Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Play Videos, Can't Do Microsoft Updates


  • This topic is locked This topic is locked
22 replies to this topic

#1 srcstcbstrd

srcstcbstrd

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 15 September 2014 - 09:49 PM

Hi - I guess I should clarify the Topic Title. I have updates waiting for me and when I install them, they invariably fail - the important security ones anyway. When I successfully install the optional updates (and they work), I suddenly lose the ability to play any video files through any medium whether it be MPC, WMP, VLC, Adobe Flash when trying to watch something on You Tube. When I try and open a video file on the hard drive, the video player (all of them) crash immediately. I did a System Restore and rolled back to before the updates were installed and all was well. Thinking that everything is back to normal, I again tried the important updates and a couple of optional updates. The optional ones worked but the important security ones did not. But the trouble with the videos cropped up again. I also can't get into the 'System' from the Control Panel to try and diagnose further.

I did have a similar problem in early August of this year so I want back to what the wonderful moderator, nasdaq, advised and tried to use some of the same anti malware programs but to no avail. So nasdaq, if you are out there, how about giving me another hand on clearing this up (and no, I don't have Deep Freeze installed on this infernal machine).



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 20 September 2014 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I again. A good think I take the topic from the top of the list and read what problems I may have to deal with.

I will give it an other trial.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 21 September 2014 - 09:07 AM

Hi nasdaq - thank you for taking the time to help me again. I'm not sure what is going on if installing the latest updates screws up my machine. Anyhoo... here's the reports (I did not 'Clean' with Adw - I thought I'd let you tell me what is bad):

 

# AdwCleaner v3.310 - Report created 14/09/2014 at 16:23:16
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : srcstcbstrd - TIMS-COMPUTER
# Running from : E:\Most Recent Downloads\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
File Found : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\searchplugins\safesearch.xml
File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\Program Files\FreeFixer
Folder Found : C:\Users\srcstcbstrd\AppData\Local\FreeFixer
Folder Found : C:\Users\srcstcbstrd\AppData\Roaming\FreeFixer
Folder Found : C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer

***** [ Scheduled Tasks ] *****

Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : FreeFixer background scan

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\prefs.js ]


[ File : C:\Users\Tim's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\a7003pln.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\srcstcbstrd\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R10].txt - [3006 octets] - [14/09/2014 16:23:16]
AdwCleaner[R8].txt - [2220 octets] - [24/07/2014 20:22:13]
AdwCleaner[R9].txt - [1443 octets] - [01/08/2014 16:25:16]
AdwCleaner[S8].txt - [2265 octets] - [24/07/2014 20:23:34]
AdwCleaner[S9].txt - [1510 octets] - [01/08/2014 16:29:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [3307 octets] ##########
# AdwCleaner v3.310 - Report created 21/09/2014 at 09:43:07
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : srcstcbstrd - TIMS-COMPUTER
# Running from : E:\Most Recent Downloads\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\searchplugins\safesearch.xml
File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\Program Files\FreeFixer
Folder Found : C:\Users\srcstcbstrd\AppData\Local\FreeFixer
Folder Found : C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer

***** [ Scheduled Tasks ] *****

Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : FreeFixer background scan

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\prefs.js ]


[ File : C:\Users\Tim's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\a7003pln.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\srcstcbstrd\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R10].txt - [6181 octets] - [14/09/2014 16:23:16]
AdwCleaner[R8].txt - [2220 octets] - [24/07/2014 20:22:13]
AdwCleaner[R9].txt - [1443 octets] - [01/08/2014 16:25:16]
AdwCleaner[S10].txt - [3355 octets] - [14/09/2014 16:47:08]
AdwCleaner[S8].txt - [2265 octets] - [24/07/2014 20:23:34]
AdwCleaner[S9].txt - [1510 octets] - [01/08/2014 16:29:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [6543 octets] ##########

 

 

Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by srcstcbstrd (administrator) on TIMS-COMPUTER on 21-09-2014 10:03:56
Running from C:\Users\srcstcbstrd\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Mediafour Corporation) C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
(Mediafour Corporation) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Astrill) C:\Program Files (x86)\Astrill\ASProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PCTools FGuard] => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [247760 2011-09-01] (Threat Expert Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Tractivity.Helper] => C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe [536064 2013-07-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-07-13] (Symantec Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Dashlane] => C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-08-26] ()
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-03] (Tonec Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1414992 2014-09-18] (BitTorrent Inc.)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [5132312 2014-07-10] (Astrill)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC372924FE8ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} -> C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: cardisabled\javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cardisabled\res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254
FF NewTab: about:blank
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\searchplugins\safesearch.xml
FF Extension: Astrill Proxy Switcher - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\addon@astrill.com [2014-02-02]
FF Extension: Xmarks - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: InvisibleHand - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-09-15]
FF Extension: Customizations for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\customization@adblockplus.org.xpi [2013-09-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-15]
FF Extension: MEGA - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\firefox@mega.co.nz.xpi [2014-04-29]
FF Extension: Google Translator for Firefox - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\translator@zoli.bod.xpi [2013-12-21]
FF Extension: Session Manager - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-15]
FF Extension: Bluhell Firewall - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-20]
FF Extension: Adblock Plus - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
FF Extension: Adblock Edge - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF Extension: Browser Defender Toolbar - C:\Program Files (x86)\PC Tools Security\BDT\Firefox [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-09-21]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5 [2014-09-12]
FF HKCU\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-08-27]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\srcstcbstrd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\srcstcbstrd\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKCU\...\Chrome\Extension: [mkjojgglmmcghgaiknnpgjgldgaocjfd] - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\3.0.6.69630\bin\Chrome_Extension\kwift.crx [2014-08-26]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-17]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-08-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-01] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
R3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-09-01] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-30] () [File not signed]
R2 M4iPodWPDService; C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [211968 2010-11-15] (Mediafour Corporation) [File not signed]
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] () [File not signed]
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] () [File not signed]
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-10-18] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-12-31] () [File not signed]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 39594151; C:\Windows\System32\DRIVERS\39594151.sys [157712 2009-09-25] (Kaspersky Lab)
R0 39594152; C:\Windows\System32\DRIVERS\39594152.sys [40464 2009-10-22] (Kaspersky Lab)
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003_76e\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [190432 2010-11-15] (EldoS Corporation) [File not signed]
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-27] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [346216 2009-07-29] (Mediafour Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140920.001\ENG64.SYS [129752 2014-09-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140920.001\EX64.SYS [2137304 2014-09-16] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 setup_9.0.0.722_27.04.2011_00-08drv; C:\Windows\System32\DRIVERS\3959415.sys [352784 2009-10-09] (Kaspersky Lab)
U5 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-11-21] (Soluto LTD.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-13] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:30 - 2014-09-18 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 18:36 - 2014-09-16 18:36 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 17:10 - 2014-09-15 17:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 16:43 - 2014-09-21 10:03 - 00000000 ____D () C:\Users\srcstcbstrd\Desktop\FRST
2014-09-14 16:30 - 2014-09-21 10:03 - 00000000 ____D () C:\FRST
2014-09-14 10:51 - 2014-09-14 10:51 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Adobe
2014-09-14 10:51 - 2014-09-14 10:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-12 07:05 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-09-10 06:26 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 06:26 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 06:26 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 06:26 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 06:26 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 06:26 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 06:26 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 06:26 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 06:26 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-29 00:40 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 00:40 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 00:40 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 05:00 - 2014-08-27 05:00 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (srcstcbstrd)
2014-08-27 05:00 - 2014-08-27 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-08-27 04:30 - 2014-08-27 05:00 - 00003226 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-08-27 04:30 - 2014-08-27 05:00 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-08-25 16:28 - 2014-09-21 03:29 - 00000000 ___RD () C:\Users\srcstcbstrd\Google Drive
2014-08-25 16:21 - 2014-09-21 09:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 16:21 - 2014-09-21 03:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 16:21 - 2014-08-25 16:21 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-25 16:21 - 2014-08-25 16:21 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-25 16:21 - 2014-08-25 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-25 16:21 - 2014-08-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 10:03 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\srcstcbstrd\Desktop\FRST
