slow computer getting worse [Archive] - Safer-Networking Forums

View Full Version : slow computer getting worse

romasf62

2014-03-02, 20:38

I was (am?) infected with win32.downloader.gen which spybot 1.6 was not able to fix.
I purchased home version of spybot 2.2 and it seemed to fix this problem.
But since then my computer is getting slower and one of my programs will not start, it gives me a clr20r3 error.
Now spybot is giving me a Runtime error 217 at 0044B9CA
I have not run ERUNT as I am using Windows 7

Thanks in advance for your help.

here is the requested system info
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by romalap09 at 11:11:40 on 2014-03-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1287 [GMT -7:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\AstSrv.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
C:\Windows\system32\Dwm.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Remind-Me\RemindMe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Fidelity Investments\Wealth-Lab Pro 6\WealthLabPro.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
uProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: TVersitybar Toolbar: {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] <no file>
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
StartupFolder: C:\Users\ROMALA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
StartupFolder: C:\Users\ROMALA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RemindMe.lnk - C:\Program Files (x86)\Remind-Me\RemindMe.exe
StartupFolder: C:\Users\ROMALA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEALTH~1.LNK - C:\Program Files (x86)\Fidelity Investments\Wealth-Lab Pro 6\WealthLabPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.65 192.168.1.1
TCP: Interfaces\{428B3CAC-95E5-426B-9B79-32BC7E03096E} : DHCPNameServer = 192.168.0.1 205.171.3.65 192.168.1.1
TCP: Interfaces\{428B3CAC-95E5-426B-9B79-32BC7E03096E}\C496E6B637973754874756E64656270313933353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7EA126B-7ADB-4730-A460-A655084C28C8} : DHCPNameServer = 192.168.0.1 205.171.3.65 192.168.1.1
TCP: Interfaces\{FFF4EAED-F24D-4424-BDAC-5A79858151ED} : DHCPNameServer = 192.168.0.1 205.171.3.65 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic603.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: !HIDDEN! 2009-12-21 15:13; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01);user_pref(yahoo.homepage.dontask, true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=&q=
FF - user.js: extensions.mysearchdial.id - 00269E5F5102194C
FF - user.js: extensions.mysearchdial.instlDay - 16077
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.012:24:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1148396261
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - dsites0101
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1148396261
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: browser.sessionstore.resume_session_once - true
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2013-9-11 157696]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-10-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-10-23 1147480]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-10-23 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSviA64.sys [2014-3-1 521944]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-2-6 63904]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-10-23 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-10-23 590936]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 Ast Service;Ast Service;C:\Windows\System32\\AstSrv.exe --> C:\Windows\System32\\AstSrv.exe [?]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-10-23 264360]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2013-6-28 409720]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-3 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-3 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-6 171416]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2013-11-14 248736]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-10 1772056]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\System32\drivers\Rtenic64.sys [2013-10-23 521944]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-10-23 45296]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-9-18 21600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Update Jump Flip;Update Jump Flip;"C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" --> C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [?]
S2 Util Jump Flip;Util Jump Flip;"C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe" --> C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [?]
S3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-13 35104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2013-9-19 145408]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-1-13 115272]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-10-12 7058432]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-9-15 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-9-15 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-9 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-12 216576]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-14 883928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-20 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-12 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-01 21:00:55 -------- d-----w- C:\Program Files\iPod
2014-03-01 21:00:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 21:00:50 -------- d-----w- C:\Program Files\iTunes
2014-03-01 21:00:50 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-20 16:40:35 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-20 16:40:35 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-20 15:21:01 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-20 15:21:01 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-15 15:28:11 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-15 00:38:20 -------- d-----w- C:\Program Files (x86)\GUMF76.tmp
2014-02-14 04:56:51 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-14 04:56:51 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-14 00:37:42 -------- d-----w- C:\ProgramData\Synology
2014-02-14 00:37:16 -------- d-----w- C:\Program Files (x86)\Synology
2014-02-13 15:00:56 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 15:00:56 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 15:00:56 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 15:00:56 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-13 15:00:48 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 15:00:48 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 15:00:48 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 15:00:48 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-06 18:01:33 -------- dc----w- C:\AutoRuns
2014-02-03 19:27:38 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-02-03 19:27:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
.
==================== Find3M ====================
.
2014-02-21 16:05:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 16:05:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-22 00:28:54 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 11:24:03.37 ===============

here is awsMBR.txt

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-02 12:04:45
-----------------------------
12:04:45.764 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:45.764 Number of processors: 2 586 0x170A
12:04:45.764 ComputerName: ROMALAP09-PC UserName: romalap09
12:04:50.575 Initialize success
12:08:22.757 AVAST engine defs: 14030102
12:08:46.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:46.149 Disk 0 Vendor: WDC_WD7500BPKT-75PK4T0 01.01A01 Size: 715404MB BusType: 11
12:08:46.259 Disk 0 MBR read successfully
12:08:46.259 Disk 0 MBR scan
12:08:46.269 Disk 0 unknown MBR code
12:08:46.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:08:46.289 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700508 MB offset 409600
12:08:46.319 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14693 MB offset 1435051836
12:08:46.379 Disk 0 scanning C:\Windows\system32\drivers
12:09:01.793 Service scanning
12:09:06.199 Service BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys **LOCKED** 5
12:09:13.575 Service IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSvia64.sys **LOCKED** 5
12:09:18.435 Service NAVENG C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\ENG64.SYS **LOCKED** 5
12:09:18.636 Service NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140301.008\EX64.SYS **LOCKED** 5
12:09:35.313 Modules scanning
12:09:35.313 Disk 0 trace - called modules:
12:09:35.333 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:09:35.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc6060]
12:09:35.343 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004cc5660]
12:09:35.343 5 hpdskflt.sys[fffff8800202c189] -> nt!IofCallDriver -> [0xfffffa8004b354f0]
12:09:35.358 7 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1d060]
12:09:38.119 AVAST engine scan C:\Windows
12:09:45.993 AVAST engine scan C:\Windows\system32
12:14:23.107 AVAST engine scan C:\Windows\system32\drivers
12:14:56.718 AVAST engine scan C:\Users\romalap09
12:15:05.775 File: C:\Users\romalap09\AppData\Local\genienext\nengine.dll **INFECTED** Win32:NextLive-A [Adw]
12:19:06.774 File: C:\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll **INFECTED** Win32:NextLive-A [Adw]
12:30:27.644 Disk 0 MBR has been saved successfully to "C:\Users\romalap09\Desktop\MBR.dat"
12:30:27.654 The log file has been saved successfully to "C:\Users\romalap09\Desktop\aswMBR.txt"

Juliet

2014-03-02, 21:28

Looking over these logs I find it hard to believe Nortons allowed these infections on your computer. Then, on the other hand if you download something and give it permission to have access to your computer without doing a custom install you also download attached junk.

