C:\Program Files (x86)\LogMeIn\x64\ICSAgent64.dll
2009-02-06 16:11 - 2009-02-06 16:11 - 00151552 _____ () C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00034336 _____ () C:\Program Files (x86)\LPT\srpts.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 18:31 - 2014-06-10 18:31 - 00036384 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2014-07-11 10:13 - 2014-07-11 10:13 - 00172544 _____ () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\znjxnhqeua64.exe
2014-07-11 10:13 - 2014-07-11 10:13 - 00110080 _____ () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\nfapi.dll
2014-07-11 10:13 - 2014-07-11 10:13 - 00456192 _____ () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\ProtocolFilters.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00024608 _____ () C:\Program Files (x86)\LPT\srptm.exe
2014-07-18 16:50 - 2014-07-18 16:50 - 00559640 _____ () C:\program files (x86)\browser_apps 1.1\browser_apps 1.1-bg.exe
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-04-03 20:23 - 2009-04-03 20:23 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-05-23 17:00 - 2012-05-23 17:00 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2012-05-23 17:00 - 2012-05-23 17:00 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2012-05-23 17:00 - 2012-05-23 17:00 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00044064 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2009-04-10 02:22 - 2009-04-10 02:22 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-09-08 17:58 - 2009-02-09 22:29 - 03756032 _____ () C:\Users\Frank\AppData\Roaming\PictureMover\Bin\Core.dll
2009-11-12 16:07 - 2009-04-11 02:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-09-08 17:58 - 2009-02-09 22:36 - 01703936 _____ () C:\Users\Frank\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2014-07-20 10:00 - 2014-07-20 10:00 - 00043008 _____ () c:\users\frank\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb4fwar.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-24 08:44 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00060960 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00078368 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00067616 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00157216 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00028704 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00167456 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00047648 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00026656 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-06-10 18:30 - 2014-06-10 18:30 - 00028192 _____ () C:\Program Files (x86)\LPT\ProxySettings.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00047136 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-06-10 18:30 - 2014-06-10 18:30 - 00054304 _____ () C:\Program Files (x86)\LPT\Proxy.Lib.dll
2013-12-24 09:20 - 2013-12-24 09:20 - 00911872 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00029216 _____ () C:\Program Files (x86)\LPT\sreu.dll
2014-06-10 18:31 - 2014-06-10 18:31 - 00055840 _____ () C:\Program Files (x86)\LPT\srprl.dll
2014-06-10 18:30 - 2014-06-10 18:30 - 00050208 _____ () C:\Program Files (x86)\LPT\lrrot.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 10:01:15 AM) (Source: HP Advisor) (EventID: 400) (User: )
Description: Timestamp: 07/20/2014 10:01:15.996;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [2888];
Message: System.NullReferenceException: Object reference not set to an instance of an object.
   at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type)
   at HPAdvisor.MainFrame.Business.SearchManager.Initialize();
EventId: 400;
Severity: Critical;
Machine: FRANK-PC;
Application Domain: HPAdvisor.exe;
Process Id: 2884;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (07/20/2014 10:00:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 09:59:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 09:43:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 09:43:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 10:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (07/19/2014 10:51:18 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: PolicyAgent4

Error: (07/19/2014 10:51:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/19/2014 10:51:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (07/19/2014 10:51:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4

System errors:
=============
Error: (07/20/2014 10:00:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
ssnfd

Error: (07/19/2014 06:52:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
ssnfd

Error: (07/18/2014 07:43:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
ssnfd

Error: (07/18/2014 07:43:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LPT System Updater Service%%1053

Error: (07/18/2014 07:43:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000LPT System Updater Service

Error: (07/18/2014 07:37:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Anvi Cloud System Booster Speed Service1

Error: (07/18/2014 04:42:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
ssnfd

Error: (07/18/2014 04:42:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LPT System Updater Service%%1053

Error: (07/18/2014 04:42:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000LPT System Updater Service

Error: (07/14/2014 10:04:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
ssnfd

Microsoft Office Sessions:
=========================
Error: (07/10/2014 07:30:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2013 05:24:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/11/2013 05:57:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/19/2013 09:07:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/01/2012 03:25:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14234 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (04/16/2011 10:28:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 221 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-07-20 20:03:32.232
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:31.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:31.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:30.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:29.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:29.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:28.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 20:03:27.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-13 13:20:00.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Frank\AppData\Local\Temp\TEMP.^^^\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-13 13:19:59.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Frank\AppData\Local\Temp\TEMP.^^^\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 7934.31 MB
Available physical RAM: 4040.02 MB
Total Pagefile: 16047.15 MB
Available Pagefile: 12055.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.31 GB) (Free:466.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.86 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Nov. 11, 2013) (CDROM) (Total:0.69 GB) (Free:0.32 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[deeprybka]

Hi,

Step 1

• Please download and install Revo Uninstaller Free

  note: there is no need to click anything on that page, the download will start automatically

• Double click Revo Uninstaller to run it
• From the list of programs double click on the listed program(s), or anything similar, to remove it:

  YouTube Downloader Toolbar v6.1 Snap.Do Engine PDF Creator PackagesFromDocToPDF Internet Explorer Toolbar 

• When prompted if you want to uninstall click Yes
• Be sure the Moderate option is selected then click Next
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next
• Check the items in bold only on the list then click Delete

  note: you may have to expand some folders by clicking the "+" mark

• When prompted click on Yes and then on Next
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish

Step 2

Please download AdwCleaner (by Xplode) and save it to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select "Run As Administrator"

• Click on the Scan button.
• After the scan has finished, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

  Copy and paste the contents of that logfile in your next reply.

Step 3

Please download Combofix (by sUBs) and save it to your Desktop.

• Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
• Start Combofix.exe and follow its instructions.
• Do not use the computer while the scan is running. This may cause the program to stall.
• When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

  Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

[FRANKSNYDER]

Sorry I haven't responded sooner - My internet is down and I'm working with Comcast to get it back up - Will respond as soon as I can.

 

Frank

[deeprybka]

OK...