2014-09-21 10:03 - 2014-09-14 16:30 - 00000000 ____D () C:\FRST
2014-09-21 10:02 - 2011-06-28 04:44 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
2014-09-21 09:58 - 2011-04-09 01:14 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\Outlook Files
2014-09-21 09:43 - 2013-08-23 14:35 - 00000000 ____D () C:\AdwCleaner
2014-09-21 09:42 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\DMCache
2014-09-21 09:31 - 2014-08-17 22:56 - 00010239 _____ () C:\Windows\setupact.log
2014-09-21 09:26 - 2014-08-25 16:21 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 05:06 - 2014-08-17 23:05 - 01753662 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 03:35 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 03:35 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 03:29 - 2014-08-25 16:28 - 00000000 ___RD () C:\Users\srcstcbstrd\Google Drive
2014-09-21 03:28 - 2014-07-27 09:42 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-09-21 03:28 - 2014-07-13 13:19 - 00000300 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-09-21 03:28 - 2014-07-07 15:53 - 00004844 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-09-21 03:28 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-09-21 03:28 - 2014-07-07 15:53 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-09-21 03:28 - 2013-11-26 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-09-21 03:27 - 2014-08-25 16:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 03:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 03:18 - 2011-04-10 11:00 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-09-20 21:33 - 2011-04-10 10:42 - 00000000 ____D () C:\Torrents Complete
2014-09-20 21:33 - 2011-04-10 10:42 - 00000000 ____D () C:\Bit Torrents
2014-09-20 11:00 - 2014-08-03 11:09 - 00000414 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-09-20 08:00 - 2011-04-10 11:00 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IDM
2014-09-20 03:18 - 2012-09-04 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 04:56 - 2011-04-09 01:05 - 00000000 ___RD () C:\Users\srcstcbstrd\Desktop\Disc Cleaners
2014-09-18 19:31 - 2014-09-18 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 22:13 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Tim Mahoney\Redheads
2014-09-16 18:48 - 2011-04-09 10:24 - 00000000 ____D () C:\Users\srcstcbstrd
2014-09-16 18:46 - 2014-08-03 09:58 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-09-16 18:46 - 2014-04-07 20:35 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation
2014-09-16 18:46 - 2014-02-02 13:17 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Astrill
2014-09-16 18:46 - 2011-01-05 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-16 18:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-16 18:36 - 2014-09-16 18:36 - 00116008 _____ () C:\Users\srcstcbstrd\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 19:42 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 17:14 - 2013-11-23 18:47 - 00000000 ____D () C:\Windows\system32\log
2014-09-15 17:14 - 2011-12-28 10:29 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-15 17:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-15 17:13 - 2014-07-26 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 17:13 - 2014-03-17 16:39 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-09-15 17:13 - 2014-03-02 15:11 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\FreeFixer
2014-09-15 17:13 - 2014-03-02 15:11 - 00000000 ____D () C:\Program Files\FreeFixer
2014-09-15 17:13 - 2013-11-17 18:13 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\vlc
2014-09-15 17:13 - 2013-11-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-15 17:13 - 2013-09-19 22:18 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-15 17:12 - 2014-09-14 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 17:12 - 2014-07-26 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 17:12 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-14 12:13 - 2013-12-12 21:48 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\CrashDumps
2014-09-14 10:51 - 2014-09-14 10:51 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Adobe
2014-09-14 10:51 - 2014-09-14 10:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-13 06:35 - 2011-04-10 13:43 - 00001057 _____ () C:\Users\srcstcbstrd\AppData\Roaming\vso_ts_preview.xml
2014-09-13 06:35 - 2011-04-10 13:43 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Vso
2014-09-13 03:20 - 2014-08-17 22:59 - 00010052 _____ () C:\Windows\PFRO.log
2014-09-13 00:04 - 2014-03-29 23:12 - 00000000 ____D () C:\Users\srcstcbstrd\Documents\ConvertXToDVD
2014-09-12 21:47 - 2011-04-10 15:33 - 00000000 ____D () C:\ProgramData\vsosdk
2014-09-12 19:58 - 2013-01-12 17:16 - 00000000 ____D () C:\ProgramData\VSO
2014-09-12 18:58 - 2011-04-09 01:12 - 00000000 ____D () C:\Users\Tim Mahoney\Asians
2014-09-12 18:57 - 2014-03-05 09:32 - 00000000 ____D () C:\Users\Tim Mahoney\Pics
2014-09-11 03:25 - 2011-04-09 02:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:24 - 2014-07-09 09:05 - 00770380 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:23 - 2013-07-25 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2014-07-07 13:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-01 17:48 - 2013-10-29 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-09-01 17:05 - 2009-07-14 01:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-01 16:17 - 2011-04-09 02:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-29 03:17 - 2009-07-14 00:45 - 00421824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:45 - 2013-08-24 08:52 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\Dashlane
2014-08-27 22:41 - 2013-11-28 18:23 - 00006148 _____ () C:\Users\srcstcbstrd\Documents\Fixit50388.reg
2014-08-27 05:00 - 2014-08-27 05:00 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (srcstcbstrd)
2014-08-27 05:00 - 2014-08-27 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-08-27 05:00 - 2014-08-27 04:30 - 00003226 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-08-27 05:00 - 2014-08-27 04:30 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-08-27 05:00 - 2013-10-18 15:30 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Roaming\IObit
2014-08-27 05:00 - 2013-10-18 15:30 - 00000000 ____D () C:\ProgramData\IObit
2014-08-27 05:00 - 2013-10-18 15:30 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-25 16:21 - 2014-08-25 16:21 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-25 16:21 - 2014-08-25 16:21 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-25 16:21 - 2014-08-25 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-25 16:21 - 2014-08-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-25 16:21 - 2011-04-17 13:27 - 00000000 ____D () C:\Users\srcstcbstrd\AppData\Local\Google
2014-08-22 22:07 - 2014-08-29 00:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-29 00:40 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-29 00:40 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 19:03

