Solved Spybot Search & Destroy cannot remove detected malware

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
Have attached a pdf of the error message I get on Spybot that it cannot remove these upon cliking fix and after rebooting. I tried to save the entire scan file shown, but cannot find the command to do so.
 

Attachments

  • AdwCleaner[R3].txt
    1.4 KB · Views: 64
  • Addition.txt
    46.1 KB · Views: 59
  • FRST.txt
    49.6 KB · Views: 149
  • aswMBR.txt
    585 bytes · Views: 39
  • spybotprintscreen.pdf
    395.5 KB · Views: 61

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Helllo,

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.






Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
Hello,

Prior to downloading the Malwarebytes AnitRootkit. when I had booted the laptop, there was the spinning donut. So I did a system restore to Dec. 1 and then downloaded Malwarebytes and ran the scan as you requested.

Here are the 2 txt logs that you requested.
 

Attachments

  • mbar-log-2014-12-11 (08-12-03).txt
    2.1 KB · Views: 35
  • system-log.txt
    27.2 KB · Views: 45

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 01
Ran by SmartMoneyStrategies at 2014-12-11 11:22:56
Running from C:\Users\SmartMoneyStrategies\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by SmartMoneyStrategies (administrator) on SMARTMONEYSTRAT on 11-12-2014 11:21:59
Running from C:\Users\SmartMoneyStrategies\Desktop
Loaded Profile: SmartMoneyStrategies (Available profiles: SmartMoneyStrategies)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Abine Inc.) C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\ActiveTracker\rn5.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\Caller ID\Caller ID.exe
() C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\nexdef.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2584864 2013-07-06] (FSPro Labs)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [AbineAutoUpdate] => C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe [127352 2014-07-22] (Abine Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-13] (Google Inc.)
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Run: [rn5.exe] => C:\Program Files (x86)\ActiveTracker\rn5.exe [3065776 2013-02-27] ()
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\RunOnce: [Adobe Speed Launcher] => 1418314795
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (No File)
Startup: C:\Users\SmartMoneyStrategies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
ShortcutTarget: Caller ID.lnk -> C:\Program Files (x86)\Caller ID\Caller ID.exe ()
Startup: C:\Users\SmartMoneyStrategies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk
ShortcutTarget: Comcast Universal Caller ID.lnk -> C:\Program Files (x86)\Comcast Universal Caller ID\Comcast Universal Caller ID.exe (No File)
Startup: C:\Users\SmartMoneyStrategies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\nexdef.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3824992045-3126350346-3511581396-1001] => localhost:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {00F66D1F-CB8F-4697-B8A6-0D044C10891A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {CC9C1F90-27EA-4690-95B0-DA9ADC541227} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {D603DB46-AC59-46AE-92B6-4E207A39EEF0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {EB5DAC6F-6316-47E8-9B15-4AFC50AEA822} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {00F66D1F-CB8F-4697-B8A6-0D044C10891A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com...13025736&tb_oid=03-04-2012&tb_mrud=03-04-2012
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {CC9C1F90-27EA-4690-95B0-DA9ADC541227} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {D603DB46-AC59-46AE-92B6-4E207A39EEF0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {EB5DAC6F-6316-47E8-9B15-4AFC50AEA822} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {00F66D1F-CB8F-4697-B8A6-0D044C10891A} URL =
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {07550832-9707-4820-836E-A5717082572F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933&SSPV=IEOB05
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/we...&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&iwk=252&lng=en
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {CC9C1F90-27EA-4690-95B0-DA9ADC541227} URL =
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {D603DB46-AC59-46AE-92B6-4E207A39EEF0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> {EB5DAC6F-6316-47E8-9B15-4AFC50AEA822} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: DoNotTrackMe BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files (x86)\DoNotTrackMe\3.2.1166\AbineBHO64.dll (Abine Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: CRnPluginSite Object -> {0050A87F-CF26-41AE-9C0A-C32307C941CB} -> C:\Program Files (x86)\ActiveTracker\plugins\internetexplorer\wegie\wegie.dll (ReadNotify.com)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.416.5\NativeBHO.dll (WhiteSky)
BHO-x32: DoNotTrackMe BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files (x86)\DoNotTrackMe\3.2.1166\AbineBHO.dll (Abine Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
Toolbar: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://beachcam.resortscasinohotel.com/JpegInst.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\SmartMoneyStrategies\AppData\Roaming\Mozilla\Firefox\Profiles\j58jwzsa.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824992045-3126350346-3511581396-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKU\S-1-5-21-3824992045-3126350346-3511581396-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: FreeWorkz - C:\Users\SmartMoneyStrategies\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2012-05-23]
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\SmartMoneyStrategies\AppData\Roaming\Mozilla\Firefox\Profiles\j58jwzsa.default\Extensions\idvaultaddon@whitesky [2014-06-08]
FF Extension: No Name - C:\Users\SmartMoneyStrategies\AppData\Roaming\Mozilla\Firefox\Profiles\j58jwzsa.default\Extensions\temp [2014-06-08]
FF Extension: Exif Viewer - C:\Users\SmartMoneyStrategies\AppData\Roaming\Mozilla\Firefox\Profiles\j58jwzsa.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-09-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-11]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2012-11-07]
CHR Extension: (Norton Identity Safe) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-20]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-23]
