Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Won't Let Me Start 'System Restore' or Play Any Video Files


  • This topic is locked This topic is locked
29 replies to this topic

#1 srcstcbstrd

srcstcbstrd

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 02 August 2014 - 07:17 AM

Hi,

I've caught a nasty virus that is a pain in the arse. I can't open any video files no matter which player I use (MPC, VLC, WMP, etc) - the players automatically shut down and when I try and watch a video through my browser, it immediately kicks me out of Firefox. When I try and do a 'System Restore', it shows that it is off but when I try and start it, it won't allow me to.

I've tried numerous anti-spyware/malware programs both in normal mode and safe mode and they haven't found anything. I've tried the Trinity Boot Kit and Alvira Rescue Disk to no avail. I've been trying everything I could think of to try and solve this myself but have come to the realization that I need some help. So here are my DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.45.2
Run by srcstcbstrd at 7:51:54 on 2014-08-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5566 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\SysWOW64\UTSCSI.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Astrill\ASProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - LocalServer32 - <no file>
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
uRun: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe                                                                                                                                                                                             
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"                                                                                                                                                                                                      
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"                                                                                                                                                                                                         
mRun: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master - <no file>
IE: Çàêà÷àòü ïðè ïîìîùè Download Master - <no file>
IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{51B7010A-FA6A-4A4C-BD32-8B364E4E1485} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78705D59-9C0F-4550-9FA7-DB782BCBF8C2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C}\4594D435D234F4D40555455425F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cardisabled - <Clsid value has no data>
Handler: javascript - <Clsid value has no data>
Handler: mailto - <Clsid value has no data>
Handler: res - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://www.google.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Mediafour XPlay Explorer notifications: {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cardisabled - <Clsid value has no data>
x64-Handler: javascript - <Clsid value has no data>
x64-Handler: mailto - <Clsid value has no data>
x64-Handler: res - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 39594152;39594152 Boot Guard Driver;C:\Windows\System32\drivers\39594152.sys [2011-4-26 40464]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-5 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-5 42664]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-7-27 17600]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-7-7 116000]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2009-7-29 346216]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-7-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-7-11 1148120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-7-7 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-7-7 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-7-7 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-7-7 117024]
R1 39594151;39594151;C:\Windows\System32\drivers\39594151.sys [2011-4-26 157712]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-22 1530160]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2011-7-17 190432]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-23 168096]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-7-11 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-7-27 20160]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140731.001\IDSviA64.sys [2014-7-31 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;C:\Windows\System32\drivers\3959415.sys [2011-4-26 352784]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-7-11 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-7-11 593112]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-7-7 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 237056]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-9-9 337872]
R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-9-7 544768]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-5-15 443224]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-19 127752]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 M4iPodWPDService;M4iPodWPDService;C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-23 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-7-11 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2014-7-13 792608]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-18 224840]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-7-7 367200]
R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-7-7 2121752]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-7-7 31744]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-5 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-7-26 142128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25816]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-5 38456]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-26 860472]
S3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-4-27 1101600]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-16 46136]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-7-7 434016]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-3-9 35840]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2014-7-13 1147424]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-9 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-26 63704]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2014-7-13 1160224]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-8 1255736]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-1-13 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-13 128512]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-26 1809720]
.
=============== Created Last 30 ================
.
2014-08-02 03:07:48    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-30 08:09:45    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-30 08:09:45    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-29 23:36:59    92784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2014-07-27 17:28:12    --------    d-----w-    C:\Program Files (x86)\stinger
2014-07-27 15:28:11    17600    ----a-w-    C:\Windows\System32\drivers\BootDefragDriver.sys
2014-07-27 15:28:11    118048    ----a-w-    C:\Windows\System32\BootDefrag.exe
2014-07-27 14:18:39    28960    ----a-w-    C:\Windows\System32\RegBootDefrag.exe
2014-07-27 13:42:03    20160    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-07-27 13:41:56    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-07-26 21:20:41    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-26 21:20:26    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-26 21:20:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-26 21:20:26    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 08:51:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-25 01:37:34    --------    d-----w-    C:\Users\srcstcbstrd\Doctor Web
2014-07-25 01:36:10    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-25 01:36:10    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-25 01:36:10    --------    d-----w-    C:\ProgramData\MFAData
2014-07-23 11:02:18    180136    ----a-w-    C:\Windows\System32\drivers\idmwfp.sys
2014-07-13 17:18:25    880640    ----a-w-    C:\Windows\SysWow64\UniBox10.ocx
2014-07-13 17:18:25    40992    ----a-w-    C:\Windows\System32\CleanMFT64.exe
2014-07-13 17:18:25    212992    ----a-w-    C:\Windows\SysWow64\UniBoxVB12.ocx
2014-07-13 17:18:25    1101824    ----a-w-    C:\Windows\SysWow64\UniBox210.ocx
2014-07-13 17:18:24    512544    ----a-w-    C:\Windows\SysWow64\msxml.dll
2014-07-12 11:33:52    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 15:12:29    --------    d-----w-    C:\ProgramData\HitmanPro
2014-07-11 14:48:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2014-07-11 14:32:36    875736    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys
2014-07-11 14:32:36    593112    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys
2014-07-11 14:32:36    493656    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys
2014-07-11 14:32:36    36952    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys
2014-07-11 14:32:36    264280    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys
2014-07-11 14:32:36    23568    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys
2014-07-11 14:32:36    162392    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys
2014-07-11 14:32:36    1148120    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys
2014-07-11 14:16:15    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-07-11 14:15:38    --------    d-----w-    C:\Program Files (x86)\Norton Internet Security
2014-07-11 14:15:19    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-07-11 13:50:43    --------    d-----w-    C:\found.000
2014-07-10 15:33:39    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1504000.00D
2014-07-10 15:12:42    --------    d-----w-    C:\NPE
2014-07-10 14:22:13    --------    d-----w-    C:\Windows\System32\drivers\NISx64
2014-07-10 14:04:12    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-10 11:52:13    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-07-10 11:52:13    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-07-10 02:13:10    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-07-10 02:13:10    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-07-10 02:13:04    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 02:13:04    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 02:13:04    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 02:10:49    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-10 02:10:48    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-10 02:10:48    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-07-10 00:36:03    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Roaming\PictureMover
2014-07-10 00:25:59    4179264    ----a-w-    C:\Windows\System32\AutoPartNt.exe
2014-07-09 20:56:54    --------    d-----w-    C:\Program Files (x86)\Auslogics
2014-07-08 15:55:23    --------    d-----w-    C:\Windows\Hewlett-Packard
2014-07-07 19:40:00    31744    ----a-w-    C:\Windows\System32\drivers\asvpndrv.sys
2014-07-07 19:24:39    --------    d-----w-    C:\Program Files (x86)\Dashlane
2014-07-07 17:29:35    367104    ----a-w-    C:\Windows\System32\wcncsvc.dll
2014-07-07 17:29:35    276992    ----a-w-    C:\Windows\SysWow64\wcncsvc.dll
2014-07-07 17:28:07    367200    ----a-w-    C:\Windows\System32\drivers\afcdp.sys
2014-07-07 17:28:05    1464096    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2014-07-07 17:28:03    198432    ----a-w-    C:\Windows\System32\drivers\tib_mounter.sys
2014-07-07 17:28:03    1120032    ----a-w-    C:\Windows\System32\drivers\tib.sys
2014-07-07 17:27:58    161568    ----a-w-    C:\Windows\System32\drivers\vididr.sys
2014-07-07 17:27:57    117024    ----a-w-    C:\Windows\System32\drivers\vidsflt.sys
2014-07-07 17:27:56    269600    ----a-w-    C:\Windows\System32\drivers\snapman.sys
2014-07-07 17:27:54    116000    ----a-w-    C:\Windows\System32\drivers\fltsrv.sys
2014-07-07 16:52:47    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2014-07-07 16:52:47    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2014-07-07 16:52:47    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2014-07-07 16:52:47    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-07-07 16:38:52    99176    ----a-w-    C:\Windows\SysWow64\PresentationHostProxy.dll
2014-07-07 16:38:52    49488    ----a-w-    C:\Windows\SysWow64\netfxperf.dll
2014-07-07 16:38:52    320352    ----a-w-    C:\Windows\System32\PresentationHost.exe
2014-07-07 16:38:52    295264    ----a-w-    C:\Windows\SysWow64\PresentationHost.exe
2014-07-07 16:38:52    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-07-07 16:38:52    109928    ----a-w-    C:\Windows\System32\PresentationHostProxy.dll
2014-07-07 16:38:51    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2014-07-07 16:38:51    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2014-07-07 16:30:37    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2014-07-07 16:30:37    368128    ----a-w-    C:\Windows\System32\atmfd.dll
2014-07-07 16:30:37    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2014-07-07 16:30:37    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2014-07-07 16:29:55    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-07-07 16:29:55    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-07-07 16:29:55    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-07-07 16:27:29    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2014-07-07 16:27:29    5120    ----a-w-    C:\Windows\System32\wmi.dll
2014-07-07 16:27:29    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2014-07-07 16:02:36    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2014-07-07 16:02:36    5550016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-07-07 16:02:36    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-07-07 16:02:36    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-07-07 16:02:32    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-07-07 16:02:32    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-07-07 16:02:24    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-07-07 16:02:24    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2014-07-07 16:02:24    229888    ----a-w-    C:\Windows\System32\XpsRasterService.dll
2014-07-07 16:02:24    144384    ----a-w-    C:\Windows\System32\cdd.dll
2014-07-07 16:02:24    135168    ----a-w-    C:\Windows\SysWow64\XpsRasterService.dll
2014-07-07 16:02:09    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-07-07 16:00:59    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2014-07-07 15:49:24    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2014-07-07 15:48:51    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-07-07 15:48:51    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-07-07 14:17:38    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-07-07 14:17:38    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-07-07 14:17:38    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-07-07 14:14:22    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-07-07 14:14:19    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-07-07 14:14:19    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2014-07-07 16:37:04    114176    ----a-w-    C:\Windows\System32\admparse.dll
2014-07-07 16:37:04    101888    ----a-w-    C:\Windows\SysWow64\admparse.dll
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-22 17:54:24    475672    ----a-w-    C:\Windows\System32\ASProxy64.dll
2014-05-22 17:54:22    359960    ----a-w-    C:\Windows\SysWow64\ASProxy.dll
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2006-05-03 16:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH:  7:53:24.30 ===============

 

 

Oh - I'm running Windows 7 Home Premium on an HP Desktop. I'd tell you more but this virus won't let me see anything to do with the system.

 

Thanks in advance for having a look. I hope you can find something.