You have a lot of things we need to remove.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Juliet

2014-03-02, 21:30

my computer is getting slower and one of my programs will not start, it gives me a clr20r3 error.
I may not be able to repair this, after we see a clean computer you might have to uninstall then reinstall the program.

romasf62

2014-03-03, 17:32

Juliet thank you for your quick reply and help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014
Ran by romalap09 (administrator) on ROMALAP09-PC on 03-03-2014 09:19:04
Running from C:\Users\romalap09\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Beiley Software Inc.) C:\Program Files (x86)\Remind-Me\RemindMe.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Fidelity Investments) C:\Program Files (x86)\Fidelity Investments\Wealth-Lab Pro 6\WealthLabPro.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [PxDotNetLoader] - "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [PhotoshopElements8SyncAgent] - C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe [1945536 2010-09-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [DriverMax] - C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8221048 2013-12-23] (Innovative Solutions)
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [DriverMax_RESTART] - [X]
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {30c5991b-d53f-11df-ae36-00247ef24504} - F:\setup.exe -a
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {9046a00f-ee66-11de-a155-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {df630a83-7e5f-11e1-97f7-9dd7db87e9e6} - G:\setup.exe -a
Startup: C:\Users\romalap09\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Startup: C:\Users\romalap09\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk
ShortcutTarget: RemindMe.lnk -> C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)
Startup: C:\Users\romalap09\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WealthLabPro.lnk
ShortcutTarget: WealthLabPro.lnk -> C:\Program Files (x86)\Fidelity Investments\Wealth-Lab Pro 6\WealthLabPro.exe (Fidelity Investments)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
URLSearchHook: HKLM-x32 - TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll (Conduit Ltd.)
URLSearchHook: HKCU - TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {37CB09F3-30DC-4418-A156-ACA1564CD1A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {5DAE4744-C444-40E8-B410-466160023E3A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=575BB1D4-3E9D-4F1B-BDA0-09509C925727&apn_sauid=FDA278C3-179E-4C7A-AC5C-8B7055A12B3D
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll (Conduit Ltd.)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM-x32 - TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default
FF user.js: detected! => C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll (eMusic.com)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\cuil.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\winamp-search.xml
FF Extension: BitTorrentBar - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2013-12-19]
FF Extension: HP Detect - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-05-27]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\amznUWL2@amazon.com.xpi [2011-11-25]
FF Extension: Show Me More - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\showmemore@suskind.xpi [2011-12-21]
FF Extension: StumbleUpon - C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-05-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-10-23]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Cast) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-07]
CHR Extension: (Google Search) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (MySearchDial) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-07]
CHR Extension: (Gmail) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\ROMALA~1\AppData\Local\Temp\ccex.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 Ast Service; C:\Windows\SysWOW64\\AstSrv.exe [57344 2008-01-07] (Nalpeiron Ltd.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [409720 2013-06-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [987704 2010-12-21] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2010-12-21] (Secunia)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-10] (AVG Secure Search)
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
S2 Util Jump Flip; "C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140303.001\ENG64.SYS [126040 2014-02-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140303.001\EX64.SYS [2099288 2014-02-19] (Symantec Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [521944 2013-09-12] (Realtek Semiconductor Corporation )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-23] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
U4 eabfiltr;
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-03 09:19 - 2014-03-03 09:19 - 00033214 _____ () C:\Users\romalap09\Downloads\FRST.txt
2014-03-03 09:18 - 2014-03-03 09:19 - 00000000 ___DC () C:\FRST
2014-03-03 09:14 - 2014-03-03 09:14 - 02156544 _____ (Farbar) C:\Users\romalap09\Downloads\FRST64.exe
2014-03-03 09:01 - 2014-03-03 09:02 - 02156544 _____ (Farbar) C:\Users\romalap09\Downloads\FRST64.exe.part
2014-03-03 08:44 - 2014-03-03 08:51 - 00004692 _____ () C:\Users\romalap09\Desktop\Rkill.txt
2014-03-03 08:44 - 2014-03-03 08:44 - 00000000 ____D () C:\Users\romalap09\Desktop\rkill
2014-03-03 08:42 - 2014-03-03 08:42 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\romalap09\Downloads\rkill.exe
2014-03-02 12:30 - 2014-03-02 13:44 - 00006235 _____ () C:\Users\romalap09\Desktop\aswMBR.txt
2014-03-02 12:30 - 2014-03-02 13:44 - 00000512 _____ () C:\Users\romalap09\Desktop\MBR.dat
2014-03-02 11:46 - 2014-03-02 11:46 - 00003903 _____ () C:\Users\romalap09\Desktop\attach.zip
2014-03-02 11:25 - 2014-03-02 11:25 - 00009725 _____ () C:\Users\romalap09\Desktop\attach.txt
2014-03-02 11:25 - 2014-03-02 11:24 - 00034730 _____ () C:\Users\romalap09\Desktop\dds.txt
2014-03-02 11:10 - 2014-03-02 11:10 - 00688992 ____R (Swearware) C:\Users\romalap09\Downloads\dds(1).scr
2014-03-01 15:04 - 2014-03-01 15:04 - 00000000 ____C () C:\reflectv5.2-6354-x64-10.dmp
2014-03-01 14:02 - 2014-03-01 14:02 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 14:00 - 2014-03-01 14:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 14:00 - 2014-03-01 14:02 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 14:00 - 2014-03-01 14:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files\iPod
2014-02-21 11:55 - 2014-02-21 11:55 - 00002835 _____ () C:\Users\Public\Desktop\Active Trader Pro 10.1.lnk
2014-02-21 08:35 - 2014-02-21 08:36 - 15770112 _____ () C:\Users\romalap09\Downloads\ATsetup(1).msi
2014-02-20 09:40 - 2013-11-26 16:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-20 09:40 - 2013-11-26 15:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-20 08:23 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-20 08:23 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-20 08:23 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-20 08:23 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-20 08:23 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-20 08:23 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-20 08:23 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-20 08:23 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-20 08:23 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-20 08:23 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-20 08:23 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-20 08:23 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-20 08:23 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-20 08:23 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-20 08:23 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-20 08:23 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-20 08:21 - 2013-09-24 19:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-20 08:21 - 2013-09-24 18:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-20 08:20 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-20 08:20 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-20 08:20 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-20 08:20 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-20 08:20 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-20 08:20 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-20 08:20 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-20 08:20 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-20 08:20 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-20 08:20 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-20 08:20 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-20 08:20 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-20 08:20 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-20 08:20 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-20 08:20 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-20 08:20 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-20 08:20 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-20 08:20 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-20 08:20 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-20 08:20 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 12:23 - 2014-03-01 15:06 - 00000416 _____ () C:\Windows\Tasks\incremental 4.job
2014-02-15 12:23 - 2014-02-15 12:23 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 4
2014-02-15 12:22 - 2014-02-22 19:35 - 00000418 _____ () C:\Windows\Tasks\incremental 3.job
2014-02-15 12:22 - 2014-02-15 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\incremental 3
2014-02-15 12:20 - 2014-02-15 12:20 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 2
2014-02-15 12:19 - 2014-02-15 19:36 - 00000416 _____ () C:\Windows\Tasks\incremental 2.job
2014-02-15 10:17 - 2014-02-16 16:11 - 00000418 _____ () C:\Windows\Tasks\incremental 1.job
2014-02-15 10:17 - 2014-02-15 12:20 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 1
2014-02-15 08:28 - 2014-02-15 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 17:38 - 2014-02-14 17:40 - 00000000 ____D () C:\Program Files (x86)\GUMF76.tmp
2014-02-13 21:56 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:56 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:54 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 21:54 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 21:54 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 21:54 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 21:54 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 21:54 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 21:54 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 21:54 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 21:54 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 21:54 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 21:54 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 21:54 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 21:54 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 21:54 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 21:54 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 21:54 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 21:54 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 21:54 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 21:54 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 21:54 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 21:54 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 21:54 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 21:54 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 21:54 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 21:54 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 21:54 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 21:54 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 21:54 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 21:54 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 21:54 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 21:54 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 21:54 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 21:54 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 21:54 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 21:54 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 21:54 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 21:54 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 21:54 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 21:54 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 17:37 - 2014-02-13 17:37 - 00001120 _____ () C:\Users\Public\Desktop\Synology Assistant.lnk
2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\ProgramData\Synology
2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-02-13 17:27 - 2014-02-13 17:27 - 08861848 _____ () C:\Users\romalap09\Downloads\SynologyAssistantSetup-4.3-4359.exe
2014-02-13 08:00 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 08:00 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 08:00 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 08:00 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 08:00 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 08:00 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 08:00 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 08:00 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 15:59 - 2014-02-12 15:59 - 00003198 _____ () C:\Windows\System32\Tasks\{1E688CFA-86C8-4FFF-AE3F-ABD7AF28E09E}
2014-02-11 14:25 - 2014-02-11 14:25 - 00003802 _____ () C:\Users\romalap09\Desktop\Leia Harrison resume upload.txt
2014-02-06 11:03 - 2014-02-06 11:03 - 00000000 ____D () C:\Users\romalap09\Downloads\Autoruns
2014-02-06 11:01 - 2014-02-06 11:05 - 00000000 ___DC () C:\AutoRuns
2014-02-06 11:00 - 2014-02-06 11:00 - 00550371 _____ () C:\Users\romalap09\Downloads\Autoruns.zip
2014-02-06 10:07 - 2014-02-06 10:07 - 14685696 _____ () C:\Users\romalap09\Downloads\ATsetup.msi
2014-02-06 08:53 - 2014-02-06 08:53 - 00000000 ____D () C:\Users\romalap09\Documents\ProcAlyzer Dumps
2014-02-05 11:53 - 2014-02-05 11:53 - 00559288 _____ (Safer-Networking Ltd. ) C:\Users\romalap09\Downloads\spybot2-license.exe
2014-02-04 12:34 - 2014-02-04 13:28 - 00001372 _____ () C:\Windows\wininit.ini
2014-02-03 12:50 - 2010-05-23 10:39 - 00395382 _____ () C:\Windows\system32\Drivers\etc\hosts.20140203-125024.backup
2014-02-03 12:27 - 2014-02-20 08:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-03 12:27 - 2014-02-06 08:32 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-03 12:27 - 2014-02-03 12:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-03 12:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-03 12:23 - 2014-02-03 12:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\romalap09\Downloads\spybot-2.2.exe
2014-02-03 11:27 - 2014-02-03 11:27 - 00003112 _____ () C:\Users\romalap09\Documents\aswMBR.txt
2014-02-03 11:27 - 2014-02-03 11:27 - 00000512 _____ () C:\Users\romalap09\Documents\MBR.dat
2014-02-03 11:21 - 2014-02-03 11:21 - 04745728 _____ (AVAST Software) C:\Users\romalap09\Downloads\aswMBR.exe
2014-02-03 11:20 - 2014-02-03 11:20 - 00688992 ____R (Swearware) C:\Users\romalap09\Downloads\dds.scr