==================== End Of Log ============================
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 21 September 2014 - 10:55 AM

Run the AdwCleaner tool and clean everything.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start
(BitTorrent Inc.) C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-1654476252-2253211636-4181094436-1001\...\Run: [uTorrent] => C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe [1414992 2014-09-18] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: {6570C58B-C08B-46AD-AA82-2369B0D1B627} -> MacDrive volume icons =>  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: javascript - No CLSID Value -
Handler: mailto - No CLSID Value -
Handler: res - No CLSID Value -
Handler-x32: javascript - No CLSID Value -
Handler-x32: mailto - No CLSID Value -
Handler-x32: res - No CLSID Value -
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\searchplugins\safesearch.xml
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 SMR410; System32\drivers\SMR410.SYS [X]
C:\Users\srcstcbstrd\AppData\Roaming\uTorrent
Task: {08D2B8B0-3649-4AFA-B4B5-99F8A1F22657} - System32\Tasks\Updater26278.exe => C:\Users\srcstcbstrd\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {AA4A7A95-00F4-4324-857D-277274C49025} - \SUPERAntiSpyware Scheduled Task 844b2f19-79d3-458e-af17-269e98155fce No Task File <==== ATTENTION
Task: {AF169B97-DDB1-4CC9-AD69-7C5E415D71A8} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C6C2A03E-DAA7-4BBD-908A-879B9B9D6E85} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {E0AB0C62-5E54-42F3-82C7-86B036DFECD7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

The tool will create a log (Fixlog.txt) please post it to your reply.

====

#5 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 21 September 2014 - 01:28 PM

Hey nasdaq - ok - ran FRST and Adw. Did the Security Check and here's the log.

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.6001)   
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2011   
 Ashampoo Registry Cleaner v.1.00  
 JavaFX 2.1.1    
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

I'll let you know how the computer is running after I do a Microsoft Update and install all the updates. That will be the test.

I just checked the 'System' and the computer is letting me in without shutting it down. That's a good sign.



#6 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 21 September 2014 - 02:07 PM

Update - OK - I tried installing all 7 Windows Updates (2 critical and 5 optional). The most important (Cumulative Security Update Internet Explorer KB2977629 and Update For Windows 7 KB2977728) failed to install. I restarted the computer after the install and went through 2 self restarts after 'Preparing To Configure Windows/Failure Configuring Windows Updates - Reverting Changes). I clicked on Windows Updates and immediately got the message that Windows is up to date. However, about 30 seconds later, it was telling me that I had updates to install which turn out to be exactly the same important ones mentioned above.

I tried some video files - media players shut down immediately after trying to open the file. Got on Firefox and went to YouTube and the Adobe Flash Player crashes immediately. I tried 'System' through the control panel and it shut down immediately.