 

 

P.S. - yes, yes, I know - using Utorrent is a bad, bad thing.
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 07 August 2014 - 07:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543064 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 07 August 2014 - 08:40 AM

Hi - the same symptoms appear as far as watching video files and trying to enable System Restore. A new issue has suddenly cropped up. Our cable/internet provider has changed and I had to set up my new email account in Outlook 2010. All was well for 2 days until I did a reboot and opened my mail. My Outlook had reverted back to the old mail account. All the work I did setting up the new account no longer appears. When I opened Firefox, I could not find the last set of tabs I had opened. I could not find anything newer than 2 days ago. It seems like my computer is now running behind by two days even though the date/time is correct. Could there be a problem hidden somewhere in my Outlook?

 

Here are the latest DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.45.2
Run by srcstcbstrd at 9:22:28 on 2014-08-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4758 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
svchost.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - LocalServer32 - <no file>
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
uRun: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe                                                                                                                                                                                             
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"                                                                                                                                                                                                      
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"                                                                                                                                                                                                         
mRun: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master - <no file>
IE: Çàêà÷àòü ïðè ïîìîùè Download Master - <no file>
IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{51B7010A-FA6A-4A4C-BD32-8B364E4E1485} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78705D59-9C0F-4550-9FA7-DB782BCBF8C2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C}\4594D435D234F4D40555455425F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cardisabled - <Clsid value has no data>
Handler: javascript - <Clsid value has no data>
Handler: mailto - <Clsid value has no data>
Handler: res - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://www.google.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Mediafour XPlay Explorer notifications: {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cardisabled - <Clsid value has no data>
x64-Handler: javascript - <Clsid value has no data>
x64-Handler: mailto - <Clsid value has no data>
x64-Handler: res - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: DfLogon - LogonDll.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 39594152;39594152 Boot Guard Driver;C:\Windows\System32\drivers\39594152.sys [2011-4-26 40464]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-5 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-5 42664]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-7-27 17600]
R0 DeepFrz;DeepFrz;C:\Windows\System32\drivers\DeepFrz.sys [2012-9-4 214744]
R0 DfDiskLow;DfDiskLow;C:\Windows\System32\drivers\DfDiskLow.sys [2012-9-4 38232]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-7-7 116000]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2009-7-29 346216]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-7-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-7-11 1148120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-7-7 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-7-7 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-7-7 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-7-7 117024]
R1 39594151;39594151;C:\Windows\System32\drivers\39594151.sys [2011-4-26 157712]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [2014-8-6 1530160]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2011-7-17 190432]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-23 168096]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-7-11 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-7-27 20160]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140806.001\IDSviA64.sys [2014-8-6 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;C:\Windows\System32\drivers\3959415.sys [2011-4-26 352784]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-7-11 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-7-11 593112]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-7-7 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 237056]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-9-9 337872]
R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-9-7 544768]
R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-9-4 1092096]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-5-15 443224]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-19 127752]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 M4iPodWPDService;M4iPodWPDService;C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-23 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-7-11 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2014-7-13 792608]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-18 224840]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-7-7 367200]
R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-7-7 2121752]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-7-7 31744]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-5 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-7-26 142128]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-5 38456]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-26 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-26 860472]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-8-3 580232]
S3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-4-27 1101600]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-16 46136]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-7-7 434016]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-3-9 35840]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2014-7-13 1147424]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-9 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-26 63704]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2014-7-13 1160224]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-8 1255736]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-1-13 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-13 128512]
.
=============== Created Last 30 ================
.
2014-08-07 04:28:17    29160    ----a-w-    C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-07 04:28:16    --------    d-----w-    C:\ProgramData\RogueKiller
2014-08-05 04:23:33    16336550    ------w-    C:\Persi0.sys
2014-08-05 04:23:31    --------    d-----w-    C:\Program Files (x86)\Faronics
2014-08-03 13:58:52    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 13:58:26    --------    d-----w-    C:\Program Files (x86)\Wise
2014-08-02 03:07:48    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-30 08:09:45    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-30 08:09:45    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-29 23:36:59    92784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2014-07-27 17:28:12    --------    d-----w-    C:\Program Files (x86)\stinger
2014-07-27 15:28:11    17600    ----a-w-    C:\Windows\System32\drivers\BootDefragDriver.sys
2014-07-27 15:28:11    118048    ----a-w-    C:\Windows\System32\BootDefrag.exe
2014-07-27 14:18:39    28960    ----a-w-    C:\Windows\System32\RegBootDefrag.exe
2014-07-27 13:42:03    20160    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-07-27 13:41:56    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-07-26 21:20:41    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-26 21:20:26    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-26 21:20:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-26 21:20:26    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 08:51:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-25 01:37:34    --------    d-----w-    C:\Users\srcstcbstrd\Doctor Web
2014-07-25 01:36:10    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-25 01:36:10    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-25 01:36:10    --------    d-----w-    C:\ProgramData\MFAData
2014-07-23 11:02:18    180136    ----a-w-    C:\Windows\System32\drivers\idmwfp.sys
2014-07-13 17:18:25    880640    ----a-w-    C:\Windows\SysWow64\UniBox10.ocx
2014-07-13 17:18:25    40992    ----a-w-    C:\Windows\System32\CleanMFT64.exe
2014-07-13 17:18:25    212992    ----a-w-    C:\Windows\SysWow64\UniBoxVB12.ocx
2014-07-13 17:18:25    1101824    ----a-w-    C:\Windows\SysWow64\UniBox210.ocx
2014-07-13 17:18:24    512544    ----a-w-    C:\Windows\SysWow64\msxml.dll
2014-07-12 11:33:52    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 15:12:29    --------    d-----w-    C:\ProgramData\HitmanPro
2014-07-11 14:48:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2014-07-11 14:32:36    875736    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys
2014-07-11 14:32:36    593112    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys
2014-07-11 14:32:36    493656    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys
2014-07-11 14:32:36    36952    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys
2014-07-11 14:32:36    264280    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys
2014-07-11 14:32:36    23568    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys
2014-07-11 14:32:36    162392    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys
2014-07-11 14:32:36    1148120    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys
2014-07-11 14:16:15    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-07-11 14:15:38    --------    d-----w-    C:\Program Files (x86)\Norton Internet Security
2014-07-11 14:15:19    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-07-11 13:50:43    --------    d-----w-    C:\found.000
2014-07-10 15:33:39    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1504000.00D
2014-07-10 15:12:42    --------    d-----w-    C:\NPE
2014-07-10 14:22:13    --------    d-----w-    C:\Windows\System32\drivers\NISx64
2014-07-10 14:04:12    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-10 11:52:13    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-07-10 11:52:13    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-07-10 02:13:10    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-07-10 02:13:10    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-07-10 02:13:04    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 02:13:04    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 02:13:04    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 02:10:49    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-10 02:10:48    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-10 02:10:48    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-07-10 00:36:03    --------    d-----w-    C:\Users\srcstcbstrd\AppData\Roaming\PictureMover
2014-07-10 00:25:59    4179264    ----a-w-    C:\Windows\System32\AutoPartNt.exe
2014-07-09 20:56:54    --------    d-----w-    C:\Program Files (x86)\Auslogics
2014-07-08 15:55:23    --------    d-----w-    C:\Windows\Hewlett-Packard
.
==================== Find3M  ====================
.
2014-07-07 16:37:04    114176    ----a-w-    C:\Windows\System32\admparse.dll
2014-07-07 16:37:04    101888    ----a-w-    C:\Windows\SysWow64\admparse.dll
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-22 17:54:24    475672    ----a-w-    C:\Windows\System32\ASProxy64.dll
2014-05-22 17:54:22    359960    ----a-w-    C:\Windows\SysWow64\ASProxy.dll
2014-05-17 20:45:08    31744    ----a-w-    C:\Windows\System32\drivers\asvpndrv.sys
2014-05-14 16:21:04    2620928    ----a-w-    C:\Windows\System32\wucltux.dll
2014-05-14 16:20:45    97792    ----a-w-    C:\Windows\System32\wudriver.dll
2014-05-14 16:17:10    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-05-14 13:23:04    198600    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-05-14 13:23:04    179656    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-05-14 13:20:46    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-05-14 13:17:14    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2006-05-03 16:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH:  9:23:09.35 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 08 August 2014 - 07:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 08 August 2014 - 08:37 PM

Hi nasdaq - thanks for your help. Things have got worse. The virus is holding my computer to 3 days old as far as updating anything or trying to save things. I've tried to run the programs you suggested but of course when ADW asks for a reboot, the logs are lost. So I have run the programs again without a reboot as suggested. Here are the logs:

 

Hi nasdaq -  the problems are becoming tenfold. The virus has decided that everything is held back to 3 days ago. Nothing I do will update. Every time I reboot, I lose everything up until 08/05/14. Emails, programs (ADW log,etc.).But here's what I could get so far:

 

# AdwCleaner v3.304 - Report created 08/08/2014 at 21:16:46
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : srcstcbstrd - TIMS-COMPUTER
# Running from : E:\Most Recent Downloads\adwcleaner_3.304.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

Task Found : SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\prefs.js ]