==================== One Month Modified Files and Folders =======

2014-03-03 09:19 - 2014-03-03 09:19 - 00033214 _____ () C:\Users\romalap09\Downloads\FRST.txt
2014-03-03 09:19 - 2014-03-03 09:18 - 00000000 ___DC () C:\FRST
2014-03-03 09:14 - 2014-03-03 09:14 - 02156544 _____ (Farbar) C:\Users\romalap09\Downloads\FRST64.exe
2014-03-03 09:04 - 2012-04-05 07:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 09:02 - 2014-03-03 09:01 - 02156544 _____ (Farbar) C:\Users\romalap09\Downloads\FRST64.exe.part
2014-03-03 09:00 - 2009-12-03 17:57 - 00000334 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2014-03-03 08:51 - 2014-03-03 08:44 - 00004692 _____ () C:\Users\romalap09\Desktop\Rkill.txt
2014-03-03 08:50 - 2009-10-12 00:46 - 01532918 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 08:49 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:49 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:44 - 2014-03-03 08:44 - 00000000 ____D () C:\Users\romalap09\Desktop\rkill
2014-03-03 08:44 - 2014-01-07 12:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 08:42 - 2014-03-03 08:42 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\romalap09\Downloads\rkill.exe
2014-03-03 08:38 - 2014-01-07 12:26 - 00000000 ____D () C:\Users\romalap09\AppData\Roaming\newnext.me
2014-03-03 08:37 - 2014-01-07 12:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 08:36 - 2013-07-23 06:39 - 00016912 _____ () C:\Windows\setupact.log
2014-03-03 08:36 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 13:44 - 2014-03-02 12:30 - 00006235 _____ () C:\Users\romalap09\Desktop\aswMBR.txt
2014-03-02 13:44 - 2014-03-02 12:30 - 00000512 _____ () C:\Users\romalap09\Desktop\MBR.dat
2014-03-02 11:46 - 2014-03-02 11:46 - 00003903 _____ () C:\Users\romalap09\Desktop\attach.zip
2014-03-02 11:25 - 2014-03-02 11:25 - 00009725 _____ () C:\Users\romalap09\Desktop\attach.txt
2014-03-02 11:24 - 2014-03-02 11:25 - 00034730 _____ () C:\Users\romalap09\Desktop\dds.txt
2014-03-02 11:10 - 2014-03-02 11:10 - 00688992 ____R (Swearware) C:\Users\romalap09\Downloads\dds(1).scr
2014-03-02 10:00 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\romalap09\AppData\Local\CrashDumps
2014-03-02 07:56 - 2009-10-12 01:10 - 02640594 _____ () C:\Windows\PFRO.log
2014-03-02 05:55 - 2009-11-08 09:52 - 00000422 ____H () C:\Windows\Tasks\Full Backup xml.job
2014-03-02 00:06 - 2009-11-17 13:09 - 00347323 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2014-03-01 15:06 - 2014-02-15 12:23 - 00000416 _____ () C:\Windows\Tasks\incremental 4.job
2014-03-01 15:04 - 2014-03-01 15:04 - 00000000 ____C () C:\reflectv5.2-6354-x64-10.dmp
2014-03-01 14:02 - 2014-03-01 14:02 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 14:02 - 2014-03-01 14:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 14:02 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 14:02 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files\iPod
2014-02-26 17:09 - 2013-09-30 15:07 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForromalap09
2014-02-26 17:09 - 2013-09-30 15:07 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForromalap09.job
2014-02-23 16:10 - 2011-12-16 09:27 - 00000000 ____D () C:\ProgramData\PMS
2014-02-22 19:35 - 2014-02-15 12:22 - 00000418 _____ () C:\Windows\Tasks\incremental 3.job
2014-02-22 08:46 - 2014-01-07 12:25 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 12:20 - 2010-11-26 15:12 - 00805444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-21 12:19 - 2009-07-13 22:13 - 00805444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 11:55 - 2014-02-21 11:55 - 00002835 _____ () C:\Users\Public\Desktop\Active Trader Pro 10.1.lnk
2014-02-21 10:03 - 2013-09-09 19:28 - 00000000 ____D () C:\Windows\rescache
2014-02-21 09:05 - 2012-04-05 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 09:05 - 2012-04-05 07:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 09:05 - 2011-05-17 07:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 08:36 - 2014-02-21 08:35 - 15770112 _____ () C:\Users\romalap09\Downloads\ATsetup(1).msi
2014-02-20 08:53 - 2014-02-03 12:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-19 14:10 - 2012-02-26 14:10 - 00000000 ____D () C:\Users\romalap09\AppData\Roaming\BitTorrent
2014-02-18 08:07 - 2011-11-24 09:52 - 00000000 ____D () C:\ProgramData\r2 Studios
2014-02-18 08:07 - 2009-11-06 23:45 - 00000000 ___RD () C:\Users\romalap09\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 16:11 - 2014-02-15 10:17 - 00000418 _____ () C:\Windows\Tasks\incremental 1.job
2014-02-16 16:10 - 2012-04-25 07:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 16:01 - 2009-11-17 13:09 - 01024020 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1
2014-02-16 15:49 - 2009-11-17 13:09 - 01024086 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.2
2014-02-16 03:04 - 2013-09-09 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:01 - 2009-11-09 20:18 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:36 - 2014-02-15 12:19 - 00000416 _____ () C:\Windows\Tasks\incremental 2.job
2014-02-15 12:23 - 2014-02-15 12:23 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 4
2014-02-15 12:22 - 2014-02-15 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\incremental 3
2014-02-15 12:20 - 2014-02-15 12:20 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 2
2014-02-15 12:20 - 2014-02-15 10:17 - 00003876 _____ () C:\Windows\System32\Tasks\incremental 1
2014-02-15 08:28 - 2014-02-15 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 17:40 - 2014-02-14 17:38 - 00000000 ____D () C:\Program Files (x86)\GUMF76.tmp
2014-02-14 17:39 - 2014-01-07 12:24 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 17:39 - 2014-01-07 12:24 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 21:53 - 2014-01-07 12:25 - 00000000 ____D () C:\Program Files (x86)\Jump Flip
2014-02-13 17:37 - 2014-02-13 17:37 - 00001120 _____ () C:\Users\Public\Desktop\Synology Assistant.lnk
