Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by cindy (administrator) on CINDY-PC on 28-07-2014 13:00:41 Running from C:\Users\cindy\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (FacetCorp) C:\Program Files (x86)\FacetCorp\FacetWin\fwagent.exe () C:\Program Files (x86)\FacetCorp\FacetWin\fwt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Webshots.com) C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\FacetCorp\FacetWin\fwt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\FacetCorp\FacetWin\fwt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\21.3.0.12\uistub.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] () HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-03] (CANON INC.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1639952509-1622873970-664925706-1000\...\MountPoints2: {1cfa4ce8-ae44-11e1-ad92-d4bed9bc114a} - I:\SETUP.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FacetWin Agent.lnk ShortcutTarget: FacetWin Agent.lnk -> C:\Program Files (x86)\FacetCorp\FacetWin\fwagent.exe (FacetCorp) Startup: C:\Users\cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acctg.lnk ShortcutTarget: acctg.lnk -> C:\Users\cindy\AppData\Local\VirtualStore\Program Files (x86)\FacetCorp\FacetWin\FacetWin Terminal Configurations\acctg.fwt () Startup: C:\Users\cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smile Desktop.lnk ShortcutTarget: Smile Desktop.lnk -> C:\Program Files (x86)\Webshots\Smile Desktop\Smile.exe (Webshots) Startup: C:\Users\cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: advmachinery.com.web02.mxlogic.net:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.1.0.18 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.1.0.18 SearchScopes: HKLM-x32 - DefaultScope {8A289A0D-F50F-460C-9C7C-A677132F175F} URL = SearchScopes: HKLM-x32 - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=323805679_49074404&did=%7bd12c8ddc-d0d9-4529-806d-d527c5863d90%7d&q={searchTerms} SearchScopes: HKCU - DefaultScope {8A289A0D-F50F-460C-9C7C-A677132F175F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN10527648555933254&UM=2 SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKCU - {6D832424-63E4-4543-A7F5-28FC67BC5B2E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B5D32D57-F528-4D5F-BAC1-3DA7C4640CBD&apn_sauid=30B07BD3-F288-4A07-A6FF-41BFD5F0FE8A SearchScopes: HKCU - {8A289A0D-F50F-460C-9C7C-A677132F175F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN10527648555933254&UM=2 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: agihelper.AGUtils -> {0bc6e3fa-78ef-4886-842c-5a1258c4455a} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.1.10.1 Tcpip\..\Interfaces\{B055DD28-A9FD-44EA-8919-10E6A416812F}: [NameServer]4.2.2.3,4.2.2.5 FireFox: ======== FF ProfilePath: C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default FF NewTab: about:blank FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://prestonandsteve.libsyn.com/webpage/category/Daily%20Feed FF Keyword.URL: user_pref("keyword.URL", ""); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\cindy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\cindy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF SearchPlugin: C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\searchplugins\web-search.xml FF Extension: Google Docs Viewer - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\adonis.cuhk@gmail.com.xpi [2012-02-03] FF Extension: Flash Player - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\M1uwW0@47z8gRpK8sULXXLivB.com.xpi [2014-05-02] FF Extension: Personas Plus - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\personas@christopher.beard.xpi [2012-02-03] FF Extension: Pin It button - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\pinterest@robertnyman.com.xpi [2014-04-10] FF Extension: Social Fixer - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\socialfixer@mattkruse.com.xpi [2012-04-12] FF Extension: عارض PDF - C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qojbh5en.default\Extensions\uriloader@pdf.js.xpi [2012-10-08] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-06-23] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-15] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN23754560511915121&UM=2 CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN23754560511915121&UM=2" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\cindy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-21] CHR Extension: (Google Drive) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-21] CHR Extension: (YouTube) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-21] CHR Extension: (Google Search) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-21] CHR Extension: (We-Care.com Reminder) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2013-06-21] CHR Extension: (No Name) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2013-12-05] CHR Extension: (Chrome In-App Payments service) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17] CHR Extension: (Norton Identity Protection) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-06-21] CHR Extension: (Gmail) - C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-21] CHR HKCU\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\cindy\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-25] CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\cindy\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-25] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2013-11-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-11] (WildTangent) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-11] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-14] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation) S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\ENG64.SYS [126040 2014-06-16] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\EX64.SYS [2099288 2014-06-16] (Symantec Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] U0 sr; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:00 - 2014-07-28 13:01 - 00025535 _____ () C:\Users\cindy\Desktop\FRST.txt 2014-07-28 13:00 - 2014-07-28 13:00 - 00000000 ____D () C:\FRST 2014-07-28 12:58 - 2014-07-28 12:58 - 02093568 _____ (Farbar) C:\Users\cindy\Desktop\FRST64.exe 2014-07-28 12:16 - 2014-07-28 12:16 - 00065496 _____ () C:\Users\cindy\Downloads\Extras.Txt 2014-07-28 12:11 - 2014-07-28 12:15 - 00079790 _____ () C:\Users\cindy\Downloads\OTL.Txt 2014-07-28 12:05 - 2014-07-28 12:05 - 00602112 _____ (OldTimer Tools) C:\Users\cindy\Downloads\OTL.exe 2014-07-28 11:19 - 2014-07-28 11:19 - 00000000 ____D () C:\NPE 2014-07-28 11:16 - 2014-07-28 11:24 - 00000000 ____D () C:\Users\cindy\AppData\Local\NPE 2014-07-28 11:16 - 2014-07-28 11:16 - 00000000 ____D () C:\ProgramData\SMR410 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 13:01 - 2014-07-28 13:00 - 00025535 _____ () C:\Users\cindy\Desktop\FRST.txt 2014-07-28 13:00 - 2014-07-28 13:00 - 00000000 ____D () C:\FRST 2014-07-28 12:58 - 2014-07-28 12:58 - 02093568 _____ (Farbar) C:\Users\cindy\Desktop\FRST64.exe 2014-07-28 12:55 - 2012-02-03 11:50 - 00000000 ____D () C:\Users\cindy\Documents\Outlook Files 2014-07-28 12:27 - 2012-10-08 09:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-28 12:27 - 2012-10-08 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-28 12:27 - 2012-04-12 10:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-28 12:27 - 2012-01-25 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-28 12:16 - 2014-07-28 12:16 - 00065496 _____ () C:\Users\cindy\Downloads\Extras.Txt 2014-07-28 12:15 - 2014-07-28 12:11 - 00079790 _____ () C:\Users\cindy\Downloads\OTL.Txt 2014-07-28 12:10 - 2013-06-21 11:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 12:05 - 2014-07-28 12:05 - 00602112 _____ (OldTimer Tools) C:\Users\cindy\Downloads\OTL.exe 2014-07-28 11:44 - 2013-06-21 11:22 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-28 11:44 - 2012-11-12 14:30 - 00000000 ____D () C:\Users\cindy\Documents\Smile 2014-07-28 11:44 - 2012-05-03 11:50 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job 2014-07-28 11:44 - 2012-02-03 09:14 - 00000000 ____D () C:\Users\cindy 2014-07-28 11:39 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-28 11:39 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-28 11:36 - 2009-07-14 01:13 - 00782986 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-28 11:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-28 11:31 - 2009-07-14 00:51 - 00043246 _____ () C:\Windows\setupact.log 2014-07-28 11:30 - 2014-06-18 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 11:30 - 2014-05-18 07:46 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2014-07-28 11:30 - 2014-01-14 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-07-28 11:30 - 2014-01-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Coupons 2014-07-28 11:30 - 2014-01-08 15:53 - 00000000 ____D () C:\Program Files (x86)\Print@Home 2014-07-28 11:30 - 2013-11-15 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2014-07-28 11:30 - 2013-10-31 08:50 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64 2014-07-28 11:30 - 2013-08-22 14:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-07-28 11:30 - 2013-06-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-28 11:30 - 2013-06-11 15:27 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-07-28 11:30 - 2013-06-11 10:13 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-07-28 11:30 - 2013-06-11 10:13 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe 2014-07-28 11:30 - 2012-05-02 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-28 11:30 - 2012-02-20 10:16 - 00000000 ____D () C:\ProgramData\Norton 2014-07-28 11:30 - 2012-02-03 13:04 - 00000000 ____D () C:\Users\cindy\AppData\Local\Adobe 2014-07-28 11:30 - 2012-01-25 19:56 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-28 11:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-07-28 11:24 - 2014-07-28 11:16 - 00000000 ____D () C:\Users\cindy\AppData\Local\NPE 2014-07-28 11:19 - 2014-07-28 11:19 - 00000000 ____D () C:\NPE 2014-07-28 11:16 - 2014-07-28 11:16 - 00000000 ____D () C:\ProgramData\SMR410 2014-07-16 23:16 - 2012-04-02 10:15 - 00000000 ____D () C:\Users\cindy\AppData\Local\CrashDumps 2014-07-16 11:42 - 2012-02-03 16:00 - 00000000 ____D () C:\Users\cindy\AppData\Roaming\PCDr 2014-07-16 09:55 - 2014-02-21 11:21 - 00000000 ____D () C:\Users\cindy\AppData\Local\Deployment Files to move or delete: ==================== C:\Users\cindy\xp.reg Some content of TEMP: ==================== C:\Users\cindy\AppData\Local\Temp\APNStub.exe C:\Users\cindy\AppData\Local\Temp\A~SOFTu_.exe C:\Users\cindy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\cindy\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\cindy\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\cindy\AppData\Local\Temp\MSETUP4.EXE C:\Users\cindy\AppData\Local\Temp\nsc8287.exe C:\Users\cindy\AppData\Local\Temp\nscD825.exe C:\Users\cindy\AppData\Local\Temp\nsi17A5.exe C:\Users\cindy\AppData\Local\Temp\nsnA44D.exe C:\Users\cindy\AppData\Local\Temp\nsp322E.exe C:\Users\cindy\AppData\Local\Temp\nssE246.exe C:\Users\cindy\AppData\Local\Temp\nsx1FF1.exe C:\Users\cindy\AppData\Local\Temp\smile-latest.exe C:\Users\cindy\AppData\Local\Temp\SPStub.exe C:\Users\cindy\AppData\Local\Temp\tbConn.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 00:32 ==================== End Of Log ============================