[ File : C:\Users\Tim's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\a7003pln.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\srcstcbstrd\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R10].txt - [1021 octets] - [08/08/2014 21:16:46]
AdwCleaner[R8].txt - [2220 octets] - [24/07/2014 20:22:13]
AdwCleaner[R9].txt - [1443 octets] - [01/08/2014 16:25:16]
AdwCleaner[S8].txt - [2265 octets] - [24/07/2014 20:23:34]
AdwCleaner[S9].txt - [1510 octets] - [01/08/2014 16:29:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [1322 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014
Ran by srcstcbstrd (administrator) on TIMS-COMPUTER on 08-08-2014 21:26:08
Running from E:\Most Recent Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
() C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() E:\Most Recent Downloads\adwcleaner_3.304.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PCTools FGuard] => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [247760 2011-09-01] (Threat Expert Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Tractivity.Helper] => C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe [536064 2013-07-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-07-13] (Symantec Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Dashlane] => C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-07-28] ()
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [5132312 2014-07-10] (Astrill)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BootExecute: autocheck autochk /k:C /k:D /k:E *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC372924FE8ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} -> C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254
FF NewTab: about:blank
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Astrill Proxy Switcher - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\addon@astrill.com [2014-02-02]
FF Extension: Xmarks - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: InvisibleHand - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-09-15]
FF Extension: Customizations for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\customization@adblockplus.org.xpi [2013-09-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-15]
FF Extension: MEGA - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\firefox@mega.co.nz.xpi [2014-04-29]
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
FF Extension: Google Translator for Firefox - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\translator@zoli.bod.xpi [2013-12-21]
FF Extension: Session Manager - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-15]
FF Extension: Bluhell Firewall - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
FF Extension: Adblock Edge - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF Extension: Browser Defender Toolbar - C:\Program Files (x86)\PC Tools Security\BDT\Firefox [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-08-08]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-07-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-07-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
R3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-09-01] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1092096 2012-09-04] (Faronics Corporation) [File not signed]
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-20] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-30] () [File not signed]
R2 M4iPodWPDService; C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [211968 2010-11-15] (Mediafour Corporation) [File not signed]
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-18] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-12-31] () [File not signed]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 39594151; C:\Windows\System32\DRIVERS\39594151.sys [157712 2009-09-25] (Kaspersky Lab)
R0 39594152; C:\Windows\System32\DRIVERS\39594152.sys [40464 2009-10-22] (Kaspersky Lab)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [190432 2010-11-15] (EldoS Corporation) [File not signed]
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [214744 2012-09-04] (Faronics Corporation)
R0 DfDiskLow; C:\Windows\System32\Drivers\DfDiskLow.sys [38232 2012-09-04] (Faronics Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-27] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140808.002\IDSvia64.sys [525016 2014-07-10] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [346216 2009-07-29] (Mediafour Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140808.003\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140808.003\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 setup_9.0.0.722_27.04.2011_00-08drv; C:\Windows\System32\DRIVERS\3959415.sys [352784 2009-10-09] (Kaspersky Lab)
U5 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-11-21] (Soluto LTD.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-13] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\FRST
2014-08-08 17:20 - 2014-08-08 18:05 - 00035783 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 17:20 - 2014-08-08 17:20 - 00000056 _____ () C:\Windows\setupact.log
2014-08-08 17:20 - 2014-08-08 17:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 17:19 - 2014-08-08 17:19 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 11:09 - 2014-08-08 17:40 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-03 11:09 - 2014-08-04 11:00 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 09:58 - 2014-08-08 17:21 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 09:58 - 2014-08-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 10:36 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:36 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:36 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:36 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:36 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:53 - 2014-08-02 07:55 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:53 - 2014-08-02 07:55 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-07-30 04:09 - 2014-08-02 11:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-30 04:09 - 2014-08-02 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 19:36 - 2014-08-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:28 - 2014-07-27 13:33 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:28 - 2014-07-20 23:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-27 11:28 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:18 - 2014-07-20 23:01 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-27 09:42 - 2014-08-08 17:21 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:41 - 2014-07-27 11:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-26 17:20 - 2014-08-08 18:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 17:20 - 2014-07-27 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-26 17:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 04:51 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 04:39 - 2014-07-27 13:38 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-23 07:02 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-13 13:19 - 2014-08-08 17:20 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2014-07-27 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-13 13:18 - 2012-09-29 22:50 - 00512544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-07-13 13:18 - 2012-09-29 22:49 - 00040992 _____ () C:\Windows\system32\CleanMFT64.exe
2014-07-13 13:18 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 11:12 - 2014-07-21 04:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 10:34 - 2014-07-11 10:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-11 10:16 - 2014-07-11 10:16 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 10:16 - 2014-07-11 10:16 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 10:15 - 2014-07-11 10:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-11 10:15 - 2014-07-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-11 09:51 - 2014-07-11 09:51 - 00006576 ____N () C:\bootsqm.dat
2014-07-11 09:50 - 2014-08-03 11:05 - 00000000 ____D () C:\found.000
2014-07-10 11:12 - 2014-07-10 11:13 - 00000000 ____D () C:\NPE
2014-07-10 10:23 - 2014-07-11 10:34 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-10 10:22 - 2014-07-11 10:34 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-10 10:04 - 2014-07-12 07:41 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-10 07:53 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-10 07:53 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-10 07:53 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-10 07:53 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-10 07:53 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-10 07:53 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-10 07:53 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-10 07:53 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-10 07:53 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-10 07:53 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-10 07:53 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-10 07:53 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-10 07:53 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-10 07:53 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-10 07:53 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-10 07:53 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-10 07:53 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-10 07:53 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-10 07:52 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-10 07:52 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-09 22:13 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 22:13 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 22:12 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 22:12 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 22:12 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 22:12 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 22:12 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 22:12 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 22:12 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 22:12 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 22:12 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 22:12 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 22:12 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 22:12 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 22:12 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 22:12 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 22:12 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 22:12 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 22:12 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 22:12 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 22:12 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 22:12 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 22:12 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 22:12 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 22:12 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 22:12 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 22:12 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 22:12 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 22:12 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 22:12 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 22:12 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 22:12 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 22:12 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 22:12 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 22:12 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 22:12 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 22:12 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 22:12 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 22:12 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 22:12 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 22:12 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 22:12 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 22:12 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 22:12 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 22:12 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 22:12 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 22:12 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 22:12 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 22:12 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 22:12 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 22:12 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 22:12 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 22:12 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 22:12 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 22:12 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 22:12 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 22:12 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 22:12 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 22:12 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 22:12 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 22:12 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 22:12 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 22:12 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 22:12 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 22:12 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 22:10 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 22:10 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 22:10 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 20:36 - 2014-07-09 20:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\PictureMover
2014-07-09 20:26 - 2014-07-09 20:28 - 00001024 _____ () C:\Windows\system32\AutoPartNt.let
2014-07-09 20:26 - 2014-07-09 20:26 - 00005696 _____ () C:\Windows\system32\AutoPartNt.nam
2014-07-09 20:25 - 2014-07-09 20:26 - 04179264 _____ (Acronis) C:\Windows\system32\AutoPartNt.exe
2014-07-09 19:01 - 2014-07-09 19:01 - 19178160 _____ (Adobe Systems Incorporated) C:\Users\Tim's Computer\Downloads\install_flash_player(1).exe
2014-07-09 16:57 - 2014-07-09 16:57 - 00001257 _____ () C:\Users\Tim's Computer\Desktop\Auslogics Duplicate File Finder.lnk
2014-07-09 16:56 - 2014-07-09 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-09 16:56 - 2014-07-09 16:56 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-07-09 16:48 - 2014-07-09 16:49 - 05855336 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tim's Computer\Downloads\duplicate-file-finder-setup.exe
2014-07-09 16:43 - 2014-07-09 16:43 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\vlc
2014-07-09 09:18 - 2014-06-15 13:05 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-09 09:05 - 2014-04-18 13:09 - 00770380 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-09 08:57 - 2014-07-09 08:57 - 01005568 _____ (Microsoft Corporation) C:\Users\Tim's Computer\Downloads\dotNetFx45_Full_setup.exe
2014-07-09 07:52 - 2014-07-09 07:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Tim's Computer\Downloads\hitmanpro_x64.exe
2014-07-09 07:50 - 2014-07-09 07:50 - 00003634 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3e10db25-7999-4612-8226-32badbc7da78
2014-07-09 07:50 - 2014-07-09 07:50 - 00003560 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0d5b5734-bea9-4253-a530-58fdfcaf4f8a
2014-07-09 07:50 - 2014-07-09 07:50 - 00001810 _____ () C:\Users\Tim's Computer\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\SUPERAntiSpyware.com
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-09 07:48 - 2014-07-09 07:48 - 00003015 _____ () C:\Users\Tim's Computer\Desktop\HiJackThis.lnk
2014-07-09 07:48 - 2014-07-09 07:48 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-09 07:46 - 2014-07-09 07:46 - 01402880 _____ () C:\Users\Tim's Computer\Downloads\HijackThis.msi
2014-07-09 07:45 - 2014-07-09 07:45 - 20017536 _____ (SUPERAntiSpyware) C:\Users\Tim's Computer\Downloads\SUPERAntiSpywarePro.exe
2014-07-09 00:15 - 2014-07-09 02:18 - 00000017 _____ () C:\Users\Tim's Computer\AppData\Local\resmon.resmoncfg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\FRST
2014-08-08 21:26 - 2011-06-28 04:44 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
2014-08-08 21:17 - 2013-08-23 14:35 - 00000000 ____D () C:\AdwCleaner
2014-08-08 21:11 - 2011-04-09 01:14 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Outlook Files
2014-08-08 19:00 - 2011-04-10 10:42 - 00000000 ____D () C:\Torrents Complete
2014-08-08 19:00 - 2011-04-10 10:42 - 00000000 ____D () C:\Bit Torrents
2014-08-08 18:45 - 2014-07-26 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 18:05 - 2014-08-08 17:20 - 00035783 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 17:51 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 17:51 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 17:45 - 2011-04-09 01:05 - 00000000 ___RD () C:\Users\srcstcbstrd\Desktop\Disc Cleaners
2014-08-08 17:40 - 2014-08-03 11:09 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-08 17:40 - 2014-07-07 15:53 - 00004844 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-08-08 17:40 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-08-08 17:40 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-08-08 17:21 - 2014-08-03 09:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-08 17:21 - 2014-07-27 09:42 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-08 17:20 - 2014-08-08 17:20 - 00000056 _____ () C:\Windows\setupact.log
2014-08-08 17:20 - 2014-08-08 17:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 17:20 - 2014-07-13 13:19 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-08-08 17:20 - 2013-11-26 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-08-08 17:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 17:19 - 2014-08-08 17:19 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:23 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\DMCache
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-05 00:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Tim Mahoney\Redheads
2014-08-04 23:45 - 2014-03-05 09:32 - 00000000 ____D () C:\Users\Tim Mahoney\Pics
2014-08-04 23:30 - 2011-04-09 01:12 - 00000000 ____D () C:\Users\Tim Mahoney\Asians
2014-08-04 20:07 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 11:00 - 2014-08-03 11:09 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 17:14 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\CrashDumps
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 11:05 - 2014-07-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 11:05 - 2014-07-11 09:50 - 00000000 ____D () C:\found.000
2014-08-03 11:05 - 2011-04-12 14:01 - 00000000 ____D () C:\DVD's To Watch
2014-08-03 11:05 - 2011-04-09 01:23 - 00000000 ____D () C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2014-08-03 11:04 - 2012-03-25 15:14 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Media Player Classic
2014-08-03 11:04 - 2011-12-27 19:18 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-03 11:04 - 2011-04-09 02:22 - 00000000 ____D () C:\Program Files\Free MKV Video2Dvd
2014-08-03 11:04 - 2011-04-09 02:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 10:03 - 2014-08-03 09:58 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 10:01 - 2013-11-16 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-03 10:01 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 11:07 - 2014-07-30 04:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:07 - 2014-07-30 04:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 08:24 - 2012-05-23 18:46 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Winamp
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:55 - 2014-08-02 07:53 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:55 - 2014-08-02 07:53 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-02 06:14 - 2009-07-14 01:38 - 00067584 ____S () C:\Windows\bootstet.dat
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-08-01 23:07 - 2013-09-08 08:36 - 00000000 ____D () C:\Qoobox
2014-08-01 23:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 15:12 - 2013-11-17 18:13 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\vlc
2014-08-01 14:52 - 2012-09-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 09:33 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IDM
2014-07-28 16:19 - 2013-08-24 08:52 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Dashlane
2014-07-28 16:14 - 2011-04-10 11:00 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-07-27 21:19 - 2013-09-05 16:28 - 00000000 ____D () C:\Users\srcstcbstrd\OfficeToolkit2010[1]
2014-07-27 21:19 - 2011-04-09 01:06 - 00000000 ____D () C:\Users\srcstcbstrd\Downloads\Programs Downloaded
2014-07-27 19:11 - 2014-06-18 22:45 - 00002656 _____ () C:\Users\srcstcbstrd\Desktop\Rkill.txt
2014-07-27 19:07 - 2013-10-29 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-27 17:58 - 2014-07-26 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 13:38 - 2014-07-25 04:39 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-27 13:33 - 2014-07-27 13:28 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:42 - 2014-07-27 09:41 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 10:27 - 2014-07-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-27 10:27 - 2013-07-09 22:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
2014-07-27 10:27 - 2013-06-09 11:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-07-27 10:25 - 2013-01-13 17:37 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:19 - 2011-04-09 10:24 - 00000000 ____D () C:\Users\srcstcbstrd
2014-07-27 10:19 - 2009-07-13 22:34 - 26738688 _____ () C:\Windows\system32\config\system.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 101974016 _____ () C:\Windows\system32\config\software.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 04980736 _____ () C:\Windows\system32\config\default.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:42 - 2013-12-24 01:08 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-27 09:42 - 2013-09-07 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-07-27 09:42 - 2011-04-11 08:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\GlarySoft
2014-07-27 09:37 - 2014-04-26 17:56 - 00015841 _____ () C:\Users\srcstcbstrd\Documents\hijackthis.log
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-27 00:00 - 2011-10-15 15:41 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-25 04:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 17:20 - 2011-09-08 21:43 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Malwarebytes
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 21:33 - 2014-06-18 22:49 - 00000000 ____D () C:\Users\srcstcbstrd\Pavark
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\ProgramData\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-24 18:49 - 2014-01-26 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 18:49 - 2011-04-09 02:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:02 - 2014-01-26 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 17:22 - 2014-02-02 13:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Astrill
2014-07-21 04:05 - 2014-07-11 11:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 23:01 - 2014-07-27 11:28 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-20 23:01 - 2014-07-27 10:18 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-20 17:42 - 2012-01-19 23:30 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-18 03:11 - 2014-07-27 11:28 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 15:45 - 2011-04-10 12:54 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\ESTsoft
2014-07-13 13:23 - 2011-01-05 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2011-01-05 04:00 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-13 13:16 - 2014-02-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-07-13 13:15 - 2014-02-02 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2014-07-12 07:42 - 2013-04-13 14:34 - 00000846 _____ () C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-12 07:41 - 2014-07-10 10:04 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 10:34 - 2014-07-11 10:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-11 10:34 - 2014-07-11 10:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-11 10:34 - 2014-07-10 10:23 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-11 10:34 - 2014-07-10 10:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-11 10:16 - 2014-07-11 10:16 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 10:16 - 2014-07-11 10:16 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 10:16 - 2013-06-09 11:53 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 10:15 - 2014-07-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-11 10:15 - 2011-01-05 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-07-11 09:51 - 2014-07-11 09:51 - 00006576 ____N () C:\bootsqm.dat
2014-07-10 11:29 - 2013-12-15 16:46 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\NPE
2014-07-10 11:13 - 2014-07-10 11:12 - 00000000 ____D () C:\NPE
2014-07-10 09:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-10 07:57 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-10 04:16 - 2009-07-14 00:45 - 00422128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 04:14 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 04:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 04:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:07 - 2013-07-25 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2014-07-07 13:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 03:02 - 2011-04-09 02:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 20:36 - 2014-07-09 20:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\PictureMover
2014-07-09 20:28 - 2014-07-09 20:26 - 00001024 _____ () C:\Windows\system32\AutoPartNt.let
2014-07-09 20:26 - 2014-07-09 20:26 - 00005696 _____ () C:\Windows\system32\AutoPartNt.nam
2014-07-09 20:26 - 2014-07-09 20:25 - 04179264 _____ (Acronis) C:\Windows\system32\AutoPartNt.exe
2014-07-09 20:26 - 2014-07-08 11:51 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\uTorrent
2014-07-09 19:01 - 2014-07-09 19:01 - 19178160 _____ (Adobe Systems Incorporated) C:\Users\Tim's Computer\Downloads\install_flash_player(1).exe
2014-07-09 18:22 - 2011-04-10 11:58 - 00000000 ____D () C:\Program Files (x86)\Bit Che
2014-07-09 18:21 - 2011-10-20 23:20 - 00000000 ____D () C:\Program Files (x86)\EasyGPS
2014-07-09 18:20 - 2011-04-10 14:31 - 00000000 ____D () C:\ConvertXtoDVDPortable
2014-07-09 18:14 - 2011-04-09 01:21 - 00000000 ____D () C:\Program Files\AC3Filter
2014-07-09 18:13 - 2011-07-12 19:31 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-09 18:11 - 2013-11-24 10:43 - 00000000 ____D () C:\Office2003SP3Changes
2014-07-09 18:11 - 2013-03-09 19:15 - 00000000 ____D () C:\Netgear
2014-07-09 18:10 - 2011-04-09 10:43 - 00000000 ____D () C:\DVD's
2014-07-09 16:57 - 2014-07-09 16:57 - 00001257 _____ () C:\Users\Tim's Computer\Desktop\Auslogics Duplicate File Finder.lnk
2014-07-09 16:56 - 2014-07-09 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-09 16:56 - 2014-07-09 16:56 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-07-09 16:49 - 2014-07-09 16:48 - 05855336 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tim's Computer\Downloads\duplicate-file-finder-setup.exe
2014-07-09 16:43 - 2014-07-09 16:43 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\vlc
2014-07-09 16:20 - 2014-07-08 12:50 - 00000000 ____D () C:\Users\Tim's Computer\Documents\Outlook Files
2014-07-09 08:57 - 2014-07-09 08:57 - 01005568 _____ (Microsoft Corporation) C:\Users\Tim's Computer\Downloads\dotNetFx45_Full_setup.exe
2014-07-09 08:35 - 2012-09-04 16:28 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-09 07:52 - 2014-07-09 07:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Tim's Computer\Downloads\hitmanpro_x64.exe
2014-07-09 07:50 - 2014-07-09 07:50 - 00003634 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3e10db25-7999-4612-8226-32badbc7da78
2014-07-09 07:50 - 2014-07-09 07:50 - 00003560 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0d5b5734-bea9-4253-a530-58fdfcaf4f8a
2014-07-09 07:50 - 2014-07-09 07:50 - 00001810 _____ () C:\Users\Tim's Computer\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\SUPERAntiSpyware.com
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-09 07:49 - 2014-07-07 10:16 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Local\VirtualStore
2014-07-09 07:48 - 2014-07-09 07:48 - 00003015 _____ () C:\Users\Tim's Computer\Desktop\HiJackThis.lnk
2014-07-09 07:48 - 2014-07-09 07:48 - 00000000 ____D () C:\Users\Tim's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-09 07:46 - 2014-07-09 07:46 - 01402880 _____ () C:\Users\Tim's Computer\Downloads\HijackThis.msi
2014-07-09 07:45 - 2014-07-09 07:45 - 20017536 _____ (SUPERAntiSpyware) C:\Users\Tim's Computer\Downloads\SUPERAntiSpywarePro.exe
2014-07-09 07:31 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-09 07:31 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-07-09 07:31 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-07-09 02:18 - 2014-07-09 00:15 - 00000017 _____ () C:\Users\Tim's Computer\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\srcstcbstrd\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 19:03

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 09 August 2014 - 07:54 AM

chrome.
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

This is a reminder. We may have to look at it later.

 

FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]

Did you install this and do you know what it is?

If you do remove it from the notepad list before saving it to fixlist.txt as suggested below.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-07-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
Task: {08D2B8B0-3649-4AFA-B4B5-99F8A1F22657} - System32\Tasks\Updater26278.exe => C:\Users\srcstcbstrd\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {AA4A7A95-00F4-4324-857D-277274C49025} - \SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce No Task File <==== ATTENTION
Task: {AF169B97-DDB1-4CC9-AD69-7C5E415D71A8} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C6C2A03E-DAA7-4BBD-908A-879B9B9D6E85} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {E0AB0C62-5E54-42F3-82C7-86B036DFECD7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#7 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 August 2014 - 11:25 AM

Ok nasdaq - sorry for the delay. The computer is running same as before - running 5 days late. I did what you asked with the notepad and FRST but after a reboot, all the data was lost. No txt file to attach. No FRST program on my computer. No folder, no nothing. I saved all my folders and files 3 weeks ago and am tempted to wipe this infernal machine clean and go back to the factory default settings but I'm afraid that the virus is lurking in one of the folders ready to pounce and create the same havoc.

 

Any other suggestions?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 10 August 2014 - 12:29 PM


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.