2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\ProgramData\Synology
2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-02-13 17:27 - 2014-02-13 17:27 - 08861848 _____ () C:\Users\romalap09\Downloads\SynologyAssistantSetup-4.3-4359.exe
2014-02-13 08:41 - 2009-07-13 19:34 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140215-144736.backup
2014-02-12 15:59 - 2014-02-12 15:59 - 00003198 _____ () C:\Windows\System32\Tasks\{1E688CFA-86C8-4FFF-AE3F-ABD7AF28E09E}
2014-02-11 14:25 - 2014-02-11 14:25 - 00003802 _____ () C:\Users\romalap09\Desktop\Leia Harrison resume upload.txt
2014-02-11 14:23 - 2010-03-15 08:36 - 00053760 ___SH () C:\Users\romalap09\Desktop\Thumbs.db
2014-02-06 12:57 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-06 12:31 - 2009-07-13 22:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 12:03 - 2009-07-13 19:34 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140213-084130.backup
2014-02-06 11:05 - 2014-02-06 11:01 - 00000000 ___DC () C:\AutoRuns
2014-02-06 11:03 - 2014-02-06 11:03 - 00000000 ____D () C:\Users\romalap09\Downloads\Autoruns
2014-02-06 11:00 - 2014-02-06 11:00 - 00550371 _____ () C:\Users\romalap09\Downloads\Autoruns.zip
2014-02-06 10:07 - 2014-02-06 10:07 - 14685696 _____ () C:\Users\romalap09\Downloads\ATsetup.msi
2014-02-06 08:55 - 2013-04-08 08:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 08:53 - 2014-02-06 08:53 - 00000000 ____D () C:\Users\romalap09\Documents\ProcAlyzer Dumps
2014-02-06 08:51 - 2009-12-02 13:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-06 08:32 - 2014-02-03 12:27 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-06 05:16 - 2014-02-13 21:54 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:30 - 2014-02-13 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:30 - 2014-02-13 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:12 - 2014-02-13 21:54 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 04:07 - 2014-02-13 21:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:06 - 2014-02-13 21:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 21:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:56 - 2014-02-13 21:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:52 - 2014-02-13 21:54 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:49 - 2014-02-13 21:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:48 - 2014-02-13 21:54 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:48 - 2014-02-13 21:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:38 - 2014-02-13 21:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 03:32 - 2014-02-13 21:54 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:20 - 2014-02-13 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 03:17 - 2014-02-13 21:54 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:11 - 2014-02-13 21:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:01 - 2014-02-13 21:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 03:00 - 2014-02-13 21:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 21:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 02:57 - 2014-02-13 21:54 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 02:52 - 2014-02-13 21:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 02:52 - 2014-02-13 21:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 02:50 - 2014-02-13 21:54 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 02:49 - 2014-02-13 21:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 02:47 - 2014-02-13 21:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 02:46 - 2014-02-13 21:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 02:25 - 2014-02-13 21:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 02:25 - 2014-02-13 21:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 02:24 - 2014-02-13 21:54 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:22 - 2014-02-13 21:54 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:13 - 2014-02-13 21:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 02:09 - 2014-02-13 21:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 02:03 - 2014-02-13 21:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 01:55 - 2014-02-13 21:54 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 01:41 - 2014-02-13 21:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 01:40 - 2014-02-13 21:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 01:36 - 2014-02-13 21:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 01:34 - 2014-02-13 21:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 11:53 - 2014-02-05 11:53 - 00559288 _____ (Safer-Networking Ltd. ) C:\Users\romalap09\Downloads\spybot2-license.exe
2014-02-04 13:28 - 2014-02-04 12:34 - 00001372 _____ () C:\Windows\wininit.ini
2014-02-03 13:05 - 2013-09-09 13:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-03 12:50 - 2009-07-13 19:34 - 00450700 ____R () C:\Windows\system32\Drivers\etc\hosts.20140206-120344.backup
2014-02-03 12:27 - 2014-02-03 12:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-03 12:27 - 2009-12-02 13:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-03 12:24 - 2014-02-03 12:23 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\romalap09\Downloads\spybot-2.2.exe
2014-02-03 11:27 - 2014-02-03 11:27 - 00003112 _____ () C:\Users\romalap09\Documents\aswMBR.txt
2014-02-03 11:27 - 2014-02-03 11:27 - 00000512 _____ () C:\Users\romalap09\Documents\MBR.dat
2014-02-03 11:21 - 2014-02-03 11:21 - 04745728 _____ (AVAST Software) C:\Users\romalap09\Downloads\aswMBR.exe
2014-02-03 11:20 - 2014-02-03 11:20 - 00688992 ____R (Swearware) C:\Users\romalap09\Downloads\dds.scr
2014-02-01 15:38 - 2009-12-03 17:56 - 00002436 _____ () C:\Windows\System32\Tasks\Spybot - Search & Destroy - Scheduled Task
2014-02-01 15:38 - 2009-12-03 17:56 - 00000278 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

Some content of TEMP:
====================
C:\Users\romalap09\AppData\Local\Temp\_is25A2.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-02 08:45