CHR Extension: (Refresh Monkey) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2014-10-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-04-04]
CHR Extension: (Google Wallet) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Readnotify.com Web Plugin) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofmhkiliplhcecdhmfndhjbppbmoegk [2012-10-27]
CHR Extension: (Page Monitor) - C:\Users\SmartMoneyStrategies\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-10-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\SMARTM~1\AppData\Local\funmoods.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S4 ISW; C:\Program Files (x86)\Transamerica\TransQuote\TransQuote.exe [109056 2011-09-28] (Transamerica) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [X]
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001_3a9\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-10] (Symantec Corporation)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141210.001_432\IDSvia64.sys [637656 2014-12-10] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141210.021\ENG64.SYS [129752 2014-12-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141210.021\EX64.SYS [2137304 2014-12-10] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2014-08-22] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 ALSysIO; \??\C:\Users\SMARTM~1\AppData\Local\Temp\ALSysIO64.sys [X]
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 11:20 - 2014-12-11 11:20 - 02119680 _____ (Farbar) C:\Users\SmartMoneyStrategies\Desktop\frst64.exe
2014-12-11 08:11 - 2014-12-11 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-11 08:09 - 2014-12-11 10:17 - 00000000 ____D () C:\Users\SmartMoneyStrategies\Desktop\mbar
2014-12-11 08:08 - 2014-12-11 08:08 - 16448208 _____ (Malwarebytes Corp.) C:\Users\SmartMoneyStrategies\Desktop\mbar-1.08.2.1001.exe
2014-12-10 20:58 - 2014-12-10 20:58 - 00000585 _____ () C:\Users\SmartMoneyStrategies\Desktop\aswMBR.txt
2014-12-10 20:54 - 2014-12-11 11:22 - 00033890 _____ () C:\Users\SmartMoneyStrategies\Desktop\FRST.txt
2014-12-10 20:53 - 2014-12-10 20:54 - 00047233 _____ () C:\Users\SmartMoneyStrategies\Desktop\Addition.txt
2014-12-10 20:50 - 2014-12-11 11:22 - 00000000 ____D () C:\FRST
2014-12-10 20:47 - 2014-12-10 20:47 - 00001446 _____ () C:\Users\SmartMoneyStrategies\Desktop\AdwCleaner[R3].txt
2014-12-10 19:21 - 2014-12-10 20:45 - 00000000 ____D () C:\AdwCleaner
2014-12-10 16:38 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 16:38 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 16:38 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-06 14:51 - 2014-12-11 10:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-06 14:51 - 2014-12-10 16:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-30 18:33 - 2014-11-30 18:33 - 00275088 _____ () C:\Windows\Minidump\113014-35849-01.dmp
2014-11-23 12:49 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-23 12:49 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-23 12:49 - 2014-10-25 19:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-23 12:49 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-23 12:49 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-23 12:49 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-23 12:49 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-23 12:49 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-23 12:49 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-23 12:49 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-23 12:49 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-23 12:49 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled(44).dll
2014-11-23 12:49 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-23 12:49 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32(42).dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy(43).dll
2014-11-23 12:49 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-23 12:49 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-23 12:49 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-23 12:49 - 2014-10-25 17:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-23 12:49 - 2014-10-25 17:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-23 12:43 - 2014-11-23 12:43 - 00000135 _____ () C:\Windows\SysWOW64\debug.log
2014-11-23 12:25 - 2014-12-11 08:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-23 12:25 - 2014-11-23 12:25 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-23 11:52 - 2014-11-23 11:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-23 11:52 - 2014-11-23 11:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-23 11:52 - 2014-11-23 11:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-22 17:38 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-22 17:38 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-22 17:38 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-22 17:38 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-22 17:38 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-22 17:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-22 17:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-22 17:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-22 17:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-22 17:37 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-22 17:37 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-22 17:37 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-22 17:37 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-22 17:37 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-22 17:37 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-22 17:37 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-22 17:37 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-22 17:37 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-22 17:37 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-22 17:37 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-22 17:37 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-22 17:37 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-22 17:37 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-22 17:37 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-22 17:37 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-22 17:37 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-22 17:37 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-22 17:37 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-22 17:37 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-22 17:36 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-22 17:36 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-22 17:36 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-22 17:36 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-22 17:36 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-18 21:34 - 2014-11-22 19:23 - 00000000 ____D () C:\Users\SmartMoneyStrategies\Desktop\Autoruns