This is exactly what was happening before. I now have to do a System Restore to get back before the update installations to run videos and online videos. It seems something is coming alive when doing the updates to create these problems.



#7 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 21 September 2014 - 03:02 PM

Did a System Restore - everything ok. Can see videos and Control Panel 'System'. Still asking to update Microsoft but won't because of the problems that arise.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 22 September 2014 - 07:08 AM

Some background information on KBKB2977728 - Microsoft Support
https://www.google.ca/search?q=KB2977728&oq=KB2977728&aqs=chrome..69i57&sourceid=chrome&es_sm=122&ie=UTF-8

===

http://support.microsoft.com/kb/2977629
This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities in Internet Explorer. This security update protects Internet Explorer from being attacked when you view a specially crafted webpage

I would wait awhile then install the KB297629 alone.
Test the system and if all is well then possibly get the other unless you have NO problems some video files.
Your call.

===

#9 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 22 September 2014 - 03:11 PM

So I'm assuming that you didn't see any quirks with my system and it might just be a conflict with the Windows Updates?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 23 September 2014 - 08:09 AM


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45
===

So I'm assuming that you didn't see any quirks with my system and it might just be a conflict with the Windows Updates?


No I do not.
Installing one Update at a time could give us some clues if you get any error message.
Post the message is you get one.

#11 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 24 September 2014 - 09:49 PM

Hey nasdaq - sorry for the delay. I've got the latest Java downloaded. It's just going to take me a few days to try and download the Microsoft updates one at a time and see what works and what doesn't.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 30 September 2014 - 06:24 AM

Are you still with me?

#13 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 30 September 2014 - 07:49 AM

Yes, sorry nasdaq - busy weekend. I got one critical update installed on the machine. The other 2 critical updates keep failing. And also, the optional updates keep showing up even though they've been successfully installed in the past.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 30 September 2014 - 12:34 PM

Run this tool and post the log for my review.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#15 srcstcbstrd

srcstcbstrd
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 30 September 2014 - 04:04 PM

Okay nasdaq - here you go (please note - although ComboFix kept insisting that I still had my Norton Anti-Virus on, I had disabled it for the suggested 5 hours). And thanks again for taking the time to help me.

 