#9 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 August 2014 - 01:23 PM

Hey nasdaq - I haven't run the rkill yet but I did manage to run FRST in safe mode off of a flash drive. Here's the reports:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by srcstcbstrd (administrator) on TIMS-COMPUTER on 10-08-2014 13:41:39
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Faronics Corporation) C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(NirSoft) C:\32788R22FWJFW\NirCmd.3XE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PCTools FGuard] => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [247760 2011-09-01] (Threat Expert Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Tractivity.Helper] => C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe [536064 2013-07-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-07-13] (Symantec Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Dashlane] => C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-07-28] ()
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [5132312 2014-07-10] (Astrill)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BootExecute: autocheck autochk /k:C /k:D /k:E *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC372924FE8ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} -> C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254
FF NewTab: about:blank
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Astrill Proxy Switcher - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\addon@astrill.com [2014-02-02]
FF Extension: Xmarks - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: InvisibleHand - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-09-15]
FF Extension: Customizations for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\customization@adblockplus.org.xpi [2013-09-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-15]
FF Extension: MEGA - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\firefox@mega.co.nz.xpi [2014-04-29]
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
FF Extension: Google Translator for Firefox - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\translator@zoli.bod.xpi [2013-12-21]
FF Extension: Session Manager - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-15]
FF Extension: Bluhell Firewall - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
FF Extension: Adblock Edge - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF Extension: Browser Defender Toolbar - C:\Program Files (x86)\PC Tools Security\BDT\Firefox [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-08-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-07-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-07-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
S2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-09-01] (Threat Expert Ltd.)
S2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
S2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1092096 2012-09-04] (Faronics Corporation) [File not signed]
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-20] (SurfRight B.V.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-30] () [File not signed]
S2 M4iPodWPDService; C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [211968 2010-11-15] (Mediafour Corporation) [File not signed]
S2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-18] (Realtek Semiconductor)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
S2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-12-31] () [File not signed]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 39594151; C:\Windows\System32\DRIVERS\39594151.sys [157712 2009-09-25] (Kaspersky Lab)
R0 39594152; C:\Windows\System32\DRIVERS\39594152.sys [40464 2009-10-22] (Kaspersky Lab)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S1 CbFs; C:\Windows\system32\drivers\cbfs.sys [190432 2010-11-15] (EldoS Corporation) [File not signed]
S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [214744 2012-09-04] (Faronics Corporation)
R0 DfDiskLow; C:\Windows\System32\Drivers\DfDiskLow.sys [38232 2012-09-04] (Faronics Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-27] (Glarysoft Ltd)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-07-10] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [346216 2009-07-29] (Mediafour Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 setup_9.0.0.722_27.04.2011_00-08drv; C:\Windows\System32\DRIVERS\3959415.sys [352784 2009-10-09] (Kaspersky Lab)
U5 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-11-21] (Soluto LTD.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-13] (Acronis International GmbH)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 773ACF5823046FA40D7FD898559A7228
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fltsrv.sys FDD776FAC4159A2983940D1E411FE9F3
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7
C:\Windows\System32\drivers\GUBootStartup.sys 9C5AAE8DF0FFF251FA8BF435E594C271
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\idmwfp.sys B9F719B572D8D440DD8B5401C35B3B6F
C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140731.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys D739148367AAE1DA0C12160DE141ECED
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\system32\drivers\iPodDrv.sys 02DEF37AB75E0032C50724646F708DE8
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\System32\Drivers\MDFSYSNT.sys CFF4808E80881375E87037AE041B19F0
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140803.034\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140803.034\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 2EED549279D7FBD10B846B5397573967
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys C618475866F6A7129F64A55961C1BB8B
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\3959415.sys 8423DB42808E94847EC4E53EFDA6BEE2
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys FBE0201AB61E18934C812C34D31A4403
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4
C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS 5570A74FF9B1EFBC5154DD1E2F05C517
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpman.sys 07330E30921C70E9D9B416EE43A06349
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tib.sys DE604462206F7D8C203F767F425FCA8D
C:\Windows\System32\DRIVERS\tib_mounter.sys 3C29FB9FC9B4C511AD69DC50257FEC75
C:\Windows\System32\DRIVERS\timntr.sys EBBAEA02F0095A798000C7E06B16D41B
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys DCC94C51D27C7EC0DADECA8F64C94FCF
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vididr.sys 35E8A18D1C558D5C2FF2FFED2FD396F6
C:\Windows\System32\DRIVERS\vidsflt.sys 0DCD5C8F2E0B3650C4A29F6569C074FD
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 13:41 - 2014-08-10 13:41 - 00000000 ____D () C:\FRST
2014-08-10 13:22 - 2014-08-10 13:22 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-10 13:14 - 2014-08-10 13:14 - 00000034 _____ () C:\Windows\setupact.log
2014-08-10 13:14 - 2014-08-10 13:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-10 13:04 - 2014-08-10 13:04 - 00002009 _____ () C:\Users\srcstcbstrd\Desktop\Remove Avira PC Cleaner.lnk
2014-08-10 13:04 - 2014-08-10 13:04 - 00001953 _____ () C:\Users\srcstcbstrd\Desktop\Avira PC Cleaner.lnk
2014-08-10 13:02 - 2014-08-10 13:02 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-10 13:03 - 16336664 _____ () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 11:09 - 2014-08-04 11:00 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 11:09 - 2014-08-03 11:09 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 09:58 - 2014-08-03 11:09 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 09:58 - 2014-08-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 09:58 - 2014-08-03 09:58 - 00001122 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 10:36 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:36 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:36 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:53 - 2014-08-02 07:55 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:53 - 2014-08-02 07:55 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-07-30 04:09 - 2014-08-02 11:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-30 04:09 - 2014-08-02 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 19:36 - 2014-08-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:28 - 2014-07-27 13:33 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:28 - 2014-07-20 23:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-27 11:28 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:18 - 2014-07-20 23:01 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-27 09:42 - 2014-08-02 06:16 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:41 - 2014-07-27 11:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-26 17:20 - 2014-08-05 00:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 17:20 - 2014-07-27 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-26 17:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 04:51 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 04:39 - 2014-07-27 13:38 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-23 07:02 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-13 13:19 - 2014-08-02 06:15 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2014-07-27 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-13 13:18 - 2012-09-29 22:50 - 00512544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-07-13 13:18 - 2012-09-29 22:49 - 00040992 _____ () C:\Windows\system32\CleanMFT64.exe
2014-07-13 13:18 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 11:12 - 2014-07-21 04:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 10:34 - 2014-07-11 10:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-11 10:16 - 2014-07-11 10:16 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 10:16 - 2014-07-11 10:16 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 10:15 - 2014-07-11 10:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-11 10:15 - 2014-07-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-11 09:51 - 2014-07-11 09:51 - 00006576 ____N () C:\bootsqm.dat
2014-07-11 09:50 - 2014-08-03 11:05 - 00000000 ____D () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 13:41 - 2014-08-10 13:41 - 00000000 ____D () C:\FRST
2014-08-10 13:22 - 2014-08-10 13:22 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-10 13:14 - 2014-08-10 13:14 - 00000034 _____ () C:\Windows\setupact.log
2014-08-10 13:14 - 2014-08-10 13:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-10 13:04 - 2014-08-10 13:04 - 00002009 _____ () C:\Users\srcstcbstrd\Desktop\Remove Avira PC Cleaner.lnk
2014-08-10 13:04 - 2014-08-10 13:04 - 00001953 _____ () C:\Users\srcstcbstrd\Desktop\Avira PC Cleaner.lnk
2014-08-10 13:03 - 2014-08-05 00:23 - 16336664 _____ () C:\Persi0.sys
2014-08-10 13:02 - 2014-08-10 13:02 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:23 - 2011-06-28 04:44 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
2014-08-05 00:23 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\DMCache
2014-08-05 00:23 - 2011-04-09 01:14 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Outlook Files
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-05 00:20 - 2014-07-26 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 00:20 - 2011-04-10 10:42 - 00000000 ____D () C:\Torrents Complete
2014-08-05 00:19 - 2011-04-10 10:42 - 00000000 ____D () C:\Bit Torrents
2014-08-05 00:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Tim Mahoney\Redheads
2014-08-04 23:45 - 2014-03-05 09:32 - 00000000 ____D () C:\Users\Tim Mahoney\Pics
2014-08-04 23:30 - 2011-04-09 01:12 - 00000000 ____D () C:\Users\Tim Mahoney\Asians
2014-08-04 20:07 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 11:00 - 2014-08-03 11:09 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 17:14 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\CrashDumps
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 11:09 - 2014-08-03 11:09 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-03 11:09 - 2014-08-03 09:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 11:05 - 2014-07-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 11:05 - 2014-07-11 09:50 - 00000000 ____D () C:\found.000
2014-08-03 11:05 - 2011-04-12 14:01 - 00000000 ____D () C:\DVD's To Watch
2014-08-03 11:05 - 2011-04-09 01:23 - 00000000 ____D () C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2014-08-03 11:04 - 2012-03-25 15:14 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Media Player Classic
2014-08-03 11:04 - 2011-12-27 19:18 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-03 11:04 - 2011-04-09 02:22 - 00000000 ____D () C:\Program Files\Free MKV Video2Dvd
2014-08-03 11:04 - 2011-04-09 02:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 10:03 - 2014-08-03 09:58 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 10:01 - 2013-11-16 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-03 10:01 - 2011-04-09 01:05 - 00000000 ___RD () C:\Users\srcstcbstrd\Desktop\Disc Cleaners
2014-08-03 10:01 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
2014-08-03 09:58 - 2014-08-03 09:58 - 00001122 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 11:07 - 2014-07-30 04:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:07 - 2014-07-30 04:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 08:24 - 2012-05-23 18:46 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Winamp
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:55 - 2014-08-02 07:53 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:55 - 2014-08-02 07:53 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-02 06:26 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 06:26 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 06:20 - 2014-07-07 15:53 - 00004844 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-08-02 06:20 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-08-02 06:20 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-08-02 06:16 - 2014-07-27 09:42 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-02 06:15 - 2014-07-13 13:19 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-08-02 06:15 - 2013-11-26 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-08-02 06:15 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 06:14 - 2009-07-14 01:38 - 00067584 ____S () C:\Windows\bootstet.dat
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-08-01 23:07 - 2013-09-08 08:36 - 00000000 ____D () C:\Qoobox
2014-08-01 23:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 16:29 - 2013-08-23 14:35 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:12 - 2013-11-17 18:13 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\vlc
2014-08-01 14:52 - 2012-09-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 09:33 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IDM
2014-07-28 16:19 - 2013-08-24 08:52 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Dashlane
2014-07-28 16:14 - 2011-04-10 11:00 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-07-27 21:19 - 2013-09-05 16:28 - 00000000 ____D () C:\Users\srcstcbstrd\OfficeToolkit2010[1]
2014-07-27 21:19 - 2011-04-09 01:06 - 00000000 ____D () C:\Users\srcstcbstrd\Downloads\Programs Downloaded
2014-07-27 19:11 - 2014-06-18 22:45 - 00002656 _____ () C:\Users\srcstcbstrd\Desktop\Rkill.txt
2014-07-27 19:07 - 2013-10-29 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-27 17:58 - 2014-07-26 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 13:38 - 2014-07-25 04:39 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-27 13:33 - 2014-07-27 13:28 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:42 - 2014-07-27 09:41 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 10:27 - 2014-07-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-27 10:27 - 2013-07-09 22:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
2014-07-27 10:27 - 2013-06-09 11:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-07-27 10:25 - 2013-01-13 17:37 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:19 - 2011-04-09 10:24 - 00000000 ____D () C:\Users\srcstcbstrd
2014-07-27 10:19 - 2009-07-13 22:34 - 26738688 _____ () C:\Windows\system32\config\system.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 101974016 _____ () C:\Windows\system32\config\software.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 04980736 _____ () C:\Windows\system32\config\default.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:42 - 2013-12-24 01:08 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-27 09:42 - 2013-09-07 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-07-27 09:42 - 2011-04-11 08:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\GlarySoft
2014-07-27 09:37 - 2014-04-26 17:56 - 00015841 _____ () C:\Users\srcstcbstrd\Documents\hijackthis.log
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-27 00:00 - 2011-10-15 15:41 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-25 04:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 17:20 - 2011-09-08 21:43 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Malwarebytes
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 21:33 - 2014-06-18 22:49 - 00000000 ____D () C:\Users\srcstcbstrd\Pavark
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\ProgramData\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-24 18:49 - 2014-01-26 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 18:49 - 2011-04-09 02:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:02 - 2014-01-26 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 17:22 - 2014-02-02 13:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Astrill
2014-07-21 04:05 - 2014-07-11 11:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 23:01 - 2014-07-27 11:28 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-20 23:01 - 2014-07-27 10:18 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-20 17:42 - 2012-01-19 23:30 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-18 03:11 - 2014-07-27 11:28 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 15:45 - 2011-04-10 12:54 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\ESTsoft
2014-07-13 13:23 - 2011-01-05 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2011-01-05 04:00 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-13 13:16 - 2014-02-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-07-13 13:15 - 2014-02-02 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2014-07-12 07:42 - 2013-04-13 14:34 - 00000846 _____ () C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-12 07:41 - 2014-07-10 10:04 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 10:34 - 2014-07-11 10:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-11 10:34 - 2014-07-11 10:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-11 10:34 - 2014-07-10 10:23 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-11 10:34 - 2014-07-10 10:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-11 10:16 - 2014-07-11 10:16 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 10:16 - 2014-07-11 10:16 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 10:16 - 2013-06-09 11:53 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 10:15 - 2014-07-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-11 10:15 - 2011-01-05 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-07-11 09:51 - 2014-07-11 09:51 - 00006576 ____N () C:\bootsqm.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {2ae22898-0294-11e4-a882-643150276a35}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {f59f2863-06c1-11e4-9d9e-643150276a35}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {f59f2863-06c1-11e4-9d9e-643150276a35}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {2ae22898-0294-11e4-a882-643150276a35}
nx                      OptIn
detecthal               Yes
bootlog                 No

