Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL =
http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL =
http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL =
http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D}
https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []
Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL:
http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
==================== One Month Modified Files and Folders =======
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 22:03
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL =
http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL =
http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL =
http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D}
https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []
Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL:
http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
==================== One Month Modified Files and Folders =======
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 22:03
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL =
http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL =
http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL =
http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D}
https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []
Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL:
http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
==================== One Month Modified Files and Folders =======
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 22:03
==================== End Of Log ============================
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL =
http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL =
http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL =
http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D}
https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []
Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL:
http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
==================== One Month Modified Files and Folders =======
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 22:03
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Harley (administrator) on DEBBIE on 21-02-2014 22:31:41
Running from C:\Users\Harley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS53E27U
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Western Web Applications, LLC) C:\ProgramData\SafeMonitor\SafeMonitor.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-30] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-12] (Acer Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-18] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] - [X]
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-18] (SUPERAntiSpyware)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [] - [X]
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1451520 2009-11-11] (Nokia)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [WSHelperSetup.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Run: [Amazon Cloud Player] - C:\Users\Harley\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-401538773-3258079586-1850964724-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-17] (Google)
Startup: C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://www.ask.com/w...q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - DefaultScope {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {065CCC52-4EF8-4D9B-A195-BC25651BE999} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {07B6F4D5-D733-4BD6-ABE1-5726152C2825} URL =
http://shopping.yaho...Terms}&fr=yessv
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL =
http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {36B6D012-C96F-4EE7-9F6E-EB92FCDBBDC7} URL =
http://uk.local.yaho...ML&cs=&fr=yessv
SearchScopes: HKCU - {41B6D7AE-1733-4770-8CB4-50FFE7FCF67C} URL =
http://www.google.co...1I7ACAW_enGB329
SearchScopes: HKCU - {6038CE7D-20E1-40F6-9C12-B6B5E29B2D69} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {8AC234B8-5BCF-4037-91D6-89C7FAAD84B6} URL =
http://uk.news.searc...Terms}&fr=yessv
SearchScopes: HKCU - {9605905A-FEB5-4A4F-8B5D-A1066DC33A39} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
http://uk.ask.com/we...}&o=15528&l=dis
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.condui...&ctid=CT1392740
SearchScopes: HKCU - {C2AB3B1F-C2FD-4D26-9C7C-30B9FB9970A2} URL =
http://uk.search.yah...Terms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
http://uk.search.yah...=yessv&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D}
https://www.plaxo.co...upldr-2k-xp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\c995pytc.default-1393005575184
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Harley\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ []
Chrome:
=======
CHR HomePage: hxxp://start.facemoods.com/?a=stonicuk
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL:
http://start.facemoo...earchTerms}&f=4
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-10]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-17] (Google)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SafeMonitor; C:\ProgramData\SafeMonitor\SafeMonitor.exe [151192 2014-02-11] (Western Web Applications, LLC)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140220.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-03-10] (Windows ® Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVENG.SYS [93272 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140221.002\NAVEX15.SYS [1612376 2013-09-05] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-19] (Cyberlink Corp.)
S3 Afc; system32\drivers\Afc.sys [X]
S3 androidusb; System32\Drivers\ssadadb.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 ghdso; System32\drivers\gersj.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:35 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-21 20:34 - 2012-09-01 12:36 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-21 20:33 - 2014-02-21 20:45 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:33 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-21 20:33 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-21 20:27 - 2014-02-21 20:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:13 - 2014-02-21 09:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 10:27 - 2014-02-21 09:13 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-18 10:26 - 2014-02-18 10:27 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-12 22:28 - 2014-02-05 08:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:28 - 2014-02-05 08:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:28 - 2014-02-05 08:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:28 - 2014-02-05 08:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:28 - 2014-02-05 08:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:28 - 2014-02-05 08:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:28 - 2014-02-05 08:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:28 - 2014-02-05 08:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:28 - 2014-02-05 08:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:28 - 2014-02-05 08:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:28 - 2014-02-05 08:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 22:28 - 2014-02-05 08:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:29 - 2013-12-05 02:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