[FRANKSNYDER]

Jurgen - Here is the ADW Cleaner

 

# AdwCleaner v3.216 - Report created 26/07/2014 at 21:12:47
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Frank - FRANK-PC
# Running from : C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2OL6V0U\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : LPTSystemUpdater
Service Deleted : SupraSavingsService64

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\DriverCure
[!] Folder Deleted : C:\ProgramData\NCH Software
[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jfilemanager
[!] Folder Deleted : C:\Program Files (x86)\Application Updater
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
[!] Folder Deleted : C:\Program Files (x86)\jfilemanager
[!] Folder Deleted : C:\Program Files (x86)\LPT
[!] Folder Deleted : C:\Program Files (x86)\Mobogenie
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\predm
[!] Folder Deleted : C:\Program Files\003
[!] Folder Deleted : C:\Users\Frank\AppData\Local\genienext
[!] Folder Deleted : C:\Users\Frank\AppData\Local\globalUpdate
[!] Folder Deleted : C:\Users\Frank\AppData\Local\iac
[!] Folder Deleted : C:\Users\Frank\AppData\Local\jfilemanager
[!] Folder Deleted : C:\Users\Frank\AppData\Local\LPT
[!] Folder Deleted : C:\Users\Frank\AppData\Local\Mobogenie
[!] Folder Deleted : C:\Users\Frank\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Frank\AppData\Local\Smartbar
[!] Folder Deleted : C:\Users\Frank\AppData\Local\WeatherAlerts
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\BabylonToolbar
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\FreePriceAlerts
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\iac
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\Search Settings
[!] Folder Deleted : C:\Users\Frank\AppData\LocalLow\Smartbar
[!] Folder Deleted : C:\Users\Frank\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\Frank\AppData\Roaming\DriverCure
[!] Folder Deleted : C:\Users\Frank\AppData\Roaming\newnext.me
[!] Folder Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\b8c5ecce-0eab-4412-bbe6-6dac31ebfaec@d0bda10d-78c8-4ed2-a9ff-fe1bb21c38dd.com
[!] Folder Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Frank\daemonprocess.txt
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\driverupdate startup.job
File Deleted : C:\Windows\System32\Tasks\driverupdate startup
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6
File Deleted : C:\Windows\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7.job
File Deleted : C:\Windows\System32\Tasks\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611031146}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622032246}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655035546}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666036646}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644034446}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611031146}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611031146}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611031146}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611031146}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611031146}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622032246}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611031146}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\JFileManager
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JFileManager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\JFileManager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Deleted : [x64] HKLM\SOFTWARE\coupon downloader
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v7.0.1 (en-US)

[ File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN38287656021693829");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN38287656021693829.IN.20131224081318");
Line Deleted : user_pref("CT3306061.installDate", "24/12/2013 08:13:19");
Line Deleted : user_pref("CT3306061.installSessionId", "{6AB75FC7-FB5A-4A8E-86ED-00543032D7E2}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installUsage", "24/12/2013 08:19:38");
Line Deleted : user_pref("CT3306061.installUsageEarly", "24/12/2013 08:19:38");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "hxxp://www.google.com/");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "Search the web (Babylon)");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "24-12-2013 08:13:18");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhmmPR3Cli8seX14d[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN38287656021693829&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110803&tt=031012_IKAN_4212_8");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "12");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "24ECB8F437C43236D50E616467100E21");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "d2e2d431000000000000002618560292");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15629");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.811:23:50");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"6\",\"lastVrsn\":\"6\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d2e2d431000000000000002618560292&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.811:23:50");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110803&tt=031012_IKAN_4212_8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:23:50");
Line Deleted : user_pref("extensions.ab8c5ecce0eab4412bbe66dac31ebfaecd0bda10d78c84ed2a9fffe1bb21c38ddcom60346.60346.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1474f1b0c9beaf966c8765949a0f0cfa");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNhM7gGJQZUulPIsT3aoM7d_c[...]
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN38287656021693829&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN38287656021693829&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "G9KHZSKDG5DHWTALPPW9826S0/RBYMVYJGWH5QU/8ZUFB4+688O2ZUVNF7HTZHS0JO6GTQQC4BHW/QARCYKLUW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN38287656021693829&UM=2&SearchSource=13");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=637421cf-fd72-6039-3694-e9b0932e891e&searchtype=ds&q={searchTerms}&installDate=24/12/2013
Deleted [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi
Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

*************************

AdwCleaner[R0].txt - [31154 octets] - [26/07/2014 21:11:10]
AdwCleaner[s0].txt - [26996 octets] - [26/07/2014 21:12:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [27057 octets] ##########

[FRANKSNYDER]

Jurgen - Here is the COMBOFIX.txt

 

ComboFix 14-07-25.01 - Frank 07/26/2014  21:35:36.3.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5771 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-27 to 2014-07-27  )))))))))))))))))))))))))))))))
.
.
2014-07-27 01:47 . 2014-07-27 01:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-27 01:47 . 2014-07-27 01:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-07-27 01:47 . 2014-07-27 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-27 01:47 . 2014-07-27 01:47 -------- d-----w- c:\users\AppData\AppData\Local\temp
2014-07-27 01:12 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-27 01:10 . 2014-07-27 01:13 -------- d-----w- C:\AdwCleaner
2014-07-27 00:47 . 2014-07-27 00:47 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-07-21 00:00 . 2014-07-21 00:19 -------- d-----w- C:\FRST
2014-07-20 16:28 . 2014-05-12 11:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-20 16:28 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 16:28 . 2014-07-20 16:29 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-20 16:28 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-18 20:50 . 2014-07-21 07:09 -------- d-----w- c:\program files (x86)\Browser_AppS 1.1
2014-07-18 20:38 . 2014-07-18 23:37 -------- d-----w- c:\program files (x86)\Anvisoft
2014-07-14 01:41 . 2014-07-14 01:41 -------- d-----w- c:\program files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-14 01:41 . 2014-07-14 01:41 -------- d-----w- c:\program files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-12 04:48 . 2014-07-18 21:06 -------- d-----w- c:\windows\system32\drivers\N360x64\1504000.00D
2014-07-11 14:13 . 2014-07-11 14:13 61736 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-09 13:19 . 2014-07-09 13:19 10603008 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 17:11 . 2014-06-02 21:30 1802752 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-08 17:11 . 2014-06-02 21:29 1487360 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-08 17:11 . 2014-06-02 21:29 1463808 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-08 17:11 . 2014-06-02 21:29 1435136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-08 17:11 . 2014-06-02 10:30 937472 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-06-29 17:37 . 2014-06-29 17:37 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2014-06-29 17:37 . 2011-10-04 20:29 55952 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2014-06-29 17:37 . 2011-10-04 20:29 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2014-06-29 17:37 . 2011-10-04 20:29 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2014-06-29 17:33 . 2014-06-29 17:33 -------- d-----w- c:\program files (x86)\Common Files\Panasonic
2014-06-29 17:33 . 2014-06-29 17:33 -------- d-----w- c:\program files (x86)\Panasonic
2014-06-29 17:33 . 2014-06-29 17:33 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-06-29 17:33 . 2014-06-29 17:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-06-29 17:32 . 2014-06-29 17:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2014-06-29 17:32 . 2014-06-29 17:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-26 23:56 . 2012-10-07 18:17 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-07-09 13:19 . 2012-04-01 15:26 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 13:19 . 2011-07-08 15:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 07:00 . 2006-11-02 12:35 96441528 ----a-w- c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}]
2014-07-11 14:13 74752 ----a-w- c:\program files\F978377C-B7D4-4536-8E10-14CA97B13394\xkymsyyrfh.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2012-07-02 2736128]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-20 113664]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2014-6-29 293712]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 20:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 17:46 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:19]
.
2014-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 13:56]
.
2014-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 13:56]
.
2014-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 16138784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 82464]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\
FF - ExtSQL: 2014-07-11 10:13; j003-lqgrmgpcekslhg@jetpack; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\j003-lqgrmgpcekslhg@jetpack.xpi
FF - ExtSQL: 2014-07-15 19:53; {a065e404-ab01-dfe5-9e60-d837c4d3667c}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}
FF - ExtSQL: !HIDDEN! 2010-01-11 18:39; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
Wow6432Node-HKLM-Run-TaskTray - (no file)
Wow6432Node-HKLM-Run-fst_us_148 - (no file)
WebBrowser-{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DriverDoc_is1 - c:\program files (x86)\DriverDoc\DriverDoc\unins000.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1504000.00D\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.4.0.13;c:\program files (x86)\Norton 360\Engine64\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\PictureMover\Bin\PictureMover.exe
c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2014-07-26  21:58:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-27 01:58
.
Pre-Run: 501,437,923,328 bytes free
Post-Run: 501,358,231,552 bytes free
.
- - End Of File - - 4C08CC2549FA192FB5209A580B78F066
81CD5EC01DB0CE57EDD853F82462EF27
 

[deeprybka]

Hi Frank,

good job!

Step 1

Scan with Malwarebytes Antimalware

• Please update the database by clicking on the "Update Now" button.
• Following the update and click "Settings" and go to "Detection and Protection"
• Make sure "Scan for Rootkits" is checked.
• Click on Dashboard, then click on Scan Now to start the scan.

  (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

• A window with an option to view the detailed log will appear. Click on "View Detailed Log".
• After viewing the results, please click on the "Copy to Clipboard" button and then OK.
• Return to our forum. Paste your log into your next reply.

Step 2

Start FRST with administator privileges.

• Press the Scan button.
• When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

  Please copy and paste the log in your next reply.

[FRANKSNYDER]

Jurgen - This is the ABAM scan

 

 

Malwarebytes Anti-Malware

 

www.malwarebytes.org

 

 

Scan Date: 7/28/2014

 

Scan Time: 9:57:35 PM

 

Logfile:

 

Administrator: Yes

 

 

Version: 2.00.2.1012

 

Malware Database: v2014.07.28.07

 

Rootkit Database: v2014.07.17.01

 

License: Free

 

Malware Protection: Disabled

 

Malicious Website Protection: Disabled

 

Self-protection: Disabled

 

 

OS: Windows Vista Service Pack 2

 

CPU: x64

 

File System: NTFS

 

User: Frank

 

 

Scan Type: Threat Scan

 

Result: Completed

 

Objects Scanned: 387597

 

Time Elapsed: 25 min, 10 sec

 

 

Memory: Enabled

 

Startup: Enabled

 

Filesystem: Enabled

 

Archives: Disabled

 

Rootkits: Enabled

 

Heuristics: Disabled

 

PUP: Enabled

 

PUM: Enabled

 

 

Processes: 0

 

(No malicious items detected)

 

 

Modules: 0

 

(No malicious items detected)

 

 

Registry Keys: 11

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}, , [8c152f71f6853204026fa1bfb9496f91],

 

PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser_AppS 1.1, , [09986a36ea916dc9133347e62fd5e11f],

 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, , [a5fc495762196fc7a8b5ecef2dd5649c],

 

PUP.Optional.AdPeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\netfilter64, , [267b643c651644f2efb202c9d032f010],

 

PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, , [930e40604338d561435f1caff60c1de3],

 

PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser_AppS 1.1, , [9b06a1ffb8c37eb8f5535dd09f65e51b],

 

PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, , [31701a866912ac8aefcdfee1e1218c74],

 

PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, , [4d54ddc32754ea4c05431715aa5a6c94],

 

PUP.Optional.BrowserApps.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser_AppS 1.1, , [89187c24493267cfd27655d8d133c23e],

 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, , [f2af851bc6b5de58b9329743da287c84],

 

PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser_AppS 1.1, , [3a67d3cd86f568ce386363617b87649c],

 

 

Registry Values: 3

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, , [8c152f71f6853204026fa1bfb9496f91],

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}, , [772a396708739c9a6a07c19f867c40c0],

 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|search-snacks@search-snacks.com, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com, , [9110019f3843ab8b90ccb42755ad956b]

 

 

Registry Data: 0

 

(No malicious items detected)

 

 

Folders: 5

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me, , [f6ab722eceadfc3a60149516fe04b44c],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\cache, , [f6ab722eceadfc3a60149516fe04b44c],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\LocalLow\NCH_EN, , [a7faf9a71f5c0b2b9a59497d7c8634cc],

 

 

Files: 27

 

PUP.AdBundle, C:\Users\Frank\Downloads\PDFCreatorSetup.exe, , [8b16a7f9027972c46f606650e31d738d],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSID132.tmp-\Smartbar.Installer.CustomActions.dll, , [b5ec3c644734fc3a93a1d35bfc04ec14],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI43E4.tmp-\Smartbar.Installer.CustomActions.dll, , [5948e1bfaecde35381b39f8fb64a7987],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI8385.tmp-\Smartbar.Installer.CustomActions.dll, , [6e33732d9ae147efa68e2e00af51f20e],

 