Windows Boot Loader
-------------------
identifier              {f59f2863-06c1-11e4-9d9e-643150276a35}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f59f2864-06c1-11e4-9d9e-643150276a35}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f59f2864-06c1-11e4-9d9e-643150276a35}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {2ae22898-0294-11e4-a882-643150276a35}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {f59f2864-06c1-11e4-9d9e-643150276a35}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2014-06-08 19:03

==================== End Of Log ============================

 

 

Attached Files



#10 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 August 2014 - 01:34 PM

Ok - got RKill to run. Here's the log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2014 02:27:04 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe (PID: 6120) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/10/2014 02:31:35 PM
Execution time: 0 hours(s), 4 minute(s), and 31 seconds(s)
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 11 August 2014 - 07:32 AM

Open your Task Manager (CTRL+ALT+DEL) AND STOP THESE PROCESSES
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(NirSoft) C:\32788R22FWJFW\NirCmd.3XE

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(NirSoft) C:\32788R22FWJFW\NirCmd.3XE
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
Task: {08D2B8B0-3649-4AFA-B4B5-99F8A1F22657} - System32\Tasks\Updater26278.exe => C:\Users\srcstcbstrd\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {AA4A7A95-00F4-4324-857D-277274C49025} - \SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce No Task File <==== ATTENTION
Task: {AF169B97-DDB1-4CC9-AD69-7C5E415D71A8} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C6C2A03E-DAA7-4BBD-908A-879B9B9D6E85} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {E0AB0C62-5E54-42F3-82C7-86B036DFECD7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#12 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 August 2014 - 05:37 PM

Hey nasdaq - thanks again for trying to help me. I followed your instructions but I couldn't find the 2 processes to stop before running the scan. I even clicked on 'show processes by all users'.

 

I ran the scan regardless and here are the results (and my computer has not changed one iota):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by srcstcbstrd (administrator) on TIMS-COMPUTER on 11-08-2014 17:22:33
Running from F:\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
() C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
(Akamai Technologies, Inc.) C:\Users\srcstcbstrd\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\srcstcbstrd\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PCTools FGuard] => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [247760 2011-09-01] (Threat Expert Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Tractivity.Helper] => C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe [536064 2013-07-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-07-13] (Symantec Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Dashlane] => C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-07-28] ()
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [5132312 2014-07-10] (Astrill)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Akamai NetSession Interface] => C:\Users\srcstcbstrd\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BootExecute: autocheck autochk /k:C /k:D /k:E *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC372924FE8ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} -> C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254
FF NewTab: about:blank
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Astrill Proxy Switcher - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\addon@astrill.com [2014-02-02]
FF Extension: Xmarks - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: InvisibleHand - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-09-15]
FF Extension: Customizations for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\customization@adblockplus.org.xpi [2013-09-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-15]
FF Extension: MEGA - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\firefox@mega.co.nz.xpi [2014-04-29]
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
FF Extension: Google Translator for Firefox - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\translator@zoli.bod.xpi [2013-12-21]
FF Extension: Session Manager - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-15]
FF Extension: Bluhell Firewall - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
FF Extension: Adblock Edge - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF Extension: Browser Defender Toolbar - C:\Program Files (x86)\PC Tools Security\BDT\Firefox [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-08-10]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-07-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-07-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
R3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-09-01] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1092096 2012-09-04] (Faronics Corporation) [File not signed]
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-20] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-30] () [File not signed]
R2 M4iPodWPDService; C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [211968 2010-11-15] (Mediafour Corporation) [File not signed]
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] () [File not signed]
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] () [File not signed]
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-18] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-12-31] () [File not signed]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 39594151; C:\Windows\System32\DRIVERS\39594151.sys [157712 2009-09-25] (Kaspersky Lab)
R0 39594152; C:\Windows\System32\DRIVERS\39594152.sys [40464 2009-10-22] (Kaspersky Lab)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11172864 2012-04-26] () [File not signed]
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [190432 2010-11-15] (EldoS Corporation) [File not signed]
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [214744 2012-09-04] (Faronics Corporation)
R0 DfDiskLow; C:\Windows\System32\Drivers\DfDiskLow.sys [38232 2012-09-04] (Faronics Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-27] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140808.002\IDSvia64.sys [525016 2014-07-10] (Symantec Corporation)
S4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] () [File not signed]
S4 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] () [File not signed]
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [346216 2009-07-29] (Mediafour Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140811.003\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140811.003\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 setup_9.0.0.722_27.04.2011_00-08drv; C:\Windows\System32\DRIVERS\3959415.sys [352784 2009-10-09] (Kaspersky Lab)
U5 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-11-21] (Soluto LTD.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-13] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 17:22 - 2014-08-11 17:22 - 00000000 ____D () C:\FRST
2014-08-10 20:56 - 2014-08-10 20:56 - 00001033 _____ () C:\Users\srcstcbstrd\Desktop\FreeCommander.lnk
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\FreeCommander
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Program Files (x86)\FreeCommander
2014-08-10 18:44 - 2014-08-10 19:01 - 00002603 _____ () C:\Users\Public\Desktop\ASUS MultiFrame.lnk
2014-08-10 18:44 - 2014-08-10 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-10 18:44 - 2014-08-10 18:44 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-08-10 17:58 - 2014-08-10 17:58 - 00001416 _____ () C:\Users\srcstcbstrd\Desktop\Resume Download - MultiFrame_win7.zip.lnk
2014-08-10 17:58 - 2014-08-10 17:58 - 00000000 ____H () C:\Users\srcstcbstrd\Documents\MultiFrame_win7.zip.part
2014-08-10 17:57 - 2014-08-10 17:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Akamai
2014-08-10 17:49 - 2014-08-10 17:55 - 00069561 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 17:48 - 2014-08-10 17:56 - 00000090 _____ () C:\Windows\setupact.log
2014-08-10 17:48 - 2014-08-10 17:48 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-10 17:48 - 2014-08-10 17:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 11:09 - 2014-08-11 11:00 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 11:09 - 2014-08-10 17:49 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 09:58 - 2014-08-10 17:49 - 00002020 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-03 09:58 - 2014-08-10 17:49 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 09:58 - 2014-08-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 10:36 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:36 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:36 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:36 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:36 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:53 - 2014-08-02 07:55 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:53 - 2014-08-02 07:55 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-07-30 04:09 - 2014-08-02 11:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-30 04:09 - 2014-08-02 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 19:36 - 2014-08-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:28 - 2014-07-27 13:33 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:28 - 2014-07-20 23:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-27 11:28 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:18 - 2014-07-20 23:01 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-27 09:42 - 2014-08-10 17:49 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:41 - 2014-07-27 11:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-26 17:20 - 2014-08-05 00:20 - 00122584 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 17:20 - 2014-07-27 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-05-12 07:26 - 00091352 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-26 17:20 - 2014-05-12 07:26 - 00063704 _____ () C:\Windows\system32\Drivers\mwac.sys
2014-07-25 04:51 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 04:39 - 2014-07-27 13:38 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-23 07:02 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-13 13:19 - 2014-08-10 17:48 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2014-07-27 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-13 13:18 - 2012-09-29 22:50 - 00512544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-07-13 13:18 - 2012-09-29 22:49 - 00040992 _____ () C:\Windows\system32\CleanMFT64.exe
2014-07-13 13:18 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 17:23 - 2011-06-28 04:44 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
2014-08-11 17:22 - 2014-08-11 17:22 - 00000000 ____D () C:\FRST
2014-08-11 17:19 - 2011-04-09 01:14 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Outlook Files
2014-08-11 17:10 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 11:00 - 2014-08-03 11:09 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-10 20:56 - 2014-08-10 20:56 - 00001033 _____ () C:\Users\srcstcbstrd\Desktop\FreeCommander.lnk
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\FreeCommander
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Program Files (x86)\FreeCommander
2014-08-10 19:47 - 2011-04-10 10:42 - 00000000 ____D () C:\Torrents Complete
2014-08-10 19:47 - 2011-04-10 10:42 - 00000000 ____D () C:\Bit Torrents
2014-08-10 19:32 - 2014-07-10 10:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-10 19:01 - 2014-08-10 18:44 - 00002603 _____ () C:\Users\Public\Desktop\ASUS MultiFrame.lnk
2014-08-10 19:01 - 2014-08-10 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-10 18:44 - 2014-08-10 18:44 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-08-10 17:58 - 2014-08-10 17:58 - 00001416 _____ () C:\Users\srcstcbstrd\Desktop\Resume Download - MultiFrame_win7.zip.lnk
2014-08-10 17:58 - 2014-08-10 17:58 - 00000000 ____H () C:\Users\srcstcbstrd\Documents\MultiFrame_win7.zip.part
2014-08-10 17:58 - 2014-08-10 17:57 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Akamai
2014-08-10 17:56 - 2014-08-10 17:48 - 00000090 _____ () C:\Windows\setupact.log
2014-08-10 17:55 - 2014-08-10 17:49 - 00069561 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 17:55 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 17:55 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 17:49 - 2014-08-03 11:09 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-10 17:49 - 2014-08-03 09:58 - 00002020 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-10 17:49 - 2014-08-03 09:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-10 17:49 - 2014-07-27 09:42 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-10 17:49 - 2014-07-07 15:53 - 00004844 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-08-10 17:49 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-08-10 17:49 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-08-10 17:48 - 2014-08-10 17:48 - 00032758 _____ () C:\Windows\PFRO.log
2014-08-10 17:48 - 2014-08-10 17:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-10 17:48 - 2014-07-13 13:19 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-08-10 17:48 - 2013-11-26 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-08-10 17:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:23 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\DMCache
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-05 00:20 - 2014-07-26 17:20 - 00122584 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 00:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Tim Mahoney\Redheads
2014-08-04 23:45 - 2014-03-05 09:32 - 00000000 ____D () C:\Users\Tim Mahoney\Pics
2014-08-04 23:30 - 2011-04-09 01:12 - 00000000 ____D () C:\Users\Tim Mahoney\Asians
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 17:14 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\CrashDumps
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 11:05 - 2014-07-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 11:05 - 2014-07-11 09:50 - 00000000 ____D () C:\found.000
2014-08-03 11:05 - 2011-04-12 14:01 - 00000000 ____D () C:\DVD's To Watch
2014-08-03 11:05 - 2011-04-09 01:23 - 00000000 ____D () C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2014-08-03 11:04 - 2012-03-25 15:14 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Media Player Classic
2014-08-03 11:04 - 2011-12-27 19:18 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-03 11:04 - 2011-04-09 02:22 - 00000000 ____D () C:\Program Files\Free MKV Video2Dvd
2014-08-03 11:04 - 2011-04-09 02:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 10:03 - 2014-08-03 09:58 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 10:01 - 2013-11-16 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-03 10:01 - 2011-04-09 01:05 - 00000000 ___RD () C:\Users\srcstcbstrd\Desktop\Disc Cleaners
2014-08-03 10:01 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 11:07 - 2014-07-30 04:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:07 - 2014-07-30 04:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 08:24 - 2012-05-23 18:46 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Winamp
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:55 - 2014-08-02 07:53 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:55 - 2014-08-02 07:53 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-02 06:14 - 2009-07-14 01:38 - 00067584 ____S () C:\Windows\bootstet.dat
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-08-01 23:07 - 2013-09-08 08:36 - 00000000 ____D () C:\Qoobox
2014-08-01 23:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 16:29 - 2013-08-23 14:35 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:12 - 2013-11-17 18:13 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\vlc
2014-08-01 14:52 - 2012-09-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 09:33 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IDM
2014-07-28 16:19 - 2013-08-24 08:52 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Dashlane
2014-07-28 16:14 - 2011-04-10 11:00 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-07-27 21:19 - 2013-09-05 16:28 - 00000000 ____D () C:\Users\srcstcbstrd\OfficeToolkit2010[1]
2014-07-27 21:19 - 2011-04-09 01:06 - 00000000 ____D () C:\Users\srcstcbstrd\Downloads\Programs Downloaded
2014-07-27 19:11 - 2014-06-18 22:45 - 00002656 _____ () C:\Users\srcstcbstrd\Desktop\Rkill.txt
2014-07-27 19:07 - 2013-10-29 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-27 17:58 - 2014-07-26 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 13:38 - 2014-07-25 04:39 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-27 13:33 - 2014-07-27 13:28 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:42 - 2014-07-27 09:41 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 10:27 - 2014-07-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-27 10:27 - 2013-07-09 22:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
2014-07-27 10:27 - 2013-06-09 11:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-07-27 10:25 - 2013-01-13 17:37 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:19 - 2011-04-09 10:24 - 00000000 ____D () C:\Users\srcstcbstrd
2014-07-27 10:19 - 2009-07-13 22:34 - 26738688 _____ () C:\Windows\system32\config\system.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 101974016 _____ () C:\Windows\system32\config\software.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 04980736 _____ () C:\Windows\system32\config\default.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:42 - 2013-12-24 01:08 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-27 09:42 - 2013-09-07 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-07-27 09:42 - 2011-04-11 08:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\GlarySoft
2014-07-27 09:37 - 2014-04-26 17:56 - 00015841 _____ () C:\Users\srcstcbstrd\Documents\hijackthis.log
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-27 00:00 - 2011-10-15 15:41 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-25 04:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 17:20 - 2011-09-08 21:43 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Malwarebytes
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 21:33 - 2014-06-18 22:49 - 00000000 ____D () C:\Users\srcstcbstrd\Pavark
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\ProgramData\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-24 18:49 - 2014-01-26 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 18:49 - 2011-04-09 02:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:02 - 2014-01-26 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 17:22 - 2014-02-02 13:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Astrill
2014-07-21 04:05 - 2014-07-11 11:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 23:01 - 2014-07-27 11:28 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-20 23:01 - 2014-07-27 10:18 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-20 17:42 - 2012-01-19 23:30 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-18 03:11 - 2014-07-27 11:28 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 15:45 - 2011-04-10 12:54 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\ESTsoft
2014-07-13 13:23 - 2011-01-05 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2011-01-05 04:00 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-13 13:16 - 2014-02-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-07-13 13:15 - 2014-02-02 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2014-07-12 07:42 - 2013-04-13 14:34 - 00000846 _____ () C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-12 07:41 - 2014-07-10 10:04 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-12 07:33 - 2014-07-12 07:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 19:03