ComboFix 14-09-29.02 - srcstcbstrd 30/09/2014  16:33:05.6.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5870 [GMT -4:00]
Running from: c:\users\srcstcbstrd\Desktop\ComboFix_2.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WiseBootAssistant
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-28 to 2014-09-30  )))))))))))))))))))))))))))))))
.
.
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Tim Mahoney\AppData\Local\temp
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Tim's Computer\AppData\Local\temp
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Owner\AppData\Local\temp
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Jan's Stuff\AppData\Local\temp
2014-09-30 20:49 . 2014-09-30 20:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-30 19:34 . 2014-09-30 20:13    67632    ----a-w-    c:\windows\system32\msln.exe
2014-09-28 21:19 . 2014-09-28 21:19    --------    d-----w-    c:\users\srcstcbstrd\AppData\Local\MaxRecorder
2014-09-28 21:19 . 2014-09-28 21:29    --------    d-----w-    c:\users\srcstcbstrd\AppData\Local\DFX
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\program files (x86)\Max Recorder
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\program files (x86)\DFX
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\users\HomeGroupUser$
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\users\Guest
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\users\Administrator
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\program files (x86)\Common Files\DFX
2014-09-28 21:14 . 2014-09-28 21:14    --------    d-----w-    c:\programdata\DFX
2014-09-28 20:50 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-09-28 20:50 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-09-28 20:50 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-09-28 20:50 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-09-28 20:50 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-09-28 20:50 . 2014-07-09 01:31    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-09-28 20:08 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-28 20:08 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-28 17:42 . 2014-09-28 17:42    94720    ----a-w-    c:\windows\system32\drivers\AtihdW76.sys
2014-09-28 17:42 . 2014-09-28 17:42    110080    ----a-w-    c:\windows\system32\DelayAPO.dll
2014-09-28 17:42 . 2014-09-28 17:42    941784    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2014-09-28 17:42 . 2014-09-28 17:42    73800    ----a-w-    c:\windows\system32\RtNicProp64.dll
2014-09-28 17:22 . 2014-09-28 17:22    948952    ----a-w-    c:\windows\system32\RCoInstII64.dll
2014-09-28 17:22 . 2014-09-28 17:22    628952    ----a-w-    c:\windows\system32\RtDataProc64.dll
2014-09-28 17:22 . 2014-09-28 17:22    60636160    ----a-w-    c:\windows\system32\RCoRes64.dat
2014-09-28 17:22 . 2014-09-28 17:22    3962840    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2014-09-28 17:22 . 2014-09-28 17:22    2834648    ----a-w-    c:\windows\system32\RtPgEx64.dll
2014-09-28 17:22 . 2014-09-28 17:22    2800344    ----a-w-    c:\windows\system32\RltkAPO64.dll
2014-09-28 17:22 . 2014-09-28 17:22    1959128    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2014-09-28 17:22 . 2014-09-28 17:22    1286872    ----a-w-    c:\windows\system32\RTCOM64.dll
2014-09-28 17:22 . 2014-09-28 17:22    1022168    ----a-w-    c:\windows\system32\RtkApi64.dll
2014-09-28 17:22 . 2014-09-28 17:22    2770976    ----a-w-    c:\windows\system32\FMAPO64.dll
2014-09-28 17:22 . 2014-09-28 17:22    113576    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-09-28 17:22 . 2014-09-28 17:22    209096    ----a-w-    c:\windows\system32\AERTAC64.dll
2014-09-23 20:44 . 2014-09-23 20:44    --------    d-----w-    c:\programdata\Oracle
2014-09-23 20:44 . 2014-09-23 20:43    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-23 07:39 . 2014-09-23 11:40    --------    d-----w-    c:\windows\system32\drivers\NISx64\1506000.020
2014-09-21 21:28 . 2014-09-30 20:19    --------    d-----w-    c:\programdata\UMS
2014-09-21 21:27 . 2014-09-21 21:28    --------    d-----w-    c:\program files (x86)\AviSynth
2014-09-21 21:27 . 2014-09-21 21:28    --------    d-----w-    c:\program files (x86)\Universal Media Server
2014-09-21 18:29 . 2014-07-09 01:31    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
2014-09-14 21:10 . 2014-09-15 21:12    --------    d-----w-    c:\programdata\RogueKiller
2014-09-14 20:30 . 2014-09-21 18:09    --------    d-----w-    C:\FRST
2014-09-14 14:51 . 2014-09-14 14:51    --------    d-----w-    c:\programdata\McAfee
2014-09-14 14:51 . 2014-09-14 14:51    --------    d-----w-    c:\users\srcstcbstrd\AppData\Local\Adobe
2014-09-12 11:05 . 2014-06-09 08:41    180136    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
2014-09-10 10:26 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 10:26 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 10:26 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 10:26 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-10 10:26 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 10:26 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 10:26 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-10 10:26 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-10 10:26 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-28 17:43 . 2014-04-18 02:43    143304    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-09-28 17:43 . 2014-04-18 02:42    7102496    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-09-28 17:43 . 2014-04-18 02:42    6879016    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-09-28 17:43 . 2014-04-18 02:42    99520    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-09-28 17:43 . 2014-04-18 02:42    1331424    ----a-w-    c:\windows\system32\aticfx64.dll