PUP.Optional.AdPeak, C:\Windows\System32\drivers\netfilter64.sys, , [d468667575841a67b78f22cb7998df2f],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\nengine.cookie, , [f6ab722eceadfc3a60149516fe04b44c],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\cache\spark.bin, , [f6ab722eceadfc3a60149516fe04b44c],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.fullUserID, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.installUsage.txt, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.installUsageEarly.txt, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.UserID, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\originalSearchEngine.xml, , [f8a93f610b70a591fb5f2e822dd56b95],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\bgNova.html, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\1293297481.mxaddon, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\7a087336-333a-446d-8261-dcd96c985c69.crx, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.crx, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.xpi, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\background.html, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho.dll, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho64.dll, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-codedownloader.exe, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.dll, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-novainstaller.exe, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1.ico, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\c3ceb120-599a-41bb-8c05-9cdd0a3009d3.crx, , [3a67d3cd86f568ce386363617b87649c],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Uninstall.exe, , [3a67d3cd86f568ce386363617b87649c],

 

 

Physical Sectors: 0

 

(No malicious items detected)

 

 

 

(end)

[FRANKSNYDER]

Jurgen - This is the FRST scan

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Frank (administrator) on FRANK-PC on 28-07-2014 22:38:50
Running from C:\Users\Frank\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2008-08-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-03] (Hewlett-Packard)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [iSUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
URLSearchHook: HKLM-x32 - (No Name) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} ->  No File
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.0 - C:\Users\Frank\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
FF Extension: Snap.Do  - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c} [2014-07-15]
FF Extension: Performance Cache - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\islovuivpl@islovuivpl.org.xpi [2012-03-08]
FF Extension: SupraSavings - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\j003-lqgrmgpcekslhg@jetpack.xpi [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn [2014-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi"
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=637421cf-fd72-6039-3694-e9b0932e891e&searchtype=ds&q={searchTerms}&installDate=24/12/2013
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gears.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (getPlusPlus for Adobe 162102) - C:\Program Files (x86)\NOS\bin\np_gp.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.7.0) - C:\Users\Frank\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Default Extension) - C:\Users\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaecogokjgeoahboladcjoldkacibjdj [2012-03-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [120712 2010-06-09] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [57920 2008-08-11] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140728.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140728.016\ENG64.SYS [126040 2014-07-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140728.016\EX64.SYS [2099288 2014-07-26] (Symantec Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-07-11] (NetFilterSDK.com)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-26] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 22:38 - 2014-07-28 22:38 - 00031256 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-07-28 22:38 - 2014-07-28 22:38 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2014-07-28 20:06 - 2014-07-28 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 23:20 - 2014-07-26 23:20 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 23:20 - 2014-07-26 23:20 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 21:58 - 2014-07-26 21:58 - 00022474 _____ () C:\ComboFix.txt
2014-07-26 21:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-26 21:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-26 21:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-26 21:24 - 2014-07-26 21:58 - 00000000 ____D () C:\Qoobox
2014-07-26 21:21 - 2014-07-26 21:21 - 05563277 ____R (Swearware) C:\Users\Frank\Desktop\ComboFix.exe
2014-07-26 21:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-26 21:10 - 2014-07-26 21:13 - 00000000 ____D () C:\AdwCleaner
2014-07-26 20:47 - 2014-07-26 20:47 - 00001101 _____ () C:\Users\Frank\Desktop\Revo Uninstaller.lnk
2014-07-26 20:47 - 2014-07-26 20:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-26 20:46 - 2014-07-26 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frank\Downloads\revosetup.exe
2014-07-20 20:20 - 2014-07-20 20:24 - 00000499 _____ () C:\Users\Frank\Desktop\Search.txt
2014-07-20 20:03 - 2014-07-20 20:05 - 00053074 _____ () C:\Users\Frank\Desktop\Addition.txt
2014-07-20 20:01 - 2014-07-20 20:05 - 00062953 _____ () C:\Users\Frank\Desktop\FRST 1.txt
2014-07-20 20:00 - 2014-07-28 22:38 - 00000000 ____D () C:\FRST
2014-07-20 19:56 - 2014-07-28 22:38 - 02093568 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-07-20 12:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 12:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 12:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-18 16:50 - 2014-07-21 03:09 - 00000000 ____D () C:\Program Files (x86)\Browser_AppS 1.1
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-26 23:15 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-11 10:13 - 2014-07-11 10:13 - 00061736 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 13:09 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:09 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:09 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:09 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:09 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:09 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 13:09 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 13:09 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:09 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:09 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:09 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:09 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:09 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:09 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:09 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 13:09 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 13:09 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 13:09 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:09 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:09 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:09 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-29 13:37 - 2014-06-29 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2014-06-29 13:37 - 2011-10-04 16:29 - 00055952 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-06-29 13:37 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2014-06-29 13:37 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2014-06-29 13:33 - 2014-06-29 13:33 - 00001954 _____ () C:\Users\Public\Desktop\HD Writer LE 2.1.lnk
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files (x86)\Panasonic
2014-06-29 13:32 - 2014-06-29 13:32 - 00440430 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00011646 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 22:39 - 2014-07-28 22:38 - 00031256 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-07-28 22:38 - 2014-07-28 22:38 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2014-07-28 22:38 - 2014-07-20 20:00 - 00000000 ____D () C:\FRST
2014-07-28 22:38 - 2014-07-20 19:56 - 02093568 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-07-28 22:19 - 2012-04-01 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 21:57 - 2014-07-28 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 21:46 - 2011-01-06 09:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 21:18 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 21:18 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 15:35 - 2009-07-07 22:20 - 01539947 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 14:01 - 2013-10-29 17:35 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB8D0CAD-2E4F-4F57-B583-0459E3885F59}
2014-07-28 00:46 - 2011-01-06 09:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 00:05 - 2010-02-02 14:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-27 19:38 - 2012-11-12 21:18 - 00002651 _____ () C:\Users\Frank\Desktop\Microsoft Office Word 2007.lnk
2014-07-27 06:03 - 2006-11-02 08:46 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 03:00 - 2012-05-30 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 03:00 - 2009-05-06 07:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 23:22 - 2009-09-08 18:01 - 00003574 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-07-26 23:21 - 2012-10-21 08:14 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-07-26 23:20 - 2014-07-26 23:20 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 23:20 - 2014-07-26 23:20 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 23:20 - 2012-10-21 08:11 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-07-26 23:18 - 2013-01-15 04:17 - 00014260 _____ () C:\Windows\error.log
2014-07-26 23:18 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 23:17 - 2013-01-15 04:16 - 00003248 _____ () C:\Windows\errord.log
2014-07-26 23:16 - 2006-11-02 11:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-26 23:15 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-26 21:58 - 2014-07-26 21:58 - 00022474 _____ () C:\ComboFix.txt
2014-07-26 21:58 - 2014-07-26 21:24 - 00000000 ____D () C:\Qoobox
2014-07-26 21:58 - 2014-04-22 15:54 - 00000000 ____D () C:\Users\dub_cm_auto
2014-07-26 21:50 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-26 21:49 - 2013-01-19 19:35 - 00376290 _____ () C:\Windows\PFRO.log
2014-07-26 21:49 - 2009-09-10 08:15 - 00008376 _____ () C:\Users\Frank\AppData\Local\d3d9caps.dat
2014-07-26 21:36 - 2011-02-27 20:30 - 00000000 ____D () C:\Users\Frank\AppData\Local\CrashDumps
2014-07-26 21:21 - 2014-07-26 21:21 - 05563277 ____R (Swearware) C:\Users\Frank\Desktop\ComboFix.exe
2014-07-26 21:13 - 2014-07-26 21:10 - 00000000 ____D () C:\AdwCleaner
2014-07-26 21:13 - 2013-12-24 09:14 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\newnext.me
2014-07-26 21:13 - 2009-09-08 17:24 - 00000000 ____D () C:\Users\Frank
2014-07-26 20:47 - 2014-07-26 20:47 - 00001101 _____ () C:\Users\Frank\Desktop\Revo Uninstaller.lnk
2014-07-26 20:47 - 2014-07-26 20:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-26 20:46 - 2014-07-26 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frank\Downloads\revosetup.exe
2014-07-26 20:28 - 2012-10-21 08:14 - 00000921 _____ () C:\Users\Frank\Desktop\Dropbox.lnk
2014-07-26 20:28 - 2012-10-21 08:11 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-26 19:56 - 2012-10-07 14:17 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-21 03:09 - 2014-07-18 16:50 - 00000000 ____D () C:\Program Files (x86)\Browser_AppS 1.1
2014-07-20 20:24 - 2014-07-20 20:20 - 00000499 _____ () C:\Users\Frank\Desktop\Search.txt
2014-07-20 20:05 - 2014-07-20 20:03 - 00053074 _____ () C:\Users\Frank\Desktop\Addition.txt
2014-07-20 20:05 - 2014-07-20 20:01 - 00062953 _____ () C:\Users\Frank\Desktop\FRST 1.txt
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:29 - 2014-07-20 12:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2012-07-20 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-18 12:43 - 2009-11-13 13:28 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-14 20:49 - 2011-09-13 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2013-10-13 13:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-13 21:41 - 2013-10-13 13:19 - 00002139 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-13 21:41 - 2012-10-14 15:42 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-13 21:41 - 2009-11-13 09:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-11 10:13 - 2014-07-11 10:13 - 00061736 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 09:19 - 2011-07-08 11:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 03:22 - 2006-11-02 11:21 - 00336152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:19 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:03 - 2013-07-19 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:00 - 2009-09-09 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:00 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-01 17:43 - 2013-12-09 12:11 - 00000000 ____D () C:\Users\Frank\Desktop\Stacies Dropbox
2014-07-01 17:29 - 2012-03-06 10:34 - 00000000 ____D () C:\Users\Frank\Desktop\Sofia
2014-06-30 11:37 - 2009-09-09 16:46 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-06-29 13:37 - 2014-06-29 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2014-06-29 13:33 - 2014-06-29 13:33 - 00001954 _____ () C:\Users\Public\Desktop\HD Writer LE 2.1.lnk
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-29 13:33 - 2014-06-29 13:33 - 00000000 ____D () C:\Program Files (x86)\Panasonic
2014-06-29 13:33 - 2009-05-06 06:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-29 13:32 - 2014-06-29 13:32 - 00440430 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00011646 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI42F6.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-06-29 13:32 - 2014-06-29 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk6z9la.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 11:32

