Support Forums
Infected - Can't Start System Restore - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: Infected - Can't Start System Restore (/showthread.php?tid=28629)



Infected - Can't Start System Restore - srcstcbstrd - 08-05-2014

...and that's just the beginning. It all started when I tried to open a video file and the player was automatically shut down. I tried various files on various players (MPC, VLN, etc - all updated). When I tried to open a YouTube video, the Firefox browser was shut down. Happened with any video site. Or if it is an Adobe Flashplayer file, it just shows that the player crashed (updated to latest version). So then I thought I would just do a System Restore. No such luck, won't let me in to turn it on.
So here are my logs as requested (after doing an ATF clean) -

Malwarebytes Anti-Malware


Scan Date: 05/08/2014
Scan Time: 10:51:10 AM
Logfile: MB Log 08-05-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.05.05
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: srcstcbstrd

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422332
Time Elapsed: 32 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Hosts, C:\Windows\System32\Tasks\Updater26278.exe, Quarantined, [40586b577209979f7ddd80525fa329d7],

Physical Sectors: 0
(No malicious items detected)


(end)

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:29:02 AM, on 05/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
E:\Most Recent Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: cardisabled - (no CLSID) - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Astrill OpenVPN Service (ASOVPNHelper) - Astrill - C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
O23 - Service: ASProxy - Astrill - C:\Program Files (x86)\Astrill\ASProxy.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe
O23 - Service: DFServ - Faronics Corporation - C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15843 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.45.2
Run by srcstcbstrd at 11:31:29 on 2014-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5445 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Users\srcstcbstrd\AppData\Local\Kineteks_Corporation\Tractivity_Connect\Tractivity.Helper.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
svchost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - LocalServer32 - <no file>
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\ie\KWIEBar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
uRun: [Dashlane] "C:\Users\srcstcbstrd\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Users\srcstcbstrd\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Tractivity.Helper] C:\Program Files (x86)\Tractivity\Connect\Tractivity.Helper.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master - <no file>
IE: Çàêà÷àòü ïðè ïîìîùè Download Master - <no file>
IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{51B7010A-FA6A-4A4C-BD32-8B364E4E1485} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78705D59-9C0F-4550-9FA7-DB782BCBF8C2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B66D1F6A-87DD-49DA-84BC-C674EB43A39C}\4594D435D234F4D40555455425F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cardisabled - <Clsid value has no data>
Handler: javascript - <Clsid value has no data>
Handler: mailto - <Clsid value has no data>
Handler: res - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://www.google.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Mediafour XPlay Explorer notifications: {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cardisabled - <Clsid value has no data>
x64-Handler: javascript - <Clsid value has no data>
x64-Handler: mailto - <Clsid value has no data>
x64-Handler: res - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: DfLogon - LogonDll.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\bv10qlm7.default-1379249789254\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 39594152;39594152 Boot Guard Driver;C:\Windows\System32\drivers\39594152.sys [2011-4-26 40464]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-5 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-5 42664]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-7-27 17600]
R0 DeepFrz;DeepFrz;C:\Windows\System32\drivers\DeepFrz.sys [2012-9-4 214744]
R0 DfDiskLow;DfDiskLow;C:\Windows\System32\drivers\DfDiskLow.sys [2012-9-4 38232]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-7-7 116000]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2009-7-29 346216]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-7-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-7-11 1148120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-7-7 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-7-7 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-7-7 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-7-7 117024]
R1 39594151;39594151;C:\Windows\System32\drivers\39594151.sys [2011-4-26 157712]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-22 1530160]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2011-7-17 190432]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-23 168096]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-7-11 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-7-27 20160]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140731.001\IDSviA64.sys [2014-7-31 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;C:\Windows\System32\drivers\3959415.sys [2011-4-26 352784]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-7-11 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-7-11 593112]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-7-7 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 237056]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-9-9 337872]
R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-9-7 544768]
R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2012-9-4 1092096]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-5-15 443224]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-19 127752]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 M4iPodWPDService;M4iPodWPDService;C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-23 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-7-11 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2014-7-13 792608]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-18 224840]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-7-7 367200]
R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-7-7 2121752]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-7-7 31744]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-5 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-7-26 142128]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-5 38456]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-26 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-26 860472]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-8-3 580232]
S3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-4-27 1101600]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-16 46136]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-7-7 434016]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-3-9 35840]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2014-7-13 1147424]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-9 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-26 63704]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2014-7-13 1160224]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-8 1255736]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-1-13 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-13 128512]
.
=============== Created Last 30 ================
.
2014-08-05 04:23:33 16336550 ------w- C:\Persi0.sys
2014-08-05 04:23:31 -------- d-----w- C:\Program Files (x86)\Faronics
2014-08-03 13:58:52 -------- d-----w- C:\Users\srcstcbstrd\AppData\Roaming\Wise Care 365
2014-08-03 13:58:26 -------- d-----w- C:\Program Files (x86)\Wise
2014-08-02 03:07:48 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-30 08:09:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-30 08:09:45 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-29 23:36:59 92784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2014-07-27 17:28:12 -------- d-----w- C:\Program Files (x86)\stinger
2014-07-27 15:28:11 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-07-27 15:28:11 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-07-27 14:18:39 28960 ----a-w- C:\Windows\System32\RegBootDefrag.exe
2014-07-27 13:42:03 20160 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
2014-07-27 13:41:56 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5
2014-07-26 21:20:41 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-26 21:20:26 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-26 21:20:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-26 21:20:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-25 08:51:23 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-25 01:37:34 -------- d-----w- C:\Users\srcstcbstrd\Doctor Web