==================== End Of Log ============================

romasf62

2014-03-03, 17:33

here is addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2014
Ran by romalap09 at 2014-03-03 09:20:07
Running from C:\Users\romalap09\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.09 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Aff Packages (HKCU\...\Aff Packages) (Version: - ) <==== ATTENTION
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 3.1.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon PowerShot SX260 HS and SX240 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX260HSandSX240HS) (Version: 1.0.0.9 - Canon Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
DeLorme Topo USA 6 (HKLM-x32\...\{D9741853-B432-4F74-8241-DD0125C0692C}) (Version: 6.10.000 - DeLorme Publishing, Inc.)
DeLorme Topo USA 6.0 DVD Data (HKLM-x32\...\{A9273349-F9D0-4454-8054-8657156BBDAC}) (Version: 6.06.0120 - DeLorme)
DeLorme Topo USA 6.0 PN Merge Modules (HKLM-x32\...\{45DFE7E0-5B85-4E01-986E-6A48420B8FD0}) (Version: 6.10.0000 - DeLorme)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.26.0.202 - Innovative Solutions)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eMusic Download Manager 5.0.1 (HKLM-x32\...\eMusic Download Manager 5.0.1) (Version: - )
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.4 - emusic.com)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 1723] [2007-12-24] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fidelity Active Trader Pro® (HKLM-x32\...\{5BA600BD-E77B-409C-8CDC-47F35517958F}) (Version: 10.1.1175.0 - Fidelity Investments)
FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version: - )
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
Fund Manager (HKLM-x32\...\Fund Manager) (Version: - Beiley Software)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Homespun Instant Access (HKLM-x32\...\{967DD2CE-FEE0-4DF1-893C-7EE79513D397}) (Version: 1.0 - Homespun Tapes)
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
honestech VHS to DVD 5.0 Deluxe (x32 Version: 5.0 - honestech) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
inSSIDer (HKLM-x32\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
iTunes Export (HKLM-x32\...\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1) (Version: 2.2.2 - UNKNOWN)
iTunes Export (x32 Version: 2.2.2 - UNKNOWN) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 13 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{6B25BB26-A1EC-4A23-AB6C-211E57B67777}) (Version: 1.18.21.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Standard Edition (Version: 5.2.6354 - Paramount Software (UK) Ltd.) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MetaStock 11.0 (HKCU\...\MetaStock 11.0) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
MozBackup 1.4.9 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Playlist Creator 3.6.2 (HKLM-x32\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Remind-Me (HKLM-x32\...\Remind-Me) (Version: - Beiley Software)
Sansa Updater (HKCU\...\Sansa Updater) (Version: - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Secunia PSI (2.0.0.1003) (HKLM-x32\...\Secunia PSI) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sins of a Solar Empire - Entrenchment (HKLM-x32\...\Sins of a Solar Empire - Entrenchment) (Version: - Stardock Corporation)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version: - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.00.00 - Stardock Entertainment, Inc.) Hidden
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
TVersitybar Toolbar (HKLM-x32\...\TVersitybar Toolbar) (Version: 6.8.5.1 - TVersitybar)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
USB2.0 VIDBOX NW03 (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.2 - honestech)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wealth-Lab Pro 6.6 (HKLM-x32\...\{F484903A-922E-43CC-B26C-5A49D4F34920}) (Version: 6.6.13 - Fidelity Investments)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Toolbar (HKLM-x32\...\Winamp Toolbar) (Version: - ) <==== ATTENTION
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Restore Points =========================

21-02-2014 18:36:48 Removed Fidelity Active Trader Pro®.
21-02-2014 18:41:46 Removed Fidelity Active Trader Pro®.
21-02-2014 18:53:11 Installed Fidelity Active Trader Pro®.
26-02-2014 18:53:26 Norton 360 Registry Clean

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-02-15 14:47 - 00450770 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {03EEAC71-0D64-4C26-9859-1ADA97FFF165} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe
Task: {04F4FCC2-5A06-4225-8A05-714D6D0BBE4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {1F2718F2-3B29-404E-B891-6147AF4CACFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A906579-003E-4C7D-A2FA-5FF309807DEF} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {2E502C94-2D35-49D2-89C6-8D9FC4615B15} - System32\Tasks\HPCeeScheduleForromalap09 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {3197AEE9-0E5E-48CA-837C-1E4C335E014F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3A4913E6-2138-4C97-9D96-72615CD8B09B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {42F6AC4A-BB64-4BF1-9FB3-B89EAC680E9D} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {4568FB84-2952-473B-9A34-3DBBD5BA84C6} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {4708B40B-33C2-42AB-BBD3-A428D2E65E1C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {49AD4CC3-9EDE-49D7-85D1-0FE4E8AD0E41} - System32\Tasks\incremental 1 => c:\program files\macrium\reflect\Reflect.exe [2013-08-01] (Paramount Software UK Ltd)
Task: {589C9945-737C-4098-ADB5-19C54F4F66FA} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {6080EC16-3F33-4DB2-B7C7-0224F20766C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {63EBF665-4A80-4B15-8DDB-9A90800E39D7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {7B223384-B43A-4483-A7C2-8FE8DDB24C26} - System32\Tasks\Full Backup xml => c:\program files\macrium\reflect\Reflect.exe [2013-08-01] (Paramount Software UK Ltd)
Task: {7BE71306-86FB-493E-A891-1DB985CFE390} - System32\Tasks\incremental 3 => c:\program files\macrium\reflect\Reflect.exe [2013-08-01] (Paramount Software UK Ltd)
Task: {7EBA8912-13D5-4439-94C8-8242AA84783E} - System32\Tasks\incremental 4 => C:\Program Files\Macrium\Reflect\Reflect.exe [2013-08-01] (Paramount Software UK Ltd)
Task: {810064CD-DACF-4E11-8D6A-7A58FC2D73D2} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {95537BFD-C9DD-418B-B0B8-A4FBA6CC6E95} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-410896206-4247487474-552352317-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {994C6F6B-017A-4359-8DE1-0525998A3630} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {A30CBE0D-F84E-44E1-9B2C-413B01C00C3F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-410896206-4247487474-552352317-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B28BAC75-7F62-4547-971F-51A6C321925B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {B30CB237-0597-4434-A326-249E76F07658} - System32\Tasks\{1F364A23-1D4F-4541-952D-1D593E7956D0} => Firefox.exe
Task: {C491FA7A-2163-45D6-AAC9-F2621C7CCC60} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {C7391923-5013-462E-A87E-8E56954DE259} - System32\Tasks\{6486DD28-F077-4425-B40C-84AAA70FCAC6} => C:\Program Files (x86)\StarCraft\StarCraft.exe
Task: {D03B5CA7-830A-40EA-AD28-7B56D05C57F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {D1C25B57-1B29-48DE-9635-9921317EE4B2} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {D4221A80-E3D7-41E3-98B0-D3BBCE54BC3B} - System32\Tasks\AdobeAAMUpdater-1.0-romalap09-PC-romalap09 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {E125A092-A2DA-4E18-B266-828A5EE0BB73} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {E127338C-5FB1-46CE-B619-78C5285532B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {E960846F-84EF-4945-9830-CFE6EE67B264} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {EFAE69F2-610D-4099-8453-238271456368} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {F760E52B-CE40-43F0-A085-AEC4543DC23C} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {F76F4215-A824-4452-8300-E76577B158EF} - System32\Tasks\incremental 2 => C:\Program Files\Macrium\Reflect\Reflect.exe [2013-08-01] (Paramount Software UK Ltd)
Task: {FE4787F8-5D43-4DA7-BF55-346E7B664BAC} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: {FE87BBF3-C401-4F3A-AD0A-063B883DC92F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Full Backup xml.job => c:\program files\macrium\reflect\Reflect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForromalap09.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\incremental 1.job => c:\program files\macrium\reflect\Reflect.exe
Task: C:\Windows\Tasks\incremental 2.job => C:\Program Files\Macrium\Reflect\Reflect.exe
Task: C:\Windows\Tasks\incremental 3.job => c:\program files\macrium\reflect\Reflect.exe
Task: C:\Windows\Tasks\incremental 4.job => C:\Program Files\Macrium\Reflect\Reflect.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-06 14:00 - 2011-12-06 14:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2013-06-28 15:55 - 2013-06-28 15:55 - 00409720 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2009-08-09 01:42 - 2009-01-21 11:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-12-06 14:00 - 2011-12-06 14:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2011-07-29 12:31 - 2011-07-29 12:31 - 01249064 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
2013-11-14 06:28 - 2013-11-14 06:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-01-10 15:11 - 2014-01-10 15:11 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2009-09-04 12:35 - 2009-09-04 12:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-09 13:04 - 2014-02-03 13:05 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2009-07-21 10:34 - 2009-07-21 10:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-16 15:09 - 2009-07-16 15:09 - 00074536 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\iTV\Kernel\Common\MCEMediaStatus64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-03 12:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-03 12:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-03 12:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-03 12:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-03 12:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00347944 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2011-07-13 11:35 - 2011-07-13 11:35 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2011-07-13 11:35 - 2011-07-13 11:35 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-07-13 11:36 - 2011-07-13 11:36 - 00509720 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-10 15:11 - 2014-01-10 15:11 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2010-09-06 02:20 - 2010-09-06 02:20 - 02386368 _____ () C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtCore4.dll
2010-09-06 02:20 - 2011-04-27 07:02 - 08562536 _____ () C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtGui4.dll
2010-09-06 02:24 - 2010-09-06 02:24 - 00125888 _____ () C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
2013-09-09 13:05 - 2013-12-23 16:15 - 00009088 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
2014-02-15 08:28 - 2014-02-15 08:28 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-02-22 08:46 - 2014-02-19 18:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-22 08:46 - 2014-02-19 18:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-22 08:46 - 2014-02-19 18:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-22 08:46 - 2014-02-19 18:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-22 08:46 - 2014-02-19 18:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-22 08:46 - 2014-02-19 18:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-01-02 23:59 - 2014-02-10 10:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^romalap09^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.Startup