==================== End Of Log ============================

[deeprybka]

Hi,

let's do a final check up:

Step 1

Please download the ESET Online Scanner and save it to your Desktop.

• Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
• Start esetsmartinstaller_enu.exe with administartor privileges.
• Select the option Yes, I accept the Terms of Use and click on Start.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start. The virus signature database will begin to download. This may take some time.
• When completed the Online Scan will begin automatically.

  Note: This scan might take a long time! Please be patient.

• When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
• Now click on Finish
• A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

  Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[FRANKSNYDER]

Jurgen - This is the ESET scan.

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jfilemanager\LTV.exe.vir MSIL/Tuguu.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jfilemanager\update.xml.vir Win32/DomaIQ.BC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\b8c5ecce-0eab-4412-bbe6-6dac31ebfaec@d0bda10d-78c8-4ed2-a9ff-fe1bb21c38dd.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Frank\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\Documents and Settings\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\aaecogokjgeoahboladcjoldkacibjdj\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan
C:\Documents and Settings\Frank\AppData\LocalLow\Connect_DLC_5\hk64tbConn.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\Frank\AppData\LocalLow\Connect_DLC_5\hktbConn.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Documents and Settings\Frank\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Documents and Settings\Frank\AppData\LocalLow\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Documents and Settings\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\53199a0f-6d1b9883 a variant of Java/TrojanDownloader.Agent.NFZ trojan
C:\Documents and Settings\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\47237a8-5da11e8e a variant of Java/Exploit.Agent.NEA trojan
C:\Documents and Settings\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\68177488-793d0ff5 a variant of Java/Exploit.Agent.NEA trojan
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\islovuivpl@islovuivpl.org.xpi Win32/TrojanDownloader.Tracur.V trojan
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_25.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_26.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_27.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_28.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_29.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_30.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Documents and Settings\Frank\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.AX potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\7a087336-333a-446d-8261-dcd96c985c69.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.xpi JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho.dll a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho64.dll a variant of Win64/Toolbar.Crossrider.F potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-codedownloader.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.dll a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe a variant of Win32/Toolbar.CrossRider.AE potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-novainstaller.exe a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\Program Files (x86)\Browser_AppS 1.1\c3ceb120-599a-41bb-8c05-9cdd0a3009d3.crx JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A potentially unwanted application
C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\aaecogokjgeoahboladcjoldkacibjdj\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan
C:\Users\Frank\AppData\LocalLow\Connect_DLC_5\hk64tbConn.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\Frank\AppData\LocalLow\Connect_DLC_5\hktbConn.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Frank\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Frank\AppData\LocalLow\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\53199a0f-6d1b9883 a variant of Java/TrojanDownloader.Agent.NFZ trojan
C:\Users\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\47237a8-5da11e8e a variant of Java/Exploit.Agent.NEA trojan
C:\Users\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\68177488-793d0ff5 a variant of Java/Exploit.Agent.NEA trojan
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\islovuivpl@islovuivpl.org.xpi Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_25.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_26.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_27.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_28.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_29.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c}\components\SmartbarFireFoxRemotePlugin_30.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\Users\Frank\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.AX potentially unwanted application
C:\Windows\Installer\18820a78.msi Win32/Toolbar.Linkury.D potentially unwanted application
C:\Windows\Installer\MSI43E4.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
 