==================== One Month Modified Files and Folders =======
2014-02-21 22:31 - 2014-02-21 22:31 - 00000000 ____D () C:\FRST
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:05 - 2008-12-08 21:46 - 01908494 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 21:59 - 2008-12-08 21:51 - 00104784 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-02-21 21:57 - 2012-09-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:57 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-02-21 21:57 - 2008-12-08 22:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-21 21:56 - 2012-09-11 07:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 21:56 - 2006-11-02 12:47 - 00384872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:55 - 2012-09-01 11:09 - 05055630 _____ () C:\Windows\PFRO.log
2014-02-21 21:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:41 - 2012-09-11 07:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 20:45 - 2014-02-21 20:33 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-21 20:35 - 2014-02-21 20:35 - 00001781 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-21 20:33 - 2014-02-21 20:27 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-21 18:58 - 2014-02-21 18:58 - 232949192 _____ (Max Secure Software ) C:\Users\Harley\Desktop\MaxSpywaredetector.exe
2014-02-21 18:26 - 2014-02-21 18:26 - 00000000 ____D () C:\Users\Harley\AppData\Local\Max Secure Software
2014-02-21 18:26 - 2010-03-19 18:30 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\GetRightToGo
2014-02-21 18:11 - 2014-02-21 18:11 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-21 18:11 - 2014-02-21 18:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-21 18:11 - 2013-11-05 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-21 17:59 - 2013-12-22 22:26 - 00000000 ____D () C:\Users\Harley\Desktop\Old Firefox Data
2014-02-21 17:59 - 2013-07-03 08:48 - 00000000 ____D () C:\Users\Harley\AppData\Local\NPE
2014-02-21 17:40 - 2008-11-18 17:47 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-21 17:38 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-21 17:35 - 2014-02-21 17:35 - 03053496 ____N (Symantec Corporation) C:\Users\Harley\Downloads\NPE (1).exe
2014-02-21 13:58 - 2012-05-24 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:58 - 2011-05-14 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 13:40 - 2014-02-21 13:40 - 00000000 __SHD () C:\found.000
2014-02-21 09:48 - 2010-03-21 20:07 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU
2014-02-21 09:46 - 2009-12-05 20:16 - 00000000 ____D () C:\Program Files\MyPlayCity
2014-02-21 09:21 - 2012-09-01 10:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 09:18 - 2014-02-21 09:18 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 09:14 - 2014-02-21 09:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harley\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 09:13 - 2014-02-18 10:27 - 00000000 ____D () C:\Users\Harley\AppData\Local\SafeMonitor
2014-02-21 08:17 - 2009-06-06 18:59 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-02-21 07:00 - 2009-06-21 12:28 - 00000014 _____ () C:\Windows\popcinfo.dat
2014-02-20 20:20 - 2010-04-01 18:21 - 00000000 ____D () C:\Users\Harley\AppData\Local\CrashDumps
2014-02-20 15:13 - 2013-09-12 10:03 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING HOURS
2014-02-19 12:25 - 2013-01-23 16:45 - 00016626 _____ () C:\Users\Harley\Documents\Home expenses 2013.xlsx
2014-02-18 10:27 - 2014-02-18 10:26 - 00000000 ____D () C:\ProgramData\SafeMonitor
2014-02-18 10:25 - 2014-02-18 10:25 - 02865056 _____ () C:\Users\Harley\Downloads\Setup.exe
2014-02-13 17:47 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 23:13 - 2006-11-02 10:33 - 00796524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:02 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 22:43 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 00:23 - 2014-02-11 00:23 - 01152664 _____ () C:\Windows\system32\SafeMonitor.5D8B1F66A294.dll
2014-02-09 09:02 - 2009-06-28 11:20 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 11:20 - 2014-02-21 20:33 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00023008 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2014-02-07 11:20 - 2014-02-21 20:33 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 23:12 - 2013-09-24 10:38 - 00000000 ____D () C:\Users\Harley\Documents\COUNSELLING DOCS
2014-02-05 08:58 - 2014-02-12 22:28 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 08:56 - 2014-02-12 22:28 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 08:53 - 2014-02-12 22:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 08:51 - 2014-02-12 22:28 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 08:50 - 2014-02-12 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 08:49 - 2014-02-12 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 08:49 - 2014-02-12 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 08:48 - 2014-02-12 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 08:48 - 2014-02-12 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 08:47 - 2014-02-12 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 08:47 - 2014-02-12 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 08:46 - 2014-02-12 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-21 20:35 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-01-31 18:12 - 2013-12-26 22:24 - 00001024 _____ () C:\Users\Harley\Desktop\Amazon Cloud Player.lnk
2014-01-31 18:12 - 2013-12-26 22:24 - 00000000 ____D () C:\Users\Harley\AppData\Local\Amazon Cloud Player
2014-01-24 19:14 - 2013-06-13 17:50 - 00000000 ____D () C:\Users\Harley\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Harley\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Harley\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 22:03
==================== End Of Log ============================
I f it helps this problem arose on the 19/02/2014