2014-11-18 21:33 - 2014-11-18 21:33 - 00511633 _____ () C:\Users\SmartMoneyStrategies\Desktop\Autoruns.zip
2014-11-15 15:45 - 2014-11-22 19:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 11:20 - 2012-02-26 16:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 11:18 - 2014-06-11 14:19 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3824992045-3126350346-3511581396-1001.job
2014-12-11 11:18 - 2012-03-30 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 10:26 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 10:26 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 10:25 - 2010-09-16 02:56 - 01620338 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 10:19 - 2014-08-02 15:10 - 00000000 ____D () C:\Program Files (x86)\DoNotTrackMe
2014-12-11 10:19 - 2012-12-13 17:15 - 00000444 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-12-11 10:19 - 2012-02-26 16:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 10:19 - 2012-01-02 19:28 - 00000000 _____ () C:\Windows\rntest.txt
2014-12-11 10:19 - 2011-08-29 18:54 - 00000000 ____D () C:\Users\SmartMoneyStrategies\AppData\Local\CrashDumps
2014-12-11 10:18 - 2010-09-16 03:03 - 00936640 _____ () C:\Windows\PFRO.log
2014-12-11 10:18 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 10:18 - 2009-07-13 22:51 - 00135185 _____ () C:\Windows\setupact.log
2014-12-11 10:02 - 2014-08-22 13:53 - 00000000 ____D () C:\ProgramData\NCH Software
2014-12-11 10:02 - 2014-08-22 13:50 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-12-11 10:02 - 2014-06-19 14:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 10:02 - 2014-06-09 07:34 - 00000000 ____D () C:\ProgramData\Norton
2014-12-11 10:02 - 2014-02-17 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
2014-12-11 10:02 - 2014-02-17 20:38 - 00000000 ____D () C:\Program Files (x86)\Lightspark 0.5.3-git
2014-12-11 10:02 - 2013-02-04 19:31 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-12-11 10:02 - 2012-11-09 15:58 - 00000000 ____D () C:\Users\SmartMoneyStrategies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
2014-12-11 10:02 - 2012-11-09 15:58 - 00000000 ____D () C:\Program Files (x86)\VideoPerformer
2014-12-11 10:02 - 2012-05-12 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-11 10:02 - 2012-05-12 09:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-11 10:02 - 2012-05-12 09:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-11 10:02 - 2012-01-17 16:45 - 00000000 ___HD () C:\ProgramData\~0
2014-12-11 10:02 - 2012-01-02 19:27 - 00000000 ____D () C:\ProgramData\ActiveTracker
2014-12-11 10:02 - 2011-11-18 16:05 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-11 10:02 - 2011-10-30 15:01 - 00000000 ____D () C:\ProgramData\Real
2014-12-11 10:02 - 2011-09-06 19:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-11 10:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 10:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-11 10:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-12-11 08:55 - 2012-12-20 21:53 - 00000000 ____D () C:\Users\SmartMoneyStrategies\AppData\Local\Facebook
2014-12-11 08:55 - 2012-01-16 20:07 - 00000988 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001UA.job
2014-12-11 08:55 - 2012-01-16 20:07 - 00000966 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001Core.job
2014-12-11 08:52 - 2012-03-30 15:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 08:52 - 2012-03-30 15:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 08:52 - 2011-08-26 16:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 08:11 - 2014-06-19 14:47 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 08:10 - 2014-06-19 14:47 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 08:04 - 2011-08-26 14:17 - 00000000 ____D () C:\Users\SmartMoneyStrategies
2014-12-09 17:50 - 2013-08-14 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-02 18:35 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-30 18:33 - 2011-09-06 19:28 - 853762830 _____ () C:\Windows\MEMORY.DMP
2014-11-29 20:52 - 2011-10-02 10:11 - 00003276 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSmartMoneyStrategies
2014-11-29 20:52 - 2011-10-02 10:11 - 00000392 _____ () C:\Windows\Tasks\HPCeeScheduleForSmartMoneyStrategies.job
2014-11-26 22:11 - 2014-06-11 14:19 - 00003642 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3824992045-3126350346-3511581396-1001
2014-11-23 16:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-23 12:43 - 2011-08-26 14:24 - 00000000 ____D () C:\Users\SmartMoneyStrategies\AppData\Roaming\Adobe
2014-11-23 12:26 - 2014-08-25 20:19 - 00000000 ____D () C:\Users\SmartMoneyStrategies\AppData\Local\Adobe
2014-11-23 12:24 - 2010-07-20 01:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-23 11:52 - 2013-10-08 17:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 11:52 - 2013-10-08 17:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 11:50 - 2014-01-11 13:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-23 11:38 - 2009-07-13 22:45 - 00340768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-22 22:03 - 2011-08-26 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-22 22:00 - 2009-07-13 23:13 - 00793204 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 21:53 - 2011-08-26 16:22 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-22 19:10 - 2014-06-19 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-22 19:10 - 2012-06-14 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-22 19:07 - 2010-07-20 01:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-22 17:15 - 2012-02-26 16:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-22 17:15 - 2012-02-26 16:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:37 - 2014-10-30 15:48 - 00000000 ____D () C:\Users\SmartMoneyStrategies\Documents\My Kindle Content
Some content of TEMP:
====================
C:\Users\SmartMoneyStrategies\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-05 22:33
==================== End Of Log ============================

AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveTracker (HKLM-x32\...\ActiveTracker 131105) (Version: 131105 - Name of your company)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Aegis Desktop (HKLM-x32\...\Aegis Desktop) (Version: 7.8.0.5 - WELIS, LLC)
Aegis Desktop (x32 Version: 7.8.0.5 - WELIS, LLC) Hidden
Allianz ForeSight Console 5.1.11.12 (HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\e198fe59e6db0240) (Version: 5.1.11.12 - ForeSight Console 5)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.)
Canon MF8300C Series (HKLM\...\{DB3D2C81-EF11-4b1f-9B55-3959AEE09E55}) (Version: 3.9.0.0 - CANON INC.)
ccc-core-static (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Century II MTL Illustrator (HKLM-x32\...\{4000D573-1E11-4F16-9FA8-5C6E0903DAA2}) (Version: 4.57.2 - MTL Insurance Company)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopMirror for Google and ACT! 5.0 (HKLM-x32\...\DesktopMirror for Google and ACT!_is1) (Version: - LivePIM Software Inc.)
DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DoNotTrackMe Add-on 3.2.1166 (HKLM-x32\...\DoNotTrackMe Add-on_is1) (Version: 3.2.1166 - Abine Inc)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{7D4318AC-9560-46F0-910F-0B38D6CDC009}) (Version: 1.1.2.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{1F6B7CB0-66D8-4B31-BF1F-D2318E58080E}) (Version: 5.10.175 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
IC Solutions (HKLM-x32\...\{C113D27D-CE95-4450-BDAA-A8547A73CC51}) (Version: 13.4 - National Life Insurance Company)
ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
IDroo 1.0.0.186 (HKLM-x32\...\IDroo) (Version: 1.0.0.186 - Iteral Group OÜ)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-3824992045-3126350346-3511581396-1001\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Lafayette Life Insurance Company (HKLM-x32\...\Lafayette Life Insurance Company) (Version: - )
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Midland LifeSolutions (HKLM-x32\...\{DF01BC74-74F6-4A54-B4C8-050341F039EC}) (Version: 17.2 - Midland National)
Midland LifeSolutions (x32 Version: 17.2 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 17.3 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 17.4 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 17.4.1 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 18.1 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 18.2 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 18.3 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 18.5 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 18.6 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 19.3 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 19.5 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 20.0 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 20.2 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 21.1.1 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 21.2 - Midland National) Hidden
Midland LifeSolutions (x32 Version: 22.0 - Midland National) Hidden
MoneyTrax Inc. Circle of Wealth® System (HKLM-x32\...\Circle of Wealth® System) (Version: ver. 2013.1.0.0 - MoneyTrax Inc.)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mutual of Omaha - Health (HKLM-x32\...\Mutual of Omaha - Health_is1) (Version: - Ebix Exchange, INC)
My Lockbox 2.9.9 (HKLM\...\My Lockbox_is1) (Version: 2.9.9 - )
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version: - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PDFLIB (HKLM-x32\...\PDFLIB) (Version: - )
PDFlib 4.0.1 (HKLM-x32\...\{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penn Mutual Illustrator 11.1 (HKLM-x32\...\{9F5E5B90-E6A1-4427-AEBC-87B79133D316}) (Version: 11.1.0 - Penn Mutual Life Insurance)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Presto! PageManager 7.15.36 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.36 - NewSoft Technology Corporation)
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quote It! (HKLM-x32\...\Quote It!_is1) (Version: - Genworth Financial Inc.)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 2.40 - Philipp Winterberg)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Security Mutual Illustrator (HKLM-x32\...\{99AF5B5F-5A55-49CE-B080-A2E60E289B4E}) (Version: 17.09.2011 - Security Mutual Life Insurance Company of New York)
Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
TaxACT 2012 - 1040 Edition (HKLM-x32\...\TaxACT 2012 - 1040 Edition) (Version: - 2nd Story Software, Inc.)
TaxACT 2012 Illinois (HKLM-x32\...\TaxACT 2012 Illinois) (Version: - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM-x32\...\TaxACT 2013 - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Illinois (HKLM-x32\...\TaxACT 2013 Illinois) (Version: - TaxACT, Inc.)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.061 - The New York Times Company)
Times Reader (x32 Version: 2.061 - The New York Times Company) Hidden
TransQuote (HKLM-x32\...\TransQuote) (Version: 10.01.20.00 - Transamerica)
TransQuote (x32 Version: 11.09.29.00 - Transamerica) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