[FRANKSNYDER]

Jurgen - This the FSS.txt log.

 

Farbar Service Scanner Version: 21-07-2014
Ran by Frank (administrator) on 29-07-2014 at 21:40:01
Running from "C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23UEG66K"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

[deeprybka]

Hi,

please run Malwarebytes again...

 

 

If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

Step 1

Scan with Malwarebytes Antimalware

• Please update the database by clicking on the "Update Now" button.
• Following the update and click "Settings" and go to "Detection and Protection"
• Make sure "Scan for Rootkits" is checked.
• Click on Dashboard, then click on Scan Now to start the scan.
  (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
• A window with an option to view the detailed log will appear. Click on "View Detailed Log".
• After viewing the results, please click on the "Copy to Clipboard" button and then OK.
• Return to our forum. Paste your log into your next reply.

[FRANKSNYDER]

Jurgen - This is the results of the scan.

 

 

Malwarebytes Anti-Malware

 

www.malwarebytes.org

 

 

Scan Date: 7/30/2014

 

Scan Time: 8:00:20 PM

 

Logfile:

 

Administrator: Yes

 

 

Version: 2.00.2.1012

 

Malware Database: v2014.07.30.10

 

Rootkit Database: v2014.07.17.01

 

License: Free

 

Malware Protection: Disabled

 

Malicious Website Protection: Disabled

 

Self-protection: Disabled

 

 

OS: Windows Vista Service Pack 2

 

CPU: x64

 

File System: NTFS

 

User: Frank

 

 

Scan Type: Threat Scan

 

Result: Completed

 

Objects Scanned: 388140

 

Time Elapsed: 22 min, 26 sec

 

 

Memory: Enabled

 

Startup: Enabled

 

Filesystem: Enabled

 

Archives: Disabled

 

Rootkits: Enabled

 

Heuristics: Disabled

 

PUP: Enabled

 

PUM: Enabled

 

 

Processes: 0

 

(No malicious items detected)

 

 

Modules: 0

 

(No malicious items detected)

 

 

Registry Keys: 13

 

PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, , [3d64b1ef4e2dbd794597a7ba43bf7a86],

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, , [3d64b1ef4e2dbd794597a7ba43bf7a86],

 

PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, , [3d64b1ef4e2dbd794597a7ba43bf7a86],

 

PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\Browser_AppS 1.1, , [aaf72c744c2fce68eb3ac56abc48f808],

 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, , [1190c6dad8a3de58c17c02db3bc7eb15],

 

PUP.Optional.AdPeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\netfilter64, , [dfc2435d9cdf52e4c3be02cb887a6d93],

 

PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, , [fea3eeb2522974c2265cd8f51ae827d9],

 

PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser_AppS 1.1, , [7031a7f96318e55158cf71be7d8726da],

 

PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, , [237eb6ea5d1e20169efe33ae758d2dd3],

 

PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, , [d8c9f2ae413aa69076b108260ff58977],

 

PUP.Optional.BrowserApps.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser_AppS 1.1, , [d7ca049cc7b446f06abdaa8547bd6c94],

 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-3014819020-142153081-3914904618-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, , [079ae7b9c8b372c4e7e430acca38ff01],

 

PUP.Optional.BrowserApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser_AppS 1.1, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

 

Registry Values: 3

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, , [3d64b1ef4e2dbd794597a7ba43bf7a86],

 

PUP.Optional.ConnectDLC.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}, , [148d6c347803fe38508c6df4768cf60a],

 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|search-snacks@search-snacks.com, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com, , [81209d0391eaa29449f311ccb74b50b0]

 

 

Registry Data: 0

 

(No malicious items detected)

 

 

Folders: 5

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me, , [8e137927dc9f4aec6b75a5074db5c13f],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\cache, , [8e137927dc9f4aec6b75a5074db5c13f],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\LocalLow\NCH_EN, , [6938ebb5b6c5f73f85d9e1e72bd739c7],

 

 

Files: 28

 

PUP.AdBundle, C:\Users\Frank\Downloads\PDFCreatorSetup.exe, , [aff20799f2890f272dd49d1a9b65ed13],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSID132.tmp-\Smartbar.Installer.CustomActions.dll, , [7e23a7f95823ba7c95a2b47ab44c7090],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI43E4.tmp-\Smartbar.Installer.CustomActions.dll, , [6a37bae688f33303a7901d1150b006fa],

 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI8385.tmp-\Smartbar.Installer.CustomActions.dll, , [465b623e2556c571f740002ed32d8f71],

 

PUP.Optional.AdPeak, C:\Windows\System32\drivers\netfilter64.sys, , [d468667575841a67b78f22cb7998df2f],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\nengine.cookie, , [8e137927dc9f4aec6b75a5074db5c13f],

 

PUP.Optional.NextLive.A, C:\Users\Frank\AppData\Roaming\newnext.me\cache\spark.bin, , [8e137927dc9f4aec6b75a5074db5c13f],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.fullUserID, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.installUsage.txt, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.installUsageEarly.txt, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\CT3306061.UserID, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.Conduit.A, C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\CT3306061\originalSearchEngine.xml, , [732e168ac2b9f244e1e5624f996933cd],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\bgNova.html, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\1293297481.mxaddon, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\7a087336-333a-446d-8261-dcd96c985c69.crx, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.crx, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\94ec019c-72dd-42c2-8eaf-159bb3a68a18.xpi, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\background.html, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho.dll, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho64.dll, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-codedownloader.exe, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.dll, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-novainstaller.exe, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1.ico, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\c3ceb120-599a-41bb-8c05-9cdd0a3009d3.crx, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.BrowserApps.A, C:\Program Files (x86)\Browser_AppS 1.1\Uninstall.exe, , [5e43e7b90e6d2b0ba066fbcbda28e21e],