2014-09-28 17:43 . 2014-04-18 02:42    1110992    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-09-28 17:43 . 2014-04-18 02:42    10527312    ----a-w-    c:\windows\system32\atidxx64.dll
2014-09-28 17:43 . 2014-04-18 01:29    588800    ----a-w-    c:\windows\system32\atieclxx.exe
2014-09-28 17:43 . 2014-04-18 01:29    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-09-28 17:43 . 2014-04-18 01:09    1207296    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-09-28 17:42 . 2011-01-05 08:26    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2014-09-11 07:02 . 2014-07-07 17:36    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-29 07:18 . 2010-06-24 19:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-29 04:40    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 04:40    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-29 04:40    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-02 15:07 . 2014-07-30 08:09    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-02 15:07 . 2014-07-30 08:09    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-31 23:41 . 2014-08-17 21:30    348856    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-07-27 13:42 . 2014-07-27 13:42    20160    ----a-w-    c:\windows\system32\drivers\GUBootStartup.sys
2014-07-25 14:52 . 2014-08-17 21:30    23645696    ----a-w-    c:\windows\system32\mshtml.dll
2014-07-25 14:02 . 2014-08-17 21:30    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-07-25 14:01 . 2014-08-17 21:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-07-25 13:30 . 2014-08-17 21:30    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-07-25 13:28 . 2014-08-17 21:30    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-07-25 13:28 . 2014-08-17 21:30    548352    ----a-w-    c:\windows\system32\vbscript.dll
2014-07-25 13:25 . 2014-08-17 21:30    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-07-25 13:25 . 2014-08-17 21:30    2774528    ----a-w-    c:\windows\system32\iertutil.dll
2014-07-25 13:11 . 2014-08-17 21:30    51200    ----a-w-    c:\windows\system32\jsproxy.dll
2014-07-25 13:10 . 2014-08-17 21:30    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-07-25 13:04 . 2014-08-17 21:30    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-07-25 13:03 . 2014-08-17 21:30    598016    ----a-w-    c:\windows\system32\ieui.dll
2014-07-25 13:00 . 2014-08-17 21:30    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-07-25 13:00 . 2014-08-17 21:30    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-07-25 12:59 . 2014-08-17 21:30    758272    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-07-25 12:47 . 2014-08-17 21:30    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 12:40 . 2014-08-17 21:30    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-07-25 12:34 . 2014-08-17 21:30    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-07-25 12:34 . 2014-08-17 21:30    455168    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-07-25 12:33 . 2014-08-17 21:30    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30 . 2014-08-17 21:30    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28 . 2014-08-17 21:30    5824512    ----a-w-    c:\windows\system32\jscript9.dll
2014-07-25 12:28 . 2014-08-17 21:30    72704    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 12:19 . 2014-08-17 21:30    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-07-25 12:17 . 2014-08-17 21:30    85504    ----a-w-    c:\windows\system32\mshtmled.dll
2014-07-25 12:10 . 2014-08-17 21:30    292864    ----a-w-    c:\windows\system32\dxtrans.dll
2014-07-25 12:10 . 2014-08-17 21:30    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08 . 2014-08-17 21:30    597504    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06 . 2014-08-17 21:30    4204032    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-07-25 11:47 . 2014-08-17 21:30    631808    ----a-w-    c:\windows\system32\msfeeds.dll
2014-07-25 11:43 . 2014-08-17 21:30    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:42 . 2014-08-17 21:30    692736    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-07-25 11:39 . 2014-08-17 21:30    2087936    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-07-25 11:39 . 2014-08-17 21:30    1249280    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-07-25 11:23 . 2014-08-17 21:30    13547008    ----a-w-    c:\windows\system32\ieframe.dll
2014-07-25 11:07 . 2014-08-17 21:30    2001920    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07 . 2014-08-17 21:30    1068032    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52 . 2014-08-17 21:30    2266624    ----a-w-    c:\windows\system32\wininet.dll
2014-07-25 10:26 . 2014-08-17 21:30    1431040    ----a-w-    c:\windows\system32\urlmon.dll
2014-07-25 10:17 . 2014-08-17 21:30    846336    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-07-25 10:05 . 2014-08-17 21:30    1792512    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-07-25 06:35 . 2014-07-25 06:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-21 03:01 . 2014-07-27 14:18    28960    ----a-w-    c:\windows\system32\RegBootDefrag.exe
2014-07-21 03:01 . 2014-07-27 15:28    118048    ----a-w-    c:\windows\system32\BootDefrag.exe
2014-07-18 07:11 . 2014-07-27 15:28    17600    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2014-07-14 02:02 . 2014-08-17 21:25    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-17 21:25    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-07-11 14:16 . 2014-07-11 14:16    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-07-10 00:26 . 2014-07-10 00:25    4179264    ----a-w-    c:\windows\system32\AutoPartNt.exe