VideoPerformer (HKLM-x32\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION
VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinFlex 6 (HKLM-x32\...\WinFlex 6_is1) (Version: 6.103.0.21 - Ebix Exchange, INC)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XFINITY Caller ID (HKLM-x32\...\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: 3.1.38 - Comcast Cable Communications Management LLC)
XFINITY Caller ID (x32 Version: 3.1.38 - Comcast Cable Communications Management LLC) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3824992045-3126350346-3511581396-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
24-11-2014 04:03:00 Windows Update
02-12-2014 01:27:03 Scheduled Checkpoint
09-12-2014 23:27:10 Restore Operation
09-12-2014 23:39:33 Windows Update
11-12-2014 03:32:33 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-01-18 06:14 - 00450700 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01905C9D-79C0-48B2-A6CD-D8F95543123C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {059056F8-F986-43E7-84AA-2DC0EEA3B04B} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {071BA60D-089B-44FC-B214-6F4A9433D1B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {1856D3CF-B589-42EA-917D-FED696E8EEC8} - System32\Tasks\{D61F72AE-A711-450B-8F7D-8BCED0AA9191} => C:\pmillus.exe [2011-08-27] (Penn Mutual Life Insurance )
Task: {271F4369-7E95-4305-9E53-0B4431FD54A3} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {2B0029AD-B694-4194-ABB3-4C5D61CB4FA4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3824992045-3126350346-3511581396-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {446D151E-7E0A-4E13-A56F-650E07B4F0B5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001UA => C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)
Task: {58076638-2A22-4550-BD64-8312B9065876} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001Core => C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-21] (Facebook Inc.)
Task: {63AB0163-FB3E-4265-9FB3-242B6F5AB9F4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-24] (CyberLink)
Task: {6BC3E8D0-1951-467B-883D-E50C7216DCEC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {759D236F-9DB2-4A9D-9E1E-2110776BA959} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
Task: {7F10C907-BBFA-4A1E-816A-968C50883873} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {87A4C5E3-F081-497B-AD64-22953C6D2746} - System32\Tasks\Core Temp Autostart SmartMoneyStrategies => C:\Program Files\Core Temp\Core Temp.exe [2011-09-01] ()
Task: {8D7C1BD0-8D5C-43CC-AF67-527EBB14A150} - System32\Tasks\G2MUpdateTask-S-1-5-21-3824992045-3126350346-3511581396-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-11-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {94F4C7A5-F74F-4AE0-9813-89842BE94ADE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3824992045-3126350346-3511581396-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {C4FE2EF8-07CD-4BC5-90C9-3A7229D944A4} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
Task: {C8B3F0AF-99F6-4577-98E0-7DB94D5EC3BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {D99178FF-3844-455D-891C-E56F553E867E} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E20A8E3D-8D56-4A40-82E8-905D1D7F7324} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
Task: {F08002E3-A54A-45EB-A9B2-3D317E37849D} - System32\Tasks\HPCeeScheduleForSmartMoneyStrategies => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F68E5B13-7375-4818-8A1E-506EDE0A7846} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001Core.job => C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824992045-3126350346-3511581396-1001UA.job => C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3824992045-3126350346-3511581396-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSmartMoneyStrategies.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-01-20 17:20 - 2010-01-20 17:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-04-13 16:39 - 2006-09-20 07:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2010-06-29 20:00 - 2010-06-29 20:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2013-12-28 13:49 - 2013-02-27 00:59 - 03065776 _____ () C:\Program Files (x86)\ActiveTracker\rn5.exe
2012-05-09 17:08 - 2012-05-09 17:08 - 00074752 _____ () C:\Program Files (x86)\Caller ID\Caller ID.exe
2011-08-11 09:27 - 2011-08-11 09:27 - 15490560 _____ () C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\nexdef.exe
2013-04-13 16:39 - 2006-10-30 15:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2010-09-09 14:50 - 2010-09-09 14:50 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 13:11 - 2010-09-09 13:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 17:26 - 2010-06-18 17:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-18 14:12 - 2010-06-30 13:03 - 00051512 _____ () C:\Program Files\My Lockbox\fspflt.dll
2010-06-16 13:48 - 2010-06-16 13:48 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-06-16 13:48 - 2010-06-16 13:48 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-06-16 13:48 - 2010-06-16 13:48 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00024671 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\6a08173d0718dbb0783fee513cba195c\IO.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00024690 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\d138a21b4de1d36065da80913effcc49\HiRes.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00024673 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00032885 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00082021 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00028760 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00024664 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00094306 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00028791 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\bca525f1057a3c6464fa7a890a532d26\Util.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00036971 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00032867 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00028809 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00036942 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00155779 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\845fe33881b76aefd22e65412b5f7ef2\Registry.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00061553 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00020584 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00098431 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\106e9d8fe455779e07dcc5d37d541192\Zlib.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00032878 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\5c47212e5a0fae36b466c5247fa8d97e\API.dll
2014-12-11 10:19 - 2014-12-11 10:19 - 00090222 ____R () C:\Users\SmartMoneyStrategies\AppData\Local\Temp\pdk-SmartMoneyStrategies-476\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll
2011-08-11 09:27 - 2011-08-11 09:27 - 00020480 _____ () C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2011-08-11 09:27 - 2011-08-11 09:27 - 00069632 _____ () C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\rt\bin\java.dll
2011-08-11 09:27 - 2011-08-11 09:27 - 00126976 _____ () C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\rt\bin\zip.dll
2011-08-11 09:27 - 2011-08-11 09:27 - 00159744 _____ () C:\Users\SmartMoneyStrategies\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2013-02-04 19:31 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 19:58 - 2010-02-09 19:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-06-11 05:51 - 2014-06-11 05:51 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 05:51 - 2014-06-11 05:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 05:51 - 2014-06-11 05:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AIM for Windows => "C:\Users\SmartMoneyStrategies\AppData\Local\AOL\AIM\aim.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\SmartMoneyStrategies\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
========================= Accounts: ==========================
Administrator (S-1-5-21-3824992045-3126350346-3511581396-500 - Administrator - Disabled)
Guest (S-1-5-21-3824992045-3126350346-3511581396-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3824992045-3126350346-3511581396-1002 - Limited - Enabled)
SmartMoneyStrategies (S-1-5-21-3824992045-3126350346-3511581396-1001 - Administrator - Enabled) => C:\Users\SmartMoneyStrategies
==================== Faulty Device Manager Devices =============
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2014 11:18:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2848890
Error: (12/11/2014 11:18:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2848890
Error: (12/11/2014 11:18:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/11/2014 10:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff94d
Faulting module name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff94d
Exception code: 0xc0000005
Fault offset: 0x000000000002dbc6
Faulting process id: 0x894
Faulting application start time: 0xCore Temp.exe0
Faulting application path: Core Temp.exe1
Faulting module path: Core Temp.exe2
Report Id: Core Temp.exe3
Error: (12/10/2014 04:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff94d
Faulting module name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff94d
Exception code: 0xc0000005
Fault offset: 0x000000000002dbc6
Faulting process id: 0x5a4
Faulting application start time: 0xCore Temp.exe0
Faulting application path: Core Temp.exe1
Faulting module path: Core Temp.exe2
Report Id: Core Temp.exe3
Error: (12/09/2014 06:54:25 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (12/09/2014 05:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000264
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x8c0
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3
Error: (12/08/2014 08:31:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2894
Start Time: 01d0134b6539eb21
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (12/08/2014 06:28:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1686870
Error: (12/08/2014 06:28:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1686870