 

PUP.Optional.Snapdo.A, C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85ERBjWbmtg5lulkv4KHYuQqekPPFlR1O-XsRaY_RMzH2q19fi15qQPfsY_Ls-AqrNh98lKYLwb8ZDugsnFZoc1mGUXSm3lkeGyjQ4W49cuaX9HuZyRLg_g5quQryEqPi" ],), ,[a0014858d8a37abcc934feec27ddbb45]

 

 

Physical Sectors: 0

 

(No malicious items detected)

 

 

 

(end)

[deeprybka]

Hi,

repeat the scan please and select "Quarantine". Click the button: Apply All Actions.

[FRANKSNYDER]

Jurgen,

 

Are there any other procedures I need to  perform?

[deeprybka]

Please run a scan with Malwarebytes, select quarantaine and post up the log please...

[FRANKSNYDER]

Jurgen - this the scan results

 

 

Malwarebytes Anti-Malware

 

www.malwarebytes.org

 

 

Scan Date: 8/3/2014

 

Scan Time: 12:28:30 PM

 

Logfile:

 

Administrator: Yes

 

 

Version: 2.00.2.1012

 

Malware Database: v2014.08.03.05

 

Rootkit Database: v2014.08.01.01

 

License: Free

 

Malware Protection: Disabled

 

Malicious Website Protection: Disabled

 

Self-protection: Disabled

 

 

OS: Windows Vista Service Pack 2

 

CPU: x64

 

File System: NTFS

 

User: Frank

 

 

Scan Type: Threat Scan

 

Result: Completed

 

Objects Scanned: 389795

 

Time Elapsed: 21 min, 24 sec

 

 

Memory: Enabled

 

Startup: Enabled

 

Filesystem: Enabled

 

Archives: Disabled

 

Rootkits: Enabled

 

Heuristics: Disabled

 

PUP: Enabled

 

PUM: Enabled

 

 

Processes: 0

 

(No malicious items detected)

 

 

Modules: 0

 

(No malicious items detected)

 

 

Registry Keys: 0

 

(No malicious items detected)

 

 

Registry Values: 0

 

(No malicious items detected)

 

 

Registry Data: 0

 

(No malicious items detected)

 

 

Folders: 0

 

(No malicious items detected)

 

 

Files: 0

 

(No malicious items detected)

 

 

Physical Sectors: 0

 

(No malicious items detected)

 

 

 

(end)

[deeprybka]

Hi Frank!

 

Good job,

please run FRST again for a fresh log...

 

Start FRST with administator privileges.

• Press the Scan button.
• When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
  Please copy and paste the log in your next reply.
  

[FRANKSNYDER]