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Centrino(R) Wireless-N 1000
Description: Intel(R) Centrino(R) Wireless-N 1000
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 08:36:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6276.0, time stamp: 0x4ba991ab
Faulting module name: stapi64.dll, version: 1.0.6482.0, time stamp: 0x51ad5568
Exception code: 0xc0000005
Fault offset: 0x0000000000052797
Faulting process id: 0x3f8
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3

Error: (03/02/2014 01:52:05 PM) (Source: Application Hang) (User: )
Description: The program SDWelcome.exe version 2.2.21.129 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2094

Start Time: 01cf3638f778b480

Termination Time: 15

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: 735fbad7-a24c-11e3-a251-00269e5f5102

Error: (03/02/2014 01:26:58 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/02/2014 07:58:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.2.25.4, time stamp: 0x525be485
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x69c
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3

Error: (03/02/2014 07:56:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6276.0, time stamp: 0x4ba991ab
Faulting module name: stapi64.dll, version: 1.0.6482.0, time stamp: 0x51ad5568
Exception code: 0xc0000005
Fault offset: 0x0000000000052797
Faulting process id: 0x3e8
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3

Error: (03/01/2014 03:13:50 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/01/2014 03:06:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6276.0, time stamp: 0x4ba991ab
Faulting module name: stapi64.dll, version: 1.0.6482.0, time stamp: 0x51ad5568
Exception code: 0xc0000005
Fault offset: 0x00000000000303fa
Faulting process id: 0x184
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3

Error: (03/01/2014 01:27:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6276.0, time stamp: 0x4ba991ab
Faulting module name: stapi64.dll, version: 1.0.6482.0, time stamp: 0x51ad5568
Exception code: 0xc0000005
Fault offset: 0x00000000000303fa
Faulting process id: 0x70
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3

Error: (02/27/2014 04:56:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: Sins of a Solar Empire Rebellion.exe, version: 1.8.0.0, time stamp: 0x527bddfb
Faulting module name: Sins of a Solar Empire Rebellion.exe, version: 1.8.0.0, time stamp: 0x527bddfb
Exception code: 0xc0000005
Fault offset: 0x0010a998
Faulting process id: 0x6b84
Faulting application start time: 0xSins of a Solar Empire Rebellion.exe0
Faulting application path: Sins of a Solar Empire Rebellion.exe1
Faulting module path: Sins of a Solar Empire Rebellion.exe2
Report Id: Sins of a Solar Empire Rebellion.exe3

Error: (02/27/2014 03:32:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: Sins of a Solar Empire Rebellion.exe, version: 1.8.0.0, time stamp: 0x527bddfb
Faulting module name: Sins of a Solar Empire Rebellion.exe, version: 1.8.0.0, time stamp: 0x527bddfb
Exception code: 0xc0000005
Fault offset: 0x0010a998
Faulting process id: 0x6770
Faulting application start time: 0xSins of a Solar Empire Rebellion.exe0
Faulting application path: Sins of a Solar Empire Rebellion.exe1
Faulting module path: Sins of a Solar Empire Rebellion.exe2
Report Id: Sins of a Solar Empire Rebellion.exe3

System errors:
=============
Error: (03/03/2014 08:44:37 AM) (Source: Service Control Manager) (User: )
Description: The Nalpeiron Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/03/2014 08:44:34 AM) (Source: Service Control Manager) (User: )
Description: The Ast Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/03/2014 08:43:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/03/2014 08:37:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (03/03/2014 08:37:40 AM) (Source: Service Control Manager) (User: )
Description: The Audio Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/03/2014 08:37:11 AM) (Source: Service Control Manager) (User: )
Description: The Util Jump Flip service failed to start due to the following error:
%%2

Error: (03/03/2014 08:37:03 AM) (Source: Service Control Manager) (User: )
Description: The Update Jump Flip service failed to start due to the following error:
%%2

Error: (03/02/2014 07:57:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (03/02/2014 07:57:21 AM) (Source: Service Control Manager) (User: )
Description: The Audio Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/02/2014 07:57:02 AM) (Source: Service Control Manager) (User: )
Description: The Util Jump Flip service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (03/03/2014 08:36:35 AM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6276.04ba991abstapi64.dll1.0.6482.051ad5568c000000500000000000527973f801cf36f653374955C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exeC:\Windows\system32\stapi64.dll9a361fdd-a2e9-11e3-a018-00269e5f5102

