Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox will not startup and issues crash report [Closed]


  • This topic is locked This topic is locked

#1
debs25

debs25

    New Member

  • Member
  • Pip
  • 3 posts
Hi to you all,

I recently allowed a pop up which said that two people were spying on me and by allowing this site I could get rid of the threat.

Stupidly I did, and I now have Firefox crashing every time I try to access it.

I have done a full Norton scan, Spyware scan and tried Malware as well. Any viruses were removed according to them.

Have uninstalled Firefox several times but to no avail.

Can gain access to the web by internet explorer, there seems to be no problem there.

My last option is to use CC cleaner, but I' worried about erasing important information by mistake.

Does anyone have a solution?

Thanks in advance for any help offered.
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, debs25

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Any viruses were removed according to them.

And what did it found? So you did also a Malwarebytes Scan?

===== > Step 1: FRST < =====

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
debs25

debs25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL = http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL = http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL = http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll

==================== One Month Modified Files and Folders =======

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:03

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL = http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL = http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL = http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll

==================== One Month Modified Files and Folders =======

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:03
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL = http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL = http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL = http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll

==================== One Month Modified Files and Folders =======

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:03

==================== End Of Log ============================
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL = http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL = http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL = http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll

==================== One Month Modified Files and Folders =======

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:03

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL = http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL = http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL = http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL = http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL = http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll

==================== One Month Modified Files and Folders =======

2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:03

==================== End Of Log ============================



I f it helps this problem arose on the 19/02/2014
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
OK, you posted several times the FRST.txt, but I didn't see the Addition.txt - please post also that Logfile.

Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U

In my instructions it said you should save FRST to your desktop. Please move it to your desktop.

You didn't answered my last question to you:

And what did it found? So you did also a Malwarebytes Scan?


After you answered my questions we will begin to fix your system.
  • 0

#5
debs25

debs25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I thought I had added it. Yes, I did a full Malware scan and no problems found.
  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
OK, then please add it now.

It is located under: C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Are you still with me?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP