Infected - Can't Start System Restore - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56) +---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48) +---- Thread: Infected - Can't Start System Restore (/showthread.php?tid=28629)

Infected - Can't Start System Restore - srcstcbstrd - 08-05-2014 ...and that's just the beginning. It all started when I tried to open a video file and the player was automatically shut down. I tried various files on various players (MPC, VLN, etc - all updated). When I tried to open a YouTube video, the Firefox browser was shut down. Happened with any video site. Or if it is an Adobe Flashplayer file, it just shows that the player crashed (updated to latest version). So then I thought I would just do a System Restore. No such luck, won't let me in to turn it on. So here are my logs as requested (after doing an ATF clean) - Malwarebytes Anti-Malware Scan Date: 05/08/2014 Scan Time: 10:51:10 AM Logfile: MB Log 08-05-14.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.05.05 Rootkit Database: v2014.08.04.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: srcstcbstrd Scan Type: Threat Scan Result: Completed Objects Scanned: 422332 Time Elapsed: 32 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Hosts, C:\Windows\System32\Tasks\Updater26278.exe, Quarantined, [40586b577209979f7ddd80525fa329d7], Physical Sectors: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:29:02 AM, on 05/08/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17207) FIREFOX: 31.0 (x86 en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Astrill\astrill.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe E:\Most Recent Downloads\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - (no file) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" O4 - HKLM\..\Run: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe O4 - HKCU\..\Run: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O18 - Protocol: cardisabled - (no CLSID) - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Astrill OpenVPN Service (ASOVPNHelper) - Astrill - C:\Program Files (x86)\Astrill\ASOvpnSvc.exe O23 - Service: ASProxy - Astrill - C:\Program Files (x86)\Astrill\ASProxy.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe O23 - Service: DFServ - Faronics Corporation - C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15843 bytes DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.45.2 Run by srcstcbstrd at 11:31:29 on 2014-08-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5445 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} . ============== Running Processes =============== . svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Astrill\astrill.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe svchost.exe C:\Windows\explorer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - LocalServer32 - <no file> TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll uRun: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED uRun: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun mRun: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:221 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master - <no file> IE: Çàêà÷àòü ïðè ïîìîùè Download Master - <no file> IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM - <no file> IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.1.1 TCP: Interfaces\{51B7010A-FA6A-4A4C-BD32-8B364E4E1485} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{78705D59-9C0F-4550-9FA7-DB782BCBF8C2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C}\4594D435D234F4D40555455425F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cardisabled - <Clsid value has no data> Handler: javascript - <Clsid value has no data> Handler: mailto - <Clsid value has no data> Handler: res - <Clsid value has no data> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mStart Page = hxxp://www.google.com x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Mediafour XPlay Explorer notifications: {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cardisabled - <Clsid value has no data> x64-Handler: javascript - <Clsid value has no data> x64-Handler: mailto - <Clsid value has no data> x64-Handler: res - <Clsid value has no data> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: DfLogon - LogonDll.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\ FF - prefs.js: browser.search.selectedEngine - Norton Safe Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll . ============= SERVICES / DRIVERS =============== . R0 39594152;39594152 Boot Guard Driver;C:\Windows\System32\drivers\39594152.sys [2011-4-26 40464] R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-5 82600] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-5 42664] R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-7-27 17600] R0 DeepFrz;DeepFrz;C:\Windows\System32\drivers\DeepFrz.sys [2012-9-4 214744] R0 DfDiskLow;DfDiskLow;C:\Windows\System32\drivers\DfDiskLow.sys [2012-9-4 38232] R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-7-7 116000] R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2009-7-29 346216] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-7-11 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-7-11 1148120] R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-7-7 1120032] R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-7-7 198432] R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-7-7 161568] R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-7-7 117024] R1 39594151;39594151;C:\Windows\System32\drivers\39594151.sys [2011-4-26 157712] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-22 1530160] R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2011-7-17 190432] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-23 168096] R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-7-11 162392] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048] R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-7-27 20160] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140731.001\IDSviA64.sys [2014-7-31 525016] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;C:\Windows\System32\drivers\3959415.sys [2011-4-26 352784] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-7-11 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-7-11 593112] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-7-7 3873784] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 237056] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-9-9 337872] R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-9-7 544768] R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-9-4 1092096] R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-5-15 443224] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-19 127752] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136] R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952] R2 M4iPodWPDService;M4iPodWPDService;C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-23 143928] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-7-11 276376] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2014-7-13 792608] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-18 224840] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-7-7 367200] R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-7-7 2121752] R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-7-7 31744] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-5 94720] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-7-26 142128] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 539240] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-5 38456] S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 124088] S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-26 1809720] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-26 860472] S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-8-3 580232] S3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-4-27 1101600] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-16 46136] S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-7-7 434016] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-3-9 35840] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800] S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2014-7-13 1147424] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-9 37344] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25816] S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-26 63704] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176] S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2014-7-13 1160224] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080] S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-8 1255736] S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-1-13 166400] S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-13 128512] . =============== Created Last 30 ================ . 2014-08-05 04:23:33 16336550 ------w- C:\Persi0.sys 2014-08-05 04:23:31 -------- d-----w- C:\Program Files (x86)\Faronics 2014-08-03 13:58:52 -------- d-----w- C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365 2014-08-03 13:58:26 -------- d-----w- C:\Program Files (x86)\Wise 2014-08-02 03:07:48 -------- d-sh--w- C:\$RECYCLE.BIN 2014-07-30 08:09:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-30 08:09:45 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-07-29 23:36:59 92784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll 2014-07-27 17:28:12 -------- d-----w- C:\Program Files (x86)\stinger 2014-07-27 15:28:11 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys 2014-07-27 15:28:11 118048 ----a-w- C:\Windows\System32\BootDefrag.exe 2014-07-27 14:18:39 28960 ----a-w- C:\Windows\System32\RegBootDefrag.exe 2014-07-27 13:42:03 20160 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys 2014-07-27 13:41:56 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5 2014-07-26 21:20:41 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-26 21:20:26 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-07-26 21:20:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-26 21:20:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-25 08:51:23 -------- d-----w- C:\ProgramData\Malwarebytes 2014-07-25 01:37:34 -------- d-----w- C:\Users\srcstcbstrd\Doctor Web 2014-07-25 01:36:10 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\MFAData 2014-07-25 01:36:10 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\Avg2014 2014-07-25 01:36:10 -------- d-----w- C:\ProgramData\MFAData 2014-07-23 11:02:18 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2014-07-13 17:18:25 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx 2014-07-13 17:18:25 40992 ----a-w- C:\Windows\System32\CleanMFT64.exe 2014-07-13 17:18:25 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx 2014-07-13 17:18:25 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx 2014-07-13 17:18:24 512544 ----a-w- C:\Windows\SysWow64\msxml.dll 2014-07-12 11:33:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2014-07-11 15:12:29 -------- d-----w- C:\ProgramData\HitmanPro 2014-07-11 14:48:26 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2014-07-11 14:32:36 875736 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys 2014-07-11 14:32:36 593112 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys 2014-07-11 14:32:36 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys 2014-07-11 14:32:36 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys 2014-07-11 14:32:36 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys 2014-07-11 14:32:36 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys 2014-07-11 14:32:36 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys 2014-07-11 14:32:36 1148120 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys 2014-07-11 14:16:15 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2014-07-11 14:15:38 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2014-07-11 14:15:19 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2014-07-11 13:50:43 -------- d-----w- C:\found.000 2014-07-10 15:33:39 -------- d-----w- C:\Windows\System32\drivers\NISx64\1504000.00D 2014-07-10 15:12:42 -------- d-----w- C:\NPE 2014-07-10 14:22:13 -------- d-----w- C:\Windows\System32\drivers\NISx64 2014-07-10 14:04:12 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet 2014-07-10 11:52:13 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll 2014-07-10 11:52:13 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-07-10 02:13:10 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-07-10 02:13:10 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-07-10 02:13:04 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2014-07-10 02:13:04 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2014-07-10 02:13:04 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2014-07-10 02:13:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2014-07-10 02:13:03 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2014-07-10 02:10:49 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-07-10 02:10:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-07-10 02:10:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-07-10 00:36:03 -------- d-----w- C:\Users\srcstcbstrd\AppData\Roaming\PictureMover 2014-07-10 00:25:59 4179264 ----a-w- C:\Windows\System32\AutoPartNt.exe 2014-07-09 20:56:54 -------- d-----w- C:\Program Files (x86)\Auslogics 2014-07-08 15:55:23 -------- d-----w- C:\Windows\Hewlett-Packard 