2014-07-09 11:48 . 2014-07-09 11:48    388096    ----a-r-    c:\users\Tim's Computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-07-07 16:37 . 2014-07-07 16:37    267776    ----a-w-    c:\windows\system32\ieaksie.dll
2014-07-07 16:37 . 2014-07-07 16:37    163840    ----a-w-    c:\windows\system32\ieakui.dll
2014-07-07 16:37 . 2014-07-07 16:37    160256    ----a-w-    c:\windows\system32\ieakeng.dll
2014-07-07 16:37 . 2014-07-07 16:37    114176    ----a-w-    c:\windows\system32\admparse.dll
2014-07-07 16:37 . 2014-07-07 16:37    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2006-05-03 16:06    163328    --sha-r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47    31232    --sha-r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30    216064    --sha-r-    c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dashlane"="c:\users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" [2014-08-26 219832]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-09-03 3878480]
"uTorrent"="c:\users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe" [2014-09-23 1416016]
"Astrill"="c:\program files (x86)\Astrill\astrill.exe" [2014-07-10 5132312]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-07-21 37152]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-09-18 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-10-10 1102192]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2014-02-04 7805936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"Tractivity.Helper"="c:\program files (x86)\Tractivity\Connect\Tractivity.Helper.exe" [2013-07-03 536064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
"SSDMonitor"="c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe" [2014-07-13 106112]
"DFX"="c:\program files (x86)\DFX\DFX.exe" [2014-09-24 1271768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
Universal Media Server.lnk - c:\program files (x86)\Universal Media Server\UMS.exe [2014-9-5 603830]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
R0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys;c:\windows\SYSNATIVE\DRIVERS\am10w7.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe;c:\program files (x86)\Astrill\ASOvpnSvc.exe [x]
R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe;c:\program files (x86)\Astrill\ASProxy.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S0 39594152;39594152 Boot Guard Driver;c:\windows\system32\DRIVERS\39594152.sys;c:\windows\SYSNATIVE\DRIVERS\39594152.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 39594151;39594151;c:\windows\system32\DRIVERS\39594151.sys;c:\windows\SYSNATIVE\DRIVERS\39594151.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003_76e\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140912.003_76e\BHDrvx64.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys;c:\windows\SYSNATIVE\drivers\cbfs.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140929.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140929.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;c:\windows\system32\DRIVERS\3959415.sys;c:\windows\SYSNATIVE\DRIVERS\3959415.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [x]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys;c:\windows\SYSNATIVE\DRIVERS\asvpndrv.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 16:46    454176    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-15 c:\windows\Tasks\FreeFixer background scan.job
- c:\program files\FreeFixer\freefixer.exe [2014-03-17 13:22]
.
2014-09-30 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21 03:00]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25 20:21]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25 20:21]
.
2014-06-12 c:\windows\Tasks\HPCeeScheduleForsrcstcbstrd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-06-12 c:\windows\Tasks\HPCeeScheduleForTIMS-COMPUTER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-09-30 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2014-07-13 17:21]
.
2014-05-23 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-11-02 16:20]
.
2014-09-30 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-08-03 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 14:26    2810968    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 14:26    2810968    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 14:26    2810968    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02    25112    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master
IE: Çàêà÷àòü ïðè ïîìîùè Download Master
IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-DFServ
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654476252-2253211636-4181094436-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7c,19,f4,ae,cc,a9,bb,cf,9a,6e,eb,c2,b3,d3,e5,fa,af,bb,fa,b7,ce,
   2b,ae,2c,2a,bd,ad,bf,5b,89,16,da,53,f1,1a,cc,3f,43,f0,dd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654476252-2253211636-4181094436-1001_Classes\Wow6432Node\CLSID\{8b150649-cc18-437b-9165-4e92b58ecd5d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000df
"Therad"=dword:00000015
"MData"=hex(0):57,89,20,3f,ac,21,f3,5c,31,e8,6e,19,c6,e6,97,b4,4d,b0,f2,24,68,
   9f,d4,4e,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\CTsvcCDA.exe
c:\windows\SysWOW64\UTSCSI.EXE
.
**************************************************************************
.
Completion time: 2014-09-30  16:59:35 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-30 20:59
ComboFix2.txt  2014-08-02 03:07
ComboFix3.txt  2014-05-25 16:39
ComboFix4.txt  2013-09-09 14:39
ComboFix5.txt  2014-09-30 20:29
.
Pre-Run: 316,617,187,328 bytes free
Post-Run: 316,149,862,400 bytes free
.
- - End Of File - - 9DEFD13380EE54F8251A4B63279F5D2E
D1BC5CC73D6BD52EECAF3A97E755A35B
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users