Error: (03/02/2014 01:52:05 PM) (Source: Application Hang)(User: )
Description: SDWelcome.exe2.2.21.129209401cf3638f778b48015C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe735fbad7-a24c-11e3-a251-00269e5f5102

Error: (03/02/2014 01:26:58 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/02/2014 07:58:11 AM) (Source: Application Error)(User: )
Description: SDOnAccess.exe2.2.25.4525be485KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f69c01cf3627cd60165bC:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exeC:\Windows\syswow64\KERNELBASE.dll11e49605-a21b-11e3-a251-00269e5f5102

Error: (03/02/2014 07:56:49 AM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6276.04ba991abstapi64.dll1.0.6482.051ad5568c000000500000000000527973e801cf36279a4e0d95C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exeC:\Windows\system32\stapi64.dlle1227281-a21a-11e3-a251-00269e5f5102

Error: (03/01/2014 03:13:50 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/01/2014 03:06:46 PM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6276.04ba991abstapi64.dll1.0.6482.051ad5568c000000500000000000303fa18401cf359a800f9edaC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exeC:\Windows\system32\stapi64.dllc70a8d61-a18d-11e3-a079-00269e5f5102

Error: (03/01/2014 01:27:24 PM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6276.04ba991abstapi64.dll1.0.6482.051ad5568c000000500000000000303fa7001cf358c9d659d8dC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exeC:\Windows\system32\stapi64.dlle551f10b-a17f-11e3-a092-00269e5f5102

Error: (02/27/2014 04:56:53 PM) (Source: Application Error)(User: )
Description: Sins of a Solar Empire Rebellion.exe1.8.0.0527bddfbSins of a Solar Empire Rebellion.exe1.8.0.0527bddfbc00000050010a9986b8401cf340be6d15815F:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exeF:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exed455fb01-a00a-11e3-a34a-00269e5f5102

Error: (02/27/2014 03:32:58 PM) (Source: Application Error)(User: )
Description: Sins of a Solar Empire Rebellion.exe1.8.0.0527bddfbSins of a Solar Empire Rebellion.exe1.8.0.0527bddfbc00000050010a998677001cf3402710c98e8F:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exeF:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe1b2fc30d-9fff-11e3-a34a-00269e5f5102

CodeIntegrity Errors:
===================================
Date: 2014-03-03 09:16:32.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:16:32.190
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:16:17.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:16:16.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:15:27.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:09:27.361
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:02:51.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:02:51.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:02:51.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-03 09:02:51.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\stapo64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 3999.19 MB
Available physical RAM: 1316.61 MB
Total Pagefile: 7996.55 MB
Available Pagefile: 4903.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:684.09 GB) (Free:357 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.35 GB) (Free:3.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (New Volume) (Fixed) (Total:463.56 GB) (Free:284.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 0079A719)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: A1F1A78D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Juliet

2014-03-03, 19:12

Running from C:\Users\romalap09\Downloads
Please find the above, right click and select copy, go to your desktop and right click and select paste.

FRST needs to be located on your desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {30c5991b-d53f-11df-ae36-00247ef24504} - F:\setup.exe -a
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {9046a00f-ee66-11de-a155-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {df630a83-7e5f-11e1-97f7-9dd7db87e9e6} - G:\setup.exe -a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1148396261&ir=
URLSearchHook: HKLM-x32 - TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {37CB09F3-30DC-4418-A156-ACA1564CD1A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {5DAE4744-C444-40E8-B410-466160023E3A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=575BB1D4-3E9D-4F1B-BDA0-09509C925727&apn_sauid=FDA278C3-179E-4C7A-AC5C-8B7055A12B3D
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
FF user.js: detected! => C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\user.js
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\searchplugins-backup
CHR Extension: (MySearchDial) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\ROMALA~1\AppData\Local\Temp\ccex.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
S2 Util Jump Flip; "C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe" [X]
R2 Update Jump Flip
R2 Util Jump Flip
C:\Users\romalap09\AppData\Local\Temp\_is25A2.exe
2013-09-09 13:04 - 2014-02-03 13:05 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

FRST should reboot your machine. If it doesn't reboot, at this time please do so.

~~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.

***********

In your next reply please post:
Fixlog.txt
AdwCleaner[S1].txt
JRT.txt

romasf62

2014-03-04, 17:26

Is it normal that jrt.exe has been running for about 18 hours now?
It says that it is currently checking shortcuts.
Task manager will not start nor is spybot Able to run.
The system icons show that only norton360 is still running and per directions the antivirus is turned off.

Juliet

2014-03-04, 18:17

Somehow I believe it's Nortons interfering,

Did you run the Fixlog.txt and run AdwCleaner?

For now Power off the computer and let it reboot.

Can you post those logs for me?

romasf62

2014-03-04, 21:15

rebooted the computer
start up was noticeably faster
here is fixlog.txt and aswcleaner[s1].txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014
Ran by romalap09 at 2014-03-03 13:45:54 Run:1
Running from C:\Users\romalap09\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {30c5991b-d53f-11df-ae36-00247ef24504} - F:\setup.exe -a
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {9046a00f-ee66-11de-a155-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-410896206-4247487474-552352317-1000\...\MountPoints2: {df630a83-7e5f-11e1-97f7-9dd7db87e9e6} - G:\setup.exe -a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1148396261&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1148396261&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1148396261&ir=
URLSearchHook: HKLM-x32 - TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {37CB09F3-30DC-4418-A156-ACA1564CD1A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {5DAE4744-C444-40E8-B410-466160023E3A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=575BB1D4-3E9D-4F1B-BDA0-09509C925727&apn_sauid=FDA278C3-179E-4C7A-AC5C-8B7055A12B3D
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
FF user.js: detected! => C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\user.js
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\searchplugins-backup
CHR Extension: (MySearchDial) - C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\ROMALA~1\AppData\Local\Temp\ccex.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
S2 Util Jump Flip; "C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe" [X]
R2 Update Jump Flip
R2 Util Jump Flip
C:\Users\romalap09\AppData\Local\Temp\_is25A2.exe
2013-09-09 13:04 - 2014-02-03 13:05 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reboot:
end
*****************

HKU\S-1-5-21-410896206-4247487474-552352317-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
HKU\S-1-5-21-410896206-4247487474-552352317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30c5991b-d53f-11df-ae36-00247ef24504} => Key deleted successfully.
HKCR\CLSID\{30c5991b-d53f-11df-ae36-00247ef24504} => Key not found.
HKU\S-1-5-21-410896206-4247487474-552352317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9046a00f-ee66-11de-a155-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{9046a00f-ee66-11de-a155-806e6f6e6963} => Key not found.
HKU\S-1-5-21-410896206-4247487474-552352317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df630a83-7e5f-11e1-97f7-9dd7db87e9e6} => Key deleted successfully.
HKCR\CLSID\{df630a83-7e5f-11e1-97f7-9dd7db87e9e6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37CB09F3-30DC-4418-A156-ACA1564CD1A2} => Key deleted successfully.
HKCR\CLSID\{37CB09F3-30DC-4418-A156-ACA1564CD1A2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DAE4744-C444-40E8-B410-466160023E3A} => Key deleted successfully.
HKCR\CLSID\{5DAE4744-C444-40E8-B410-466160023E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => Value deleted successfully.
HKCR\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} => Value deleted successfully.
HKCR\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB} => Key not found.
C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\user.js => Moved successfully.
C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
"C:\Users\ROMALA~1\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\ROMALA~1\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Update Jump Flip => Service deleted successfully.
Util Jump Flip => Service deleted successfully.
C:\Users\romalap09\AppData\Local\Temp\_is25A2.exe => Moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

I COULD NOT FIND ADWCLEANER[S1].TXT BUT HERE IS adwclearner[s0].txt

# AdwCleaner v3.020 - Report created 03/03/2014 at 14:00:19
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : romalap09 - ROMALAP09-PC
# Running from : C:\Users\romalap09\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Jump Flip
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\TVersitybar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\romalap09\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\romalap09\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\romalap09\AppData\Local\genienext
Folder Deleted : C:\Users\romalap09\AppData\Local\Mobogenie
Folder Deleted : C:\Users\romalap09\AppData\Local\PackageAware
Folder Deleted : C:\Users\romalap09\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\romalap09\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\romalap09\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\romalap09\AppData\LocalLow\TVersitybar
Folder Deleted : C:\Users\romalap09\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Systweak
Folder Deleted : C:\Users\romalap09\Documents\Mobogenie
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Conduit
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\ConduitCommon
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\StumbleUpon
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\WinampToolbarData
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\CT2790392
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\StumbleUpon
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Folder Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\Extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\Askcom.xml
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\searchplugins\winamp-search.xml
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\searchplugins\winamp-search.xml
File Deleted : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\user.js
File Deleted : C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{082BE60C-DCA8-4924-A450-3AFDF2CFEC4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66BD2442-241B-44CD-8C7A-B51037053CDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66BD2442-241B-44CD-8C7A-B51037053CDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{082BE60C-DCA8-4924-A450-3AFDF2CFEC4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{66BD2442-241B-44CD-8C7A-B51037053CDB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{082BE60C-DCA8-4924-A450-3AFDF2CFEC4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E301B7D-1F6B-46D3-B6D4-88C0E8F75BDF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DBE2A59-2428-4E99-B05F-E27883648062}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{66BD2442-241B-44CD-8C7A-B51037053CDB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{66BD2442-241B-44CD-8C7A-B51037053CDB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\TVersitybar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\TVersitybar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\Software\TVersitybar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVersitybar Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\2c0mlfxo.default\prefs.js ]

Line Deleted : user_pref("CT2548838.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2790392.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0101");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1148396261");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "00269E5F5102194C");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16077");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyD0FyDtCtDtBtCzyyE0CtN0D0Tzu0SyBtAzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.012:24:41");

[ File : C:\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\romalap09\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [17984 octets] - [03/03/2014 13:58:14]
AdwCleaner[S0].txt - [17695 octets] - [03/03/2014 14:00:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17756 octets] ##########

Juliet

2014-03-04, 21:25

That did a very good job of removing infections.

Let's move on.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

romasf62

2014-03-05, 15:44

ran tfc.exe
then ran ESET

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\ldrtbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\prxtbTVe2.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\tbTVer.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TVersitybar\TVersitybarToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hk64tbTVe0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hk64tbTVe2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hktbTVe0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\hktbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\ldrtbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\ldrtbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\LocalLow\TVersitybar\tbTVe2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Roaming\Mozilla\Firefox\Profiles\4f4mbn28.default\Extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\chrome\emusic.jar.vir Win32/Toolbar.Conduit.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\romalap09\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmartShopper12.zip Win32/Bagle.gen.zip worm
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\romalap09\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\romalap09\Downloads\ChromeSetup.exe a variant of Win32/InstallCore.FJ potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe a variant of Win32/DealPly.I potentially unwanted application
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe Win32/Systweak.B potentially unwanted application
F:\emusic_fx_bundle.exe Win32/Toolbar.Conduit.A potentially unwanted application

Juliet

2014-03-05, 17:19

Let's get rid of the bad files, when these items were downloaded it was installed with adware which my have contributed to the computers infections.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe
C:\Users\romalap09\Downloads\ccsetup410.exe
C:\Users\romalap09\Downloads\ChromeSetup.exe
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe
F:\emusic_fx_bundle.exe Win32/Toolbar.
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Give me one more update as to how the computer is running now.

Juliet

2014-03-05, 17:23

Forgot to include this

Just right click on the Spybot – Search & Destroy icon in your system tray beside the Windows clock and navigate to “Basic Tools“ →hit the purge selected button. That should remove the items in SpyBot's quarantine folder.

romasf62

2014-03-05, 18:45

once again thank you for your help to me and all the other people you are helping.

the computer is running faster, more like normal. my first post stated that I could not start one of my programs, that now works.
there are a couple of strange things though

popup box says that SDonAccess.exe crashes, it is not listed in task manager processes, when i use system tray to open Spybot, task manager shows sdonaccess.exe running then it disappears.

in system tray Norton360 icon is listed twice but task manager shows only one process.

there are no items in spybot quarantine to purge

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014
Ran by romalap09 at 2014-03-05 10:11:41 Run:2
Running from C:\Users\romalap09\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe
C:\Users\romalap09\Downloads\ccsetup410.exe
C:\Users\romalap09\Downloads\ChromeSetup.exe
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe
F:\emusic_fx_bundle.exe Win32/Toolbar.
end
*****************

C:\Users\romalap09\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe => Moved successfully.
C:\Users\romalap09\Downloads\ccsetup410.exe => Moved successfully.
C:\Users\romalap09\Downloads\ChromeSetup.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_18_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_21_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_22_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_23_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_24_cnet_dealply.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_25_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\drivermax_7_26_cnet.exe => Moved successfully.
C:\Users\romalap09\Downloads\rcp_dcomnew_util_300.exe => Moved successfully.
"F:\emusic_fx_bundle.exe Win32/Toolbar." => File/Directory not found.

==== End of Fixlog ====

Juliet

2014-03-05, 19:10

popup box says that SDonAccess.exe crashes, it is not listed in task manager processes, when i use system tray to open Spybot, task manager shows sdonaccess.exe running then it disappears.

in system tray Norton360 icon is listed twice but task manager shows only one process.

Spybot - Search & Destroy 2\SDOnAccess.exe <--scheduled tasks

It would be at Spybot start center,checkmark advanced mode,click Settings(say yes to the UAC prompt,if applicable),click the Schedule tab.If task is enabled,then the add button should be greyed out.
May need to remove it, reboot, then go back and enable it.

Norton360 icon is listed twice, try the below.
http://www.sevenforums.com/tutorials/13102-notification-area-icons-reset.html

Ready to close this out?
We have quarantine folders and preventive tips yet to go.?

romasf62

2014-03-05, 20:41

SDonAccess is not in list in spybot/settings/schedule so I rebooted
it still is not listed (MRU scan, Updates, scan and immunization are listed, all with grayed add button)
it is not in the processes list, but i did not get the error 217 popup box on this reboot

the duplicate Norton icons are now one (although I did nothing about it)

Juliet

2014-03-05, 21:23

could be all that was required was a hard reboot.

I think it's time to remove quarantine folders and post preventive tips?

Any other malware problems that you know of?

romasf62

2014-03-05, 22:24

no obvious problems

lets get move on

Juliet

2014-03-05, 22:49

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run

Any other tools used and their files/folders can simply be deleted.

~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.

Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null))

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)

Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

Juliet

2014-03-06, 02:51

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.