System errors:
=============
Error: (12/11/2014 11:21:21 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{711245CD-18C2-443B-A0BB-719A0DEE65F4}.
The backup browser is stopping.
Error: (12/11/2014 10:20:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (12/11/2014 10:19:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Online Backup service failed to start due to the following error:
%%2
Error: (12/11/2014 10:19:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CGPS Service service failed to start due to the following error:
%%2
Error: (12/11/2014 10:17:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (12/11/2014 08:09:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB3013126).
Error: (12/11/2014 08:09:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3003057).
Error: (12/11/2014 08:09:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3008923).
Error: (12/11/2014 08:05:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (12/11/2014 08:04:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 41%
Total physical RAM: 6077.86 MB
Available physical RAM: 3527.24 MB
Total Pagefile: 12153.9 MB
Available Pagefile: 8990.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:443.56 GB) (Free:354.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:456.37 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:21.91 GB) (Free:3.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2FBFE761)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8F773DF0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
Ok, here are the FRST scans as requested.
 

Attachments

  • Addition.txt
    45.6 KB · Views: 73
  • FRST.txt
    53.4 KB · Views: 40

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    4.6 KB · Views: 53

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
I won't know until I rerun Spybot Search & Destroy as that is where I was having the issue of it trying to remove the files it said it cleaned. Do you want me to rurun that now?
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Uninstall Spybot Search & Destroy, It's crap program.
He could not remove ordinary adware.


51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
I am attached Malwarebytes antimalware scan logs from today as well as one I did yesterday. Yesterday I had not check the rootkits tab. This scan was done prior to contacting MalwareTips.
 

Attachments

  • Malwarebytesantimalware.txt
    1.7 KB · Views: 489
  • Malwarebytesantimalware12102014.txt
    1.6 KB · Views: 39

FredricJLowe

New Member
Thread author
Verified
Nov 11, 2014
43
I believe I did delete them yesterday. Anything else we need to do or do you feel the computer is rid of them?
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
That the system is clean don't worry.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top