2014-07-07 19:40:00 31744 ----a-w- C:\Windows\System32\drivers\asvpndrv.sys 2014-07-07 19:24:39 -------- d-----w- C:\Program Files (x86)\Dashlane 2014-07-07 17:29:35 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2014-07-07 17:29:35 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2014-07-07 17:28:07 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2014-07-07 17:28:05 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys 2014-07-07 17:28:03 198432 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys 2014-07-07 17:28:03 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys 2014-07-07 17:27:58 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys 2014-07-07 17:27:57 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys 2014-07-07 17:27:56 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys 2014-07-07 17:27:54 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2014-07-07 16:52:47 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2014-07-07 16:52:47 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2014-07-07 16:52:47 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2014-07-07 16:52:47 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2014-07-07 16:38:52 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2014-07-07 16:38:52 49488 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2014-07-07 16:38:52 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2014-07-07 16:38:52 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2014-07-07 16:38:52 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2014-07-07 16:38:52 109928 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2014-07-07 16:38:51 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2014-07-07 16:38:51 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2014-07-07 16:30:37 46080 ----a-w- C:\Windows\System32\atmlib.dll 2014-07-07 16:30:37 368128 ----a-w- C:\Windows\System32\atmfd.dll 2014-07-07 16:30:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2014-07-07 16:30:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2014-07-07 16:29:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2014-07-07 16:29:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2014-07-07 16:29:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2014-07-07 16:27:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2014-07-07 16:27:29 5120 ----a-w- C:\Windows\System32\wmi.dll 2014-07-07 16:27:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2014-07-07 16:02:36 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2014-07-07 16:02:36 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-07-07 16:02:36 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2014-07-07 16:02:36 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2014-07-07 16:02:32 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-07-07 16:02:32 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-07-07 16:02:24 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-07-07 16:02:24 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-07-07 16:02:24 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll 2014-07-07 16:02:24 144384 ----a-w- C:\Windows\System32\cdd.dll 2014-07-07 16:02:24 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2014-07-07 16:02:09 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-07-07 16:00:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2014-07-07 15:49:24 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2014-07-07 15:48:51 77312 ----a-w- C:\Windows\System32\packager.dll 2014-07-07 15:48:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2014-07-07 14:17:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2014-07-07 14:17:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2014-07-07 14:17:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll . ==================== Find3M ==================== . 2014-07-07 16:37:04 114176 ----a-w- C:\Windows\System32\admparse.dll 2014-07-07 16:37:04 101888 ----a-w- C:\Windows\SysWow64\admparse.dll 2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll 2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll 2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe 2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe 2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys 2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll 2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll 2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll 2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll 2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll 2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll 2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll 2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-05-22 17:54:24 475672 ----a-w- C:\Windows\System32\ASProxy64.dll 2014-05-22 17:54:22 359960 ----a-w- C:\Windows\SysWow64\ASProxy.dll 2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll 2014-05-14 16:20:45 97792 ----a-w- C:\Windows\System32\wudriver.dll 2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll 2014-05-14 13:23:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll 2014-05-14 13:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2014-05-14 13:20:46 36864 ----a-w- C:\Windows\System32\wuapp.exe 2014-05-14 13:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll 2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll . ============= FINISH: 11:32:32.22 =============== RE: Infected - Can't Start System Restore - srcstcbstrd - 08-06-2014 Ok, here's an update and this is going to sound bizarre. Our cable/internet provider has switched hands and we have to set up an new email account. Which I did (tmahoney523@rogers.com) and with it, I've had to set up my Outlook 2010 to reflect this. So I spent the last 2 days updating all my RSS feeds which was incredibly time consuming since the only way I knew how to do it is by re-subscribing to each one. I have a lot. So I noticed tonight when I got in that I hadn't got any emails during the past 6 hours which is kind of odd. I did a quick Send/Receive and it went way too quickly. So I closed Outlook and opened it up again. Same result. So I did a quick reboot on the computer and lo and behold, when I opened Outlook, it had reverted to my old account and emails up to 2 days ago. Nothing new (since the previous provider had suspended all the old accounts). I opened up Firefox and I could only find the session from 2 days ago. Everything on this infernal machine is now running 2 days past even though the date in the bottom corner is correct. I am very perplexed. RE: Infected - Can't Start System Restore - Autopost - 08-17-2014 There's currently no support on here, I suggest going over to Hackforums.net for assistance.