==================== End Of Log ============================

 

 

My computer is getting worse. The monitor is no longer recognized and has gone to a default setting with terrible resolution and no matter how much or how many times I try and change it, nothing happens.

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 12 August 2014 - 09:17 AM

FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]

This Firefox Extension is problematic.
If you installed it and know what it is just remove it before saving the fixlist.txt as suggested below.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: javascript - No CLSID Value -
Handler-x32: res - No CLSID Value -
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Honey - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-08-02]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]
Task: {08D2B8B0-3649-4AFA-B4B5-99F8A1F22657} - System32\Tasks\Updater26278.exe => C:\Users\srcstcbstrd\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {AA4A7A95-00F4-4324-857D-277274C49025} - \SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce No Task File <==== ATTENTION
Task: {AF169B97-DDB1-4CC9-AD69-7C5E415D71A8} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C6C2A03E-DAA7-4BBD-908A-879B9B9D6E85} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {E0AB0C62-5E54-42F3-82C7-86B036DFECD7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

 

BootExecute: autocheck autochk /k:C /k:D /k:E *

Did you set this

This is the reason for the /k switch.

/k:Volume * Excludes Chkdsk from running against the volume.
<<<>>>
 

My computer is getting worse. The monitor is no longer recognized and has gone to a default setting with terrible resolution and no matter how much or how many times I try and change it, nothing happens.

I do not think that this is the work of malware.

Open your control panel and look at the Hardware
Is there anything with a Yellow exclamation mark that would indicate a problem?

If not it may be a problem with your RAM

You can use this tool to check them.
Download Memtest86 extract the ISO file memtest.iso to your hard disc, and using your CD writing software, burn the ISO file to a CD as an image (for instance, if you are using Nero, you would select "Burn Image" from the menu). You don't need to do anything else to it to try to create a bootable disc.

After you have burned the ISO file to disc, you should have one folder on the disc containing two files:
BOOT <-- folder
BOOT.CAT <-- file
MEMTEST.IMG <-- file

Just boot from the CD, and the memory test should begin automatically.

Keep me posted.

#14 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 12 August 2014 - 09:35 PM

Hey nasdaq - I did as you directed and deleted the jetpack.xpi before running FRST.

 

No yellow flag on any hardware. I did not set the /k switch nor would I know how to do it.

 

I've got my video privileges back but I still can't get into System Restore to turn it on. Whenever I have to do a reboot, the exact same items come up as if this thing is stuck at August 2nd - so if I download or change a program (I tried the AMD Catalyst Control Center to see if could take control of the monitor ID, tried to erase some issues that Hitman Pro brings up - but they reappear every frikkin' time I reboot). You will note that the jetpack.xpi is back as if I never deleted it (at least it appeared when I checked it out under C:/Users....just now after the scan reboot). Is there something in the registry that has to be deleted? Are we thinking that this infernal machine has to be wiped to the default settings?

 