Jurgen - This is the result of the FRSTscan.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Frank (administrator) on FRANK-PC on 04-08-2014 21:26:27
Running from C:\Users\Frank\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2008-08-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-03] (Hewlett-Packard)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [iSUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM - {4F62B9A3-E493-45EB-A0C2-73BD30D0FE67} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.0 - C:\Users\Frank\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll (Yahoo! Inc.)
FF Extension: Snap.Do  - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\{a065e404-ab01-dfe5-9e60-d837c4d3667c} [2014-07-15]
FF Extension: Performance Cache - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\islovuivpl@islovuivpl.org.xpi [2012-03-08]
FF Extension: SupraSavings - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default\Extensions\j003-lqgrmgpcekslhg@jetpack.xpi [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF [2013-10-13]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (RealDownloader) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-30]
CHR Extension: (Norton Identity Protection) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-30]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [120712 2010-06-09] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [57920 2008-08-11] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-08-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-08-01] (Symantec Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-26] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 21:40 - 2014-07-29 21:40 - 00003004 _____ () C:\Users\Frank\Desktop\FSS.txt
2014-07-29 21:28 - 2014-07-29 21:28 - 00011733 _____ () C:\Users\Frank\Desktop\ESET Scan txt.txt
2014-07-29 18:00 - 2014-07-29 18:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-29 17:59 - 2014-07-29 17:59 - 02347384 _____ (ESET) C:\Users\Frank\Desktop\esetsmartinstaller_enu.exe
2014-07-29 17:58 - 2014-07-29 17:58 - 02347384 _____ (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu.exe
2014-07-28 22:38 - 2014-08-04 21:26 - 00027519 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-07-28 22:38 - 2014-08-04 21:26 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2014-07-28 20:06 - 2014-08-03 12:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 23:20 - 2014-08-02 15:26 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 23:20 - 2014-08-02 15:26 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-07-26 21:58 - 2014-07-26 21:58 - 00022474 _____ () C:\ComboFix.txt
2014-07-26 21:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-26 21:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-26 21:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-26 21:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-26 21:24 - 2014-07-26 21:58 - 00000000 ____D () C:\Qoobox
2014-07-26 21:21 - 2014-07-26 21:21 - 05563277 ____R (Swearware) C:\Users\Frank\Desktop\ComboFix.exe
2014-07-26 21:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-26 21:10 - 2014-07-26 21:13 - 00000000 ____D () C:\AdwCleaner
2014-07-26 20:47 - 2014-07-26 20:47 - 00001101 _____ () C:\Users\Frank\Desktop\Revo Uninstaller.lnk
2014-07-26 20:47 - 2014-07-26 20:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-26 20:46 - 2014-07-26 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frank\Downloads\revosetup.exe
2014-07-20 20:20 - 2014-07-20 20:24 - 00000499 _____ () C:\Users\Frank\Desktop\Search.txt
2014-07-20 20:03 - 2014-07-20 20:05 - 00053074 _____ () C:\Users\Frank\Desktop\Addition.txt
2014-07-20 20:01 - 2014-07-20 20:05 - 00062953 _____ () C:\Users\Frank\Desktop\FRST 1.txt
2014-07-20 20:00 - 2014-08-04 21:26 - 00000000 ____D () C:\FRST
2014-07-20 19:56 - 2014-08-04 21:26 - 02094080 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-07-20 12:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 12:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 12:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 16:38 - 2014-07-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-26 23:15 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 13:09 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:09 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:09 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:09 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:09 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:09 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 13:09 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:09 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 13:09 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:09 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:09 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:09 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:09 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:09 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:09 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:09 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:09 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 13:09 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:09 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:09 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 13:09 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:09 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:09 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 13:09 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:09 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 13:09 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:09 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:09 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:09 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 21:26 - 2014-07-28 22:38 - 00027519 _____ () C:\Users\Frank\Desktop\FRST.txt
2014-08-04 21:26 - 2014-07-28 22:38 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2014-08-04 21:26 - 2014-07-20 20:00 - 00000000 ____D () C:\FRST
2014-08-04 21:26 - 2014-07-20 19:56 - 02094080 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2014-08-04 21:26 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 21:26 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 19:46 - 2011-01-06 09:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 19:19 - 2012-04-01 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 17:34 - 2013-12-09 12:11 - 00000000 ____D () C:\Users\Frank\Desktop\Stacies Dropbox
2014-08-04 16:23 - 2013-10-29 17:35 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB8D0CAD-2E4F-4F57-B583-0459E3885F59}
2014-08-04 08:01 - 2009-07-07 22:20 - 01636350 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 00:46 - 2011-01-06 09:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 00:03 - 2010-02-02 14:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-08-03 14:26 - 2010-01-04 08:47 - 00002609 _____ () C:\Users\Frank\Desktop\Microsoft Office Excel 2007.lnk
2014-08-03 13:52 - 2006-11-02 08:46 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 12:28 - 2014-07-28 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 15:42 - 2012-11-12 21:18 - 00002651 _____ () C:\Users\Frank\Desktop\Microsoft Office Word 2007.lnk
2014-08-02 15:29 - 2009-09-08 18:01 - 00003574 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-08-02 15:28 - 2012-10-21 08:14 - 00000000 ___RD () C:\Users\Frank\Dropbox
2014-08-02 15:28 - 2012-10-21 08:11 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Dropbox
2014-08-02 15:26 - 2014-07-26 23:20 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-08-02 15:26 - 2014-07-26 23:20 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2014-08-02 15:26 - 2013-01-15 04:17 - 00014508 _____ () C:\Windows\error.log
2014-08-02 15:26 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 15:25 - 2013-01-19 19:35 - 00387050 _____ () C:\Windows\PFRO.log
2014-08-02 15:25 - 2013-01-15 04:16 - 00003304 _____ () C:\Windows\errord.log
2014-08-02 15:20 - 2006-11-02 11:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 12:11 - 2009-11-13 13:28 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-31 18:12 - 2009-05-06 07:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-31 18:12 - 2006-11-02 11:15 - 00000000 ____D () C:\Windows\WindowsMobile
2014-07-31 17:20 - 2009-09-09 16:46 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-07-29 21:40 - 2014-07-29 21:40 - 00003004 _____ () C:\Users\Frank\Desktop\FSS.txt
2014-07-29 21:28 - 2014-07-29 21:28 - 00011733 _____ () C:\Users\Frank\Desktop\ESET Scan txt.txt
2014-07-29 18:00 - 2014-07-29 18:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-29 17:59 - 2014-07-29 17:59 - 02347384 _____ (ESET) C:\Users\Frank\Desktop\esetsmartinstaller_enu.exe
2014-07-29 17:58 - 2014-07-29 17:58 - 02347384 _____ (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu.exe
2014-07-27 03:00 - 2012-05-30 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:15 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-26 21:58 - 2014-07-26 21:58 - 00022474 _____ () C:\ComboFix.txt
2014-07-26 21:58 - 2014-07-26 21:24 - 00000000 ____D () C:\Qoobox
2014-07-26 21:58 - 2014-04-22 15:54 - 00000000 ____D () C:\Users\dub_cm_auto
2014-07-26 21:50 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-26 21:49 - 2009-09-10 08:15 - 00008376 _____ () C:\Users\Frank\AppData\Local\d3d9caps.dat
2014-07-26 21:36 - 2011-02-27 20:30 - 00000000 ____D () C:\Users\Frank\AppData\Local\CrashDumps
2014-07-26 21:21 - 2014-07-26 21:21 - 05563277 ____R (Swearware) C:\Users\Frank\Desktop\ComboFix.exe
2014-07-26 21:13 - 2014-07-26 21:10 - 00000000 ____D () C:\AdwCleaner
2014-07-26 21:13 - 2009-09-08 17:24 - 00000000 ____D () C:\Users\Frank
2014-07-26 20:47 - 2014-07-26 20:47 - 00001101 _____ () C:\Users\Frank\Desktop\Revo Uninstaller.lnk
2014-07-26 20:47 - 2014-07-26 20:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-26 20:46 - 2014-07-26 20:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frank\Downloads\revosetup.exe
2014-07-26 20:28 - 2012-10-21 08:14 - 00000921 _____ () C:\Users\Frank\Desktop\Dropbox.lnk
2014-07-26 20:28 - 2012-10-21 08:11 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-26 19:56 - 2012-10-07 14:17 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-20 20:24 - 2014-07-20 20:20 - 00000499 _____ () C:\Users\Frank\Desktop\Search.txt
2014-07-20 20:05 - 2014-07-20 20:03 - 00053074 _____ () C:\Users\Frank\Desktop\Addition.txt
2014-07-20 20:05 - 2014-07-20 20:01 - 00062953 _____ () C:\Users\Frank\Desktop\FRST 1.txt
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 12:29 - 2014-07-20 12:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:28 - 2012-07-20 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-18 19:37 - 2014-07-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-14 20:49 - 2011-09-13 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 21:50 - 2014-07-13 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-13 21:41 - 2014-07-13 21:41 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-07-13 21:41 - 2013-10-13 13:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-13 21:41 - 2013-10-13 13:19 - 00002139 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-13 21:41 - 2012-10-14 15:42 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-13 21:41 - 2009-11-13 09:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-13 21:33 - 2014-07-13 21:33 - 00003244 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-09 09:19 - 2014-07-09 09:19 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:19 - 2012-04-01 11:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 09:19 - 2011-07-08 11:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 03:22 - 2006-11-02 11:21 - 00336152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:19 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:03 - 2013-07-19 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:00 - 2009-09-09 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:00 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4mwb7d.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-04 15:46

==================== End Of Log ============================

[deeprybka]

Hi Frank,

Can you please tell me which problems still persist now?