Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by cass (administrator) on CASS-PC on 16-12-2014 20:06:09 Running from C:\Users\cass\Downloads Loaded Profile: cass (Available profiles: cass) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Users\cass\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [combofix] => C:\ComboFix\Combobatch.bat [8272 2014-12-16] () HKLM-x32\...\Run: [] => [X] HKLM\...\runonceex: [flags] =>  Startup: C:\Users\cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\cass\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.) ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.) ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.) ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.) ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_8e3c2.dll (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_8e3c2.dll (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_8e3c2.dll (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_8e3c2.dll (TODO: ) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.) ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_8e3c2.dll (TODO: ) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {B6C6E718-678E-4297-B631-BD98F3CCA404} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001 -> {B6C6E718-678E-4297-B631-BD98F3CCA404} URL = SearchScopes: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001 -> {C0DCF99C-DE2A-4878-803E-D22EC709D766} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001 -> {EC3626ED-A7EB-4B96-A4D4-7C46CECF1351} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Toolbar: HKU\S-1-5-21-3204655562-3042467115-2064883207-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwebbooks.com/reader/dbplugin.cab Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\cass\AppData\Roaming\Mozilla\Firefox\Profiles\2mttk1mj.default-1404400294804 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3204655562-3042467115-2064883207-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF SearchPlugin: C:\Users\cass\AppData\Roaming\Mozilla\Firefox\Profiles\2mttk1mj.default-1404400294804\searchplugins\yahoo_ff.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-16] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-06-02] FF HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cass\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\cass\AppData\Roaming\IDM\idmmzcc5 [2013-06-02] FF HKU\S-1-5-21-3204655562-3042467115-2064883207-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cass\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll No File CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Profile: C:\Users\cass\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Users\cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30] CHR Extension: (Extension) - C:\Users\cass\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\fibbancocmhbaokopkikdemjfalobjdp [2013-10-01] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2012-09-27] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] S3 GSService; C:\Windows\SysWOW64\GSService.exe [443080 2013-12-16] () S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 MF NTFS Monitor; C:\Users\cass\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2014-12-04] () R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation) R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-11-06] (Copyright 2013 SAMSUNG) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-17] (TuneUp Software) S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X] S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-10] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-10] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\2BF36771.sys [129752 2014-12-16] (Malwarebytes Corporation) R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2014-12-04] (Windows (R) Win 7 DDK provider) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.001\ENG64.SYS [129752 2014-12-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.001\EX64.SYS [2137304 2014-12-10] (Symantec Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2013-04-19] (Research In Motion Limited) R3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34504 2013-12-16] (Windows (R) Win 7 DDK provider) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software) R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 20:06 - 2014-12-16 20:09 - 00024748 _____ () C:\Users\cass\Downloads\FRST.txt 2014-12-16 20:04 - 2014-12-16 20:04 - 02119168 _____ (Farbar) C:\Users\cass\Downloads\FRST64.exe 2014-12-16 19:09 - 2014-12-16 19:32 - 00000000 ___SD () C:\ComboFix 2014-12-16 19:07 - 2014-12-16 19:08 - 05601641 ____R (Swearware) C:\Users\cass\Desktop\ComboFix.exe 2014-12-16 18:51 - 2014-12-16 18:51 - 00201286 _____ () C:\Users\cass\Desktop\OTL.Txt final.txt 2014-12-16 17:24 - 2014-12-16 17:25 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-12-16 17:24 - 2014-12-16 17:24 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater 2014-12-16 17:24 - 2014-12-16 17:24 - 00001936 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 2014-12-16 17:24 - 2014-12-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2014-12-16 17:24 - 2014-12-16 17:24 - 00000000 ____D () C:\Program Files\Reimage 2014-12-16 17:23 - 2014-12-16 20:00 - 00000120 _____ () C:\Windows\Reimage.ini 2014-12-16 17:23 - 2014-12-16 17:24 - 00000000 ____D () C:\rei 2014-12-16 16:46 - 2014-12-16 16:46 - 00000000 ____D () C:\_OTL 2014-12-16 16:33 - 2014-12-16 18:46 - 00201286 _____ () C:\Users\cass\Desktop\OTL.Txt 2014-12-16 14:53 - 2014-12-16 14:53 - 00021455 _____ () C:\Users\cass\Desktop\JRT.txt 2014-12-16 14:48 - 2014-12-16 14:48 - 00000000 ____D () C:\Windows\ERUNT 2014-12-16 14:45 - 2014-12-16 14:45 - 01707646 _____ (Thisisu) C:\Users\cass\Downloads\JRT.exe 2014-12-16 14:09 - 2014-12-16 14:09 - 02166272 _____ () C:\Users\cass\Desktop\AdwCleaner_2.exe 2014-12-16 13:58 - 2014-12-16 13:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2BF36771.sys 2014-12-16 10:54 - 2014-12-16 14:33 - 00000000 ____D () C:\fd686fd83ba35fe7cd0e6eba11ff 2014-12-16 10:51 - 2014-12-16 10:51 - 00000000 ____D () C:\Windows\CheckSur 2014-12-16 10:44 - 2014-12-16 10:45 - 564744309 _____ () C:\Users\cass\Downloads\Windows6.1-KB947821-v34-x64.msu 2014-12-16 10:38 - 2014-12-16 10:38 - 00001418 _____ () C:\junk.txt 2014-12-16 10:05 - 2014-12-16 10:05 - 00000000 ____D () C:\Users\cass\Desktop\GrantPerms 2014-12-16 10:03 - 2014-12-16 10:03 - 00453083 _____ () C:\Users\cass\Downloads\GrantPerms.zip 2014-12-16 09:56 - 2014-12-16 09:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\25F52E0E.sys 2014-12-15 20:57 - 2014-12-15 21:15 - 00000000 ____D () C:\Users\cass\Downloads\Copy Files (RKJAHmRaM9a2V0tH) 2014-12-15 17:26 - 2014-12-15 17:52 - 3506279408 _____ () C:\Users\cass\Downloads\Copy Files (RKJAHmRaM9a2V0tH).zip 2014-12-15 16:04 - 2014-12-15 16:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6317795D.sys 2014-12-15 13:56 - 2014-12-15 13:21 - 00090788 _____ () C:\Users\cass\Desktop\pcasvc.zip 2014-12-15 13:21 - 2014-12-15 13:21 - 00090788 _____ () C:\Users\cass\Downloads\pcasvc.zip 2014-12-15 10:30 - 2014-12-16 16:52 - 00000000 ____D () C:\Users\cass\Desktop\help 2014-12-15 10:23 - 2014-12-15 16:24 - 00001845 _____ () C:\VEW.txt 2014-12-15 10:19 - 2014-12-15 10:19 - 00061440 _____ ( ) C:\Users\cass\Desktop\VEW.exe 2014-12-15 08:47 - 2014-12-13 11:01 - 05198336 _____ (AVAST Software) C:\Users\cass\Desktop\aswmbr.exe 2014-12-15 08:40 - 2014-09-18 20:40 - 00547328 ____H (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-15 03:00 - 2014-12-16 18:46 - 00127118 _____ () C:\Users\cass\Desktop\Extras.Txt 2014-12-15 00:42 - 2014-12-13 11:45 - 00602112 _____ (OldTimer Tools) C:\Users\cass\Desktop\OTL.exe 2014-12-14 17:25 - 2014-12-14 17:25 - 00011029 _____ () C:\Users\cass\Downloads\36__Breath_with_Me.torrent 2014-12-14 17:20 - 2014-12-14 17:21 - 00028997 _____ () C:\Users\cass\Downloads\75Lauren_Willig____The_Mark_of_the_Midnight_Manzanilla___mp.torrent 2014-12-14 13:24 - 2014-12-14 13:25 - 00000000 ____D () C:\Program Files (x86)\Picture Collage Maker Pro 2014-12-14 13:07 - 2014-12-14 13:10 - 00000168 _____ () C:\Users\cass\Desktop\IE.reg 2014-12-14 12:32 - 2014-12-14 12:45 - 00008414 _____ () C:\Windows\IE11_main.log 2014-12-14 12:29 - 2014-12-14 12:29 - 02077392 _____ (Microsoft Corporation) C:\Users\cass\Downloads\IE11-Windows6.1.exe 2014-12-14 11:24 - 2014-12-14 11:21 - 00261756 _____ () C:\Users\cass\Desktop\vbscript.zip 2014-12-14 10:28 - 2014-12-14 10:28 - 00000159 _____ () C:\Users\cass\Desktop\ComboFix.txt 2014-12-13 19:48 - 2009-07-13 18:21 - 00099840 ____H (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-13 14:56 - 2014-12-13 14:56 - 00000000 ____D () C:\Qoobox 2014-12-13 14:56 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-13 14:56 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-13 14:56 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-13 14:56 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-13 14:56 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-13 14:56 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-13 14:56 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-13 14:56 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-13 14:55 - 2014-12-13 19:49 - 00000000 ____D () C:\Windows\erdnt 2014-12-13 14:51 - 2014-12-14 12:18 - 00004309 _____ () C:\Users\cass\Documents\aswMBR.txt 2014-12-13 14:51 - 2014-12-14 12:18 - 00000512 _____ () C:\Users\cass\Documents\MBR.dat 2014-12-13 14:16 - 2014-12-13 14:16 - 00000000 ____H () C:\Users\cass\Documents\Default.rdp 2014-12-12 21:53 - 2014-12-12 21:53 - 00000017 _____ () C:\Users\cass\AppData\Local\resmon.resmoncfg 2014-12-12 20:55 - 2014-12-12 21:21 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-12 20:55 - 2014-12-12 20:55 - 00000000 ____D () C:\Users\cass\AppData\Local\MFAData 2014-12-12 20:55 - 2014-12-12 20:55 - 00000000 ____D () C:\Users\cass\AppData\Local\Avg2015 2014-12-12 19:26 - 2014-12-12 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-12 18:54 - 2014-12-13 10:22 - 00001326 _____ () C:\Users\cass\Desktop\Norton Installation Files.lnk 2014-12-12 11:43 - 2014-12-16 19:33 - 00065826 _____ () C:\Windows\PFRO.log 2014-12-11 17:45 - 2014-12-16 20:09 - 00913041 _____ () C:\Windows\WindowsUpdate.log 2014-12-11 17:43 - 2014-12-16 19:57 - 00002072 _____ () C:\Windows\setupact.log 2014-12-11 17:43 - 2014-12-16 19:57 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-11 17:43 - 2014-12-11 17:43 - 00009196 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-11 17:43 - 2014-12-11 17:43 - 00000020 ___SH () C:\Users\cass\ntuser.ini 2014-12-11 14:55 - 2014-12-16 20:06 - 00000000 ____D () C:\FRST 2014-12-11 00:02 - 2014-12-12 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-12-11 00:02 - 2014-12-12 20:18 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-12-10 22:21 - 2014-12-10 22:22 - 00000000 ____D () C:\Users\cass\Desktop\allshare 2014-12-10 21:22 - 2014-12-10 21:22 - 00000000 ____D () C:\Users\cass\Samsung Link 2014-12-10 21:09 - 2014-12-10 21:09 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung 2014-12-10 20:23 - 2014-12-10 20:23 - 00000000 ____D () C:\Upload 2014-12-10 11:34 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 11:34 - 2014-10-29 21:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 11:34 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-10 11:33 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 11:33 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 11:33 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 11:33 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 11:33 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 11:33 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-08 23:42 - 2014-12-12 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-27 20:22 - 2014-11-27 20:22 - 00311325 _____ () C:\Users\cass\Desktop\Blade on the Hunt - Lauren Dane.epub 2014-11-26 18:34 - 2014-11-26 18:34 - 00476580 _____ () C:\Users\cass\Downloads\59647d1370081276-jane-feather-sabrina-jeffries-julia-london-snowy-night-stranger-2008-snowy-night-stranger-jane-feather.epub 2014-11-22 12:37 - 2014-11-22 12:37 - 00000995 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-11-20 11:40 - 2014-11-20 11:43 - 00002004 _____ () C:\Users\cass\Desktop\Audible Manager.lnk 2014-11-20 11:40 - 2014-11-20 11:40 - 00003166 _____ () C:\Windows\System32\Tasks\{0685E9CE-25D4-4593-82CF-F5971C00CAFA} 2014-11-19 19:01 - 2014-11-19 19:01 - 00000718 _____ () C:\Users\cass\Documents\now now.txt 2014-11-19 10:47 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 10:47 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 10:47 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 10:47 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 20:08 - 2013-01-30 20:17 - 00000000 ____D () C:\Users\cass\AppData\Roaming\uTorrent 2014-12-16 19:55 - 2013-08-08 14:47 - 00000000 ___RD () C:\Users\cass\Dropbox 2014-12-16 19:55 - 2013-01-29 18:23 - 00000000 ____D () C:\Users\cass\AppData\Roaming\DMCache 2014-12-16 19:44 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-16 19:44 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-16 19:37 - 2013-08-08 14:42 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Dropbox 2014-12-16 14:58 - 2014-07-03 13:51 - 00000000 ____D () C:\AdwCleaner 2014-12-16 14:33 - 2014-02-24 09:46 - 00000000 ___HD () C:\Users\cass\.mediafire 2014-12-16 12:06 - 2013-01-29 18:35 - 00000000 ____D () C:\Users\cass\AppData\Local\CrashDumps 2014-12-16 09:58 - 2014-02-24 09:47 - 00000000 ___RD () C:\Users\cass\MediaFire 2014-12-15 22:27 - 2014-01-14 18:47 - 00000000 ____D () C:\Users\cass\Documents\My Kindle Content 2014-12-15 14:56 - 2013-01-29 18:41 - 00000000 ____D () C:\Users\cass\Documents\Calibre Library 2014-12-15 11:30 - 2014-07-10 16:03 - 00000000 ___RD () C:\Users\cass\Hightail 2014-12-15 10:15 - 2013-01-29 18:43 - 00000000 ____D () C:\Users\cass\Desktop\Text files 2014-12-15 10:02 - 2014-01-11 14:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-14 23:12 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\NDF 2014-12-14 17:47 - 2014-07-26 05:15 - 00000000 ____D () C:\Users\cass\AppData\Local\Adobe 2014-12-14 15:07 - 2013-01-31 07:34 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2013 2014-12-14 06:59 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-13 19:56 - 2009-07-13 21:34 - 16515072 _____ () C:\Windows\system32\config\system.bak 2014-12-13 19:56 - 2009-07-13 21:34 - 102760448 _____ () C:\Windows\system32\config\software.bak 2014-12-13 19:56 - 2009-07-13 21:34 - 05242880 _____ () C:\Windows\system32\config\default.bak 2014-12-13 19:56 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-12-13 19:56 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-12-13 15:13 - 2011-03-24 22:51 - 00000000 ____D () C:\ProgramData\Temp 2014-12-13 13:56 - 2013-03-30 17:20 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-12-13 13:55 - 2013-06-02 11:37 - 00000000 ____D () C:\ProgramData\Norton 2014-12-13 09:48 - 2014-05-28 13:55 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Azureus 2014-12-13 09:20 - 2014-05-09 16:30 - 00000000 ____D () C:\Users\cass\AppData\Local\SoundTaxi 2014-12-12 20:19 - 2013-01-29 18:41 - 00000000 ____D () C:\Users\cass\AppData\Roaming\calibre 2014-12-12 20:18 - 2014-11-10 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-12-12 20:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Program Files (x86)\Midnight Oil Solitaire 2014-12-12 20:18 - 2013-01-29 18:40 - 00000000 ____D () C:\Users\cass\AppData\Local\Adobe_Systems_Incorporate 2014-12-12 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-12-12 20:17 - 2013-01-29 13:53 - 00000000 ____D () C:\Users\cass 2014-12-12 20:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-12-12 20:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-12-12 19:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system 2014-12-12 18:55 - 2013-11-30 20:13 - 00000000 ____D () C:\Users\cass\.android 2014-12-11 17:07 - 2014-05-06 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 17:07 - 2013-01-31 12:54 - 00000000 ____D () C:\Windows\pss 2014-12-11 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 08:49 - 2013-01-20 14:59 - 00000000 ____D () C:\my dvd 2014-12-10 21:56 - 2013-10-06 16:05 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Hightail 2014-12-10 21:09 - 2014-04-30 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-12-10 20:22 - 2014-09-17 08:56 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-12-10 20:21 - 2014-04-27 18:19 - 00000000 ____D () C:\ProgramData\Samsung 2014-12-10 18:08 - 2014-05-09 16:26 - 00000000 ____D () C:\Users\cass\AppData\Local\RipTiger 2014-12-10 17:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 15:24 - 2013-03-11 21:02 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 15:23 - 2013-08-15 19:30 - 00000000 ___HD () C:\Windows\system32\MRT 2014-12-10 13:54 - 2013-01-31 11:57 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2014-12-08 16:49 - 2013-01-29 21:12 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-12-06 18:07 - 2013-01-29 18:23 - 00000000 ____D () C:\Users\cass\Downloads\Video 2014-12-04 18:28 - 2014-02-24 09:39 - 00020696 ____H (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mfmonitor_x64.sys 2014-11-29 18:57 - 2014-02-28 12:55 - 00000000 ____D () C:\Users\cass\AppData\Local\Audible 2014-11-29 12:12 - 2014-07-18 10:23 - 00000000 ____D () C:\Users\cass\Desktop\Reading now 2014-11-29 10:58 - 2014-02-28 12:24 - 00000000 ____D () C:\Users\cass\Documents\Audible 2014-11-22 12:37 - 2013-01-31 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-11-20 12:32 - 2014-07-10 16:02 - 00000000 ____D () C:\Program Files (x86)\Hightail Desktop App 2014-11-20 11:43 - 2014-02-28 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager 2014-11-20 11:43 - 2014-02-28 12:24 - 00000000 ____D () C:\Program Files (x86)\Audible 2014-11-17 18:08 - 2013-08-08 14:44 - 00000000 ____D () C:\Users\cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-17 15:36 - 2013-04-28 12:11 - 00000000 ____D () C:\Users\cass\AppData\Roaming\vlc Some content of TEMP: ==================== C:\Users\cass\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdpc9kr.dll C:\Users\cass\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxlkffy.dll C:\Users\cass\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 16:07 ==================== End Of Log ============================