Here's the scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by srcstcbstrd (administrator) on TIMS-COMPUTER on 12-08-2014 20:28:21
Running from F:\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
() C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PCTools FGuard] => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [247760 2011-09-01] (Threat Expert Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Tractivity.Helper] => C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe [536064 2013-07-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-07-13] (Symantec Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Dashlane] => C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-07-28] ()
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [5132312 2014-07-10] (Astrill)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BootExecute: autocheck autochk /k:C /k:D /k:E *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC372924FE8ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} -> C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254
FF NewTab: about:blank
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Astrill Proxy Switcher - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\addon@astrill.com [2014-02-02]
FF Extension: Xmarks - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: InvisibleHand - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-09-15]
FF Extension: Customizations for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\customization@adblockplus.org.xpi [2013-09-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-15]
FF Extension: MEGA - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\firefox@mega.co.nz.xpi [2014-04-29]
FF Extension: Google Translator for Firefox - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\translator@zoli.bod.xpi [2013-12-21]
FF Extension: Session Manager - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-15]
FF Extension: Bluhell Firewall - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
FF Extension: Adblock Edge - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF Extension: Browser Defender Toolbar - C:\Program Files (x86)\PC Tools Security\BDT\Firefox [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-08-12]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-07-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-07-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
R3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-09-01] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1092096 2012-09-04] (Faronics Corporation) [File not signed]
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-20] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-30] () [File not signed]
R2 M4iPodWPDService; C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [211968 2010-11-15] (Mediafour Corporation) [File not signed]
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] () [File not signed]
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] () [File not signed]
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-18] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-12-31] () [File not signed]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 39594151; C:\Windows\System32\DRIVERS\39594151.sys [157712 2009-09-25] (Kaspersky Lab)
R0 39594152; C:\Windows\System32\DRIVERS\39594152.sys [40464 2009-10-22] (Kaspersky Lab)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11172864 2012-04-26] () [File not signed]
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [190432 2010-11-15] (EldoS Corporation) [File not signed]
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [214744 2012-09-04] (Faronics Corporation)
R0 DfDiskLow; C:\Windows\System32\Drivers\DfDiskLow.sys [38232 2012-09-04] (Faronics Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-27] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140812.002\IDSvia64.sys [525016 2014-07-10] (Symantec Corporation)
S4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] () [File not signed]
S4 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] () [File not signed]
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [346216 2009-07-29] (Mediafour Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140812.008\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140812.008\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 setup_9.0.0.722_27.04.2011_00-08drv; C:\Windows\System32\DRIVERS\3959415.sys [352784 2009-10-09] (Kaspersky Lab)
U5 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-11-21] (Soluto LTD.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-13] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 20:28 - 2014-08-12 20:28 - 00000000 ____D () C:\FRST
2014-08-12 19:18 - 2014-08-12 19:29 - 00144290 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 19:18 - 2014-08-12 19:29 - 00000090 _____ () C:\Windows\setupact.log
2014-08-12 19:18 - 2014-08-12 19:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-12 19:17 - 2014-08-12 19:17 - 00032948 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 11:09 - 2014-08-12 19:19 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-03 11:09 - 2014-08-04 11:00 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 09:58 - 2014-08-12 19:19 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 09:58 - 2014-08-12 19:18 - 00002020 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-03 09:58 - 2014-08-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 10:36 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:36 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:36 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:36 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:36 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:36 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:53 - 2014-08-02 07:55 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:53 - 2014-08-02 07:55 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-07-30 04:09 - 2014-08-02 11:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-30 04:09 - 2014-08-02 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 19:36 - 2014-08-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:28 - 2014-07-27 13:33 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:28 - 2014-07-20 23:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-27 11:28 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:18 - 2014-07-20 23:01 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-27 09:42 - 2014-08-12 19:19 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:41 - 2014-07-27 11:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-26 17:20 - 2014-08-05 00:20 - 00122584 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 17:20 - 2014-07-27 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-05-12 07:26 - 00091352 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-26 17:20 - 2014-05-12 07:26 - 00063704 _____ () C:\Windows\system32\Drivers\mwac.sys
2014-07-25 04:51 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 04:39 - 2014-07-27 13:38 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-23 07:02 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-13 13:19 - 2014-08-12 19:18 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2014-07-27 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-13 13:18 - 2012-09-29 22:50 - 00512544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-07-13 13:18 - 2012-09-29 22:49 - 00040992 _____ () C:\Windows\system32\CleanMFT64.exe
2014-07-13 13:18 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-07-13 13:18 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 20:28 - 2014-08-12 20:28 - 00000000 ____D () C:\FRST
2014-08-12 20:26 - 2011-04-09 01:14 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Outlook Files
2014-08-12 20:25 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 19:45 - 2013-08-24 08:52 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Dashlane
2014-08-12 19:42 - 2014-07-10 10:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-12 19:29 - 2014-08-12 19:18 - 00144290 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 19:29 - 2014-08-12 19:18 - 00000090 _____ () C:\Windows\setupact.log
2014-08-12 19:26 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 19:26 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 19:21 - 2011-06-28 04:44 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
2014-08-12 19:20 - 2014-07-07 15:53 - 00004844 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-08-12 19:20 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-08-12 19:20 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-08-12 19:19 - 2014-08-03 11:09 - 00000434 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-12 19:19 - 2014-08-03 09:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-12 19:19 - 2014-07-27 09:42 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-12 19:18 - 2014-08-12 19:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-12 19:18 - 2014-08-03 09:58 - 00002020 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-12 19:18 - 2014-07-13 13:19 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-08-12 19:18 - 2013-11-26 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-08-12 19:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 19:17 - 2014-08-12 19:17 - 00032948 _____ () C:\Windows\PFRO.log
2014-08-05 00:23 - 2014-08-05 00:23 - 16336550 ____N () C:\Persi0.sys
2014-08-05 00:23 - 2014-08-05 00:23 - 00000000 ____D () C:\Program Files (x86)\Faronics
2014-08-05 00:23 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\DMCache
2014-08-05 00:22 - 2014-08-05 00:22 - 00000000 _____ () C:\dfinstall.log
2014-08-05 00:20 - 2014-07-26 17:20 - 00122584 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 00:20 - 2011-04-10 10:42 - 00000000 ____D () C:\Torrents Complete
2014-08-05 00:19 - 2011-04-10 10:42 - 00000000 ____D () C:\Bit Torrents
2014-08-05 00:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Tim Mahoney\Redheads
2014-08-04 23:45 - 2014-03-05 09:32 - 00000000 ____D () C:\Users\Tim Mahoney\Pics
2014-08-04 23:30 - 2011-04-09 01:12 - 00000000 ____D () C:\Users\Tim Mahoney\Asians
2014-08-04 14:19 - 2014-08-04 14:19 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 11:00 - 2014-08-03 11:09 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-03 17:14 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\CrashDumps
2014-08-03 11:09 - 2014-08-03 11:09 - 00003094 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-03 11:09 - 2014-08-03 11:09 - 00002872 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-03 11:05 - 2014-07-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 11:05 - 2014-07-11 09:50 - 00000000 ____D () C:\found.000
2014-08-03 11:05 - 2011-04-12 14:01 - 00000000 ____D () C:\DVD's To Watch
2014-08-03 11:05 - 2011-04-09 01:23 - 00000000 ____D () C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2014-08-03 11:04 - 2012-03-25 15:14 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Media Player Classic
2014-08-03 11:04 - 2011-12-27 19:18 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 11:04 - 2011-04-09 02:27 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-03 11:04 - 2011-04-09 02:22 - 00000000 ____D () C:\Program Files\Free MKV Video2Dvd
2014-08-03 11:04 - 2011-04-09 02:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-03 10:03 - 2014-08-03 10:03 - 00001213 _____ () C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2014-08-03 10:03 - 2014-08-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2014-08-03 10:03 - 2014-08-03 09:58 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-08-03 10:01 - 2013-11-16 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-03 10:01 - 2011-04-09 01:05 - 00000000 ___RD () C:\Users\srcstcbstrd\Desktop\Disc Cleaners
2014-08-03 10:01 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
2014-08-03 09:58 - 2014-08-03 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-02 11:07 - 2014-07-30 04:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:07 - 2014-07-30 04:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 08:24 - 2012-05-23 18:46 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Winamp
2014-08-02 08:15 - 2014-08-02 08:15 - 00006101 _____ () C:\Users\srcstcbstrd\Desktop\attach.zip
2014-08-02 07:55 - 2014-08-02 07:53 - 00037924 _____ () C:\Users\srcstcbstrd\Desktop\dds.txt
2014-08-02 07:55 - 2014-08-02 07:53 - 00021391 _____ () C:\Users\srcstcbstrd\Desktop\attach.txt
2014-08-02 06:14 - 2009-07-14 01:38 - 00067584 ____S () C:\Windows\bootstet.dat
2014-08-01 23:07 - 2014-08-01 23:07 - 00045392 _____ () C:\ComboFix.txt
2014-08-01 23:07 - 2013-09-08 08:36 - 00000000 ____D () C:\Qoobox
2014-08-01 23:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 16:29 - 2013-08-23 14:35 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:12 - 2013-11-17 18:13 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\vlc
2014-08-01 14:52 - 2012-09-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 09:33 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IDM
2014-07-28 16:14 - 2011-04-10 11:00 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-07-27 21:19 - 2013-09-05 16:28 - 00000000 ____D () C:\Users\srcstcbstrd\OfficeToolkit2010[1]
2014-07-27 21:19 - 2011-04-09 01:06 - 00000000 ____D () C:\Users\srcstcbstrd\Downloads\Programs Downloaded
2014-07-27 19:11 - 2014-06-18 22:45 - 00002656 _____ () C:\Users\srcstcbstrd\Desktop\Rkill.txt
2014-07-27 19:07 - 2013-10-29 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-27 17:58 - 2014-07-26 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 13:38 - 2014-07-25 04:39 - 05563277 ____R (Swearware) C:\Users\srcstcbstrd\Desktop\ComboFix.exe
2014-07-27 13:33 - 2014-07-27 13:28 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 11:42 - 2014-07-27 09:41 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-07-27 10:27 - 2014-07-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2014-07-27 10:27 - 2013-07-09 22:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
2014-07-27 10:27 - 2013-06-09 11:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-07-27 10:25 - 2013-01-13 17:37 - 00000000 ____D () C:\Windows\Minidump
2014-07-27 10:19 - 2014-07-27 10:19 - 00024576 _____ () C:\Windows\system32\config\sam.gu
2014-07-27 10:19 - 2011-04-09 10:24 - 00000000 ____D () C:\Users\srcstcbstrd
2014-07-27 10:19 - 2009-07-13 22:34 - 26738688 _____ () C:\Windows\system32\config\system.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 101974016 _____ () C:\Windows\system32\config\software.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 04980736 _____ () C:\Windows\system32\config\default.gu.bak
2014-07-27 10:19 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2014-07-27 09:42 - 2014-07-27 09:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-07-27 09:42 - 2014-07-27 09:42 - 00002994 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-07-27 09:42 - 2014-07-27 09:42 - 00002662 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-07-27 09:42 - 2014-07-27 09:42 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-07-27 09:42 - 2014-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-07-27 09:42 - 2013-12-24 01:08 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-27 09:42 - 2013-09-07 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-07-27 09:42 - 2011-04-11 08:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\GlarySoft
2014-07-27 09:37 - 2014-04-26 17:56 - 00015841 _____ () C:\Users\srcstcbstrd\Documents\hijackthis.log
2014-07-27 09:17 - 2014-07-27 09:17 - 00000388 _____ () C:\Windows\system32\.crusader
2014-07-27 00:00 - 2011-10-15 15:41 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-26 17:20 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 17:20 - 2014-07-25 04:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 17:20 - 2011-09-08 21:43 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Malwarebytes
2014-07-24 21:37 - 2014-07-24 21:37 - 00000000 ____D () C:\Users\srcstcbstrd\Doctor Web
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-24 21:36 - 2014-07-24 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-24 21:33 - 2014-06-18 22:49 - 00000000 ____D () C:\Users\srcstcbstrd\Pavark
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\ProgramData\IObit
2014-07-24 20:23 - 2013-10-18 15:30 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-24 18:49 - 2014-01-26 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 18:49 - 2011-04-09 02:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:02 - 2014-01-26 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 17:22 - 2014-02-02 13:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Astrill
2014-07-21 04:05 - 2014-07-11 11:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 23:01 - 2014-07-27 11:28 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-20 23:01 - 2014-07-27 10:18 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2014-07-20 17:42 - 2012-01-19 23:30 - 00000000 ____D () C:\ProgramData\Acronis
2014-07-18 03:11 - 2014-07-27 11:28 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-15 04:41 - 2014-07-15 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-14 15:45 - 2011-04-10 12:54 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\ESTsoft
2014-07-13 13:23 - 2011-01-05 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-07-13 13:19 - 2014-07-13 13:19 - 00002536 _____ () C:\Windows\System32\Tasks\NUAutoUpdate
2014-07-13 13:19 - 2014-07-13 13:19 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Norton Utilities 16
2014-07-13 13:18 - 2011-01-05 04:00 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-13 13:16 - 2014-02-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-07-13 13:15 - 2014-02-02 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 19:03

==================== End Of Log ============================

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 13 August 2014 - 06:59 AM

You are running the Farbar tool from your F: drive. (F:\FRST)

I suggest you create a new folder on the Desktop of the C: drive. Name it My_FRST
Copy the Farbar .exe to that folder.

Creat the following file and place it in that new folder and run the Farbar Fix.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BootExecute: autocheck autochk /k:C /k:D /k:E *
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
S3 vwifibus; system32\DRIVERS\vwifibus.sys [X]
Task: {08D2B8B0-3649-4AFA-B4B5-99F8A1F22657} - System32\Tasks\Updater26278.exe => C:\Users\srcstcbstrd\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {AA4A7A95-00F4-4324-857D-277274C49025} - \SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce No Task File <==== ATTENTION
Task: {AF169B97-DDB1-4CC9-AD69-7C5E415D71A8} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C6C2A03E-DAA7-4BBD-908A-879B9B9D6E85} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {E0AB0C62-5E54-42F3-82C7-86B036DFECD7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users