2014-07-25 01:36:10 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\MFAData
2014-07-25 01:36:10 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\Avg2014
2014-07-25 01:36:10 -------- d-----w- C:\ProgramData\MFAData
2014-07-23 11:02:18 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-07-13 17:18:25 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2014-07-13 17:18:25 40992 ----a-w- C:\Windows\System32\CleanMFT64.exe
2014-07-13 17:18:25 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2014-07-13 17:18:25 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2014-07-13 17:18:24 512544 ----a-w- C:\Windows\SysWow64\msxml.dll
2014-07-12 11:33:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-07-11 15:12:29 -------- d-----w- C:\ProgramData\HitmanPro
2014-07-11 14:48:26 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-07-11 14:32:36 875736 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys
2014-07-11 14:32:36 593112 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys
2014-07-11 14:32:36 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys
2014-07-11 14:32:36 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys
2014-07-11 14:32:36 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys
2014-07-11 14:32:36 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys
2014-07-11 14:32:36 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys
2014-07-11 14:32:36 1148120 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys
2014-07-11 14:16:15 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-07-11 14:15:38 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2014-07-11 14:15:19 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-07-11 13:50:43 -------- d-----w- C:\found.000
2014-07-10 15:33:39 -------- d-----w- C:\Windows\System32\drivers\NISx64\1504000.00D
2014-07-10 15:12:42 -------- d-----w- C:\NPE
2014-07-10 14:22:13 -------- d-----w- C:\Windows\System32\drivers\NISx64
2014-07-10 14:04:12 -------- d-----w- C:\Users\srcstcbstrd\AppData\Local\LogMeIn Rescue Applet
2014-07-10 11:52:13 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-10 11:52:13 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-07-10 02:13:10 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-10 02:13:10 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-10 02:13:04 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 02:13:04 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 02:13:04 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 02:13:03 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 02:10:49 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-10 02:10:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-10 02:10:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-10 00:36:03 -------- d-----w- C:\Users\srcstcbstrd\AppData\Roaming\PictureMover
2014-07-10 00:25:59 4179264 ----a-w- C:\Windows\System32\AutoPartNt.exe
2014-07-09 20:56:54 -------- d-----w- C:\Program Files (x86)\Auslogics
2014-07-08 15:55:23 -------- d-----w- C:\Windows\Hewlett-Packard
2014-07-07 19:40:00 31744 ----a-w- C:\Windows\System32\drivers\asvpndrv.sys
2014-07-07 19:24:39 -------- d-----w- C:\Program Files (x86)\Dashlane
2014-07-07 17:29:35 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2014-07-07 17:29:35 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2014-07-07 17:28:07 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2014-07-07 17:28:05 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2014-07-07 17:28:03 198432 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2014-07-07 17:28:03 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2014-07-07 17:27:58 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2014-07-07 17:27:57 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2014-07-07 17:27:56 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys
2014-07-07 17:27:54 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2014-07-07 16:52:47 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-07-07 16:52:47 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-07-07 16:52:47 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-07-07 16:52:47 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-07-07 16:38:52 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2014-07-07 16:38:52 49488 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2014-07-07 16:38:52 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2014-07-07 16:38:52 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2014-07-07 16:38:52 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-07-07 16:38:52 109928 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2014-07-07 16:38:51 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2014-07-07 16:38:51 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2014-07-07 16:30:37 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-07-07 16:30:37 368128 ----a-w- C:\Windows\System32\atmfd.dll
2014-07-07 16:30:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-07-07 16:30:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-07-07 16:29:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-07-07 16:29:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-07-07 16:29:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-07-07 16:27:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-07-07 16:27:29 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-07-07 16:27:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-07-07 16:02:36 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-07-07 16:02:36 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-07-07 16:02:36 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-07-07 16:02:36 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-07-07 16:02:32 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-07-07 16:02:32 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-07-07 16:02:24 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-07-07 16:02:24 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-07-07 16:02:24 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2014-07-07 16:02:24 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-07-07 16:02:24 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2014-07-07 16:02:09 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-07-07 16:00:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-07-07 15:49:24 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-07-07 15:48:51 77312 ----a-w- C:\Windows\System32\packager.dll
2014-07-07 15:48:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-07-07 14:17:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-07-07 14:17:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-07-07 14:17:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2014-07-07 16:37:04 114176 ----a-w- C:\Windows\System32\admparse.dll
2014-07-07 16:37:04 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-22 17:54:24 475672 ----a-w- C:\Windows\System32\ASProxy64.dll
2014-05-22 17:54:22 359960 ----a-w- C:\Windows\SysWow64\ASProxy.dll
2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-14 16:20:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-05-14 13:23:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-14 13:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-05-14 13:20:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 13:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 11:32:32.22 ===============


RE: Infected - Can't Start System Restore - srcstcbstrd - 08-06-2014

Ok, here's an update and this is going to sound bizarre. Our cable/internet provider has switched hands and we have to set up an new email account. Which I did (tmahoney523@rogers.com) and with it, I've had to set up my Outlook 2010 to reflect this. So I spent the last 2 days updating all my RSS feeds which was incredibly time consuming since the only way I knew how to do it is by re-subscribing to each one. I have a lot.
So I noticed tonight when I got in that I hadn't got any emails during the past 6 hours which is kind of odd. I did a quick Send/Receive and it went way too quickly. So I closed Outlook and opened it up again. Same result. So I did a quick reboot on the computer and lo and behold, when I opened Outlook, it had reverted to my old account and emails up to 2 days ago. Nothing new (since the previous provider had suspended all the old accounts). I opened up Firefox and I could only find the session from 2 days ago. Everything on this infernal machine is now running 2 days past even though the date in the bottom corner is correct. I am very perplexed.


RE: Infected - Can't Start System Restore - Autopost - 08-17-2014

There's currently no support on here, I suggest going over to Hackforums.net for assistance.