Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanAccess Gen 2.0 [Closed]

Started by Double Duece , Nov 18 2013 11:13 AM

  • This topic is locked This topic is locked

#1
Double Duece
Posted 18 November 2013 - 11:13 AM

Double Duece

    New Member

  • Member
  • Pip
  • 8 posts
Norton 360 detects TrojanAccess Gen 2.0 but does not remove it. Also, when I try to download something it is considered a virus. Please help I do not want to factory reset this laptop.
  • 0

Advertisements

#2
Essexboy
Posted 18 November 2013 - 12:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, do you have access to another computer and a USB stick ?

If so download the following programme to the USB stick
From the USB stick copy FRST to the desktop of the infected system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Double Duece
Posted 18 November 2013 - 02:57 PM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Dirk Peterman (administrator) on DIRKPETERMAN-PC on 18-11-2013 15:49:56
Running from C:\Users\Dirk Peterman\Desktop\FRST
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7856128 2009-10-30] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [241664 2009-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Family\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [ 2009-08-10] (Toshiba)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dirk Peterman\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...ct=sb&qsrc=2869
BHO: TFPUPWDBankBHO Class - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [2029568 2009-11-13] (AuthenTec, Inc.)
S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-27] (TOSHIBA CORPORATION)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 fbdpinger; c:\Program Files\TOSHIBA\ToshibaFB\fdbpinger.exe [222576 2009-09-15] (Toshiba America Information Systems)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S4 Partner Service; C:\ProgramData\Partner\Partner.exe [332272 2009-12-10] (Google Inc.)
S4 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S2 SharedAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation)
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [238960 2009-11-11] (TOSHIBA Corporation)
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-11-10] (TOSHIBA Corporation)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{50f26024-d212-13e1-3efe-ad8a5fa91687}\ \...\???\{50f26024-d212-13e1-3efe-ad8a5fa91687}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-26] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131115.001\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-07-28] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [45056 2011-04-26] (REDC)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 Tosrfcom; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\System32\DRIVERS\AGRSM.sys 07758C2196A62F207F77556311E7459A
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\DRIVERS\Apfiltr.sys C5B1284C94C90D28E1876D350E9CA297
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ATSwpWDF.sys A4A081BCF29A13141A02F36E6C19B56C
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys 22C49DE7297AE80F27F2E4A00F3D7C94
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\System32\DRIVERS\e1k6232.sys E7DD83584042EE5F9B0CF0C8C6B064D5
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D5EDB998656E6ECF1A17C78DAB019A3C
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131115.001\IDSvix86.sys 45D86C8F27382832BCADBC01552E0CB3
C:\Windows\System32\DRIVERS\igdkmd32.sys DB7413CF09D74231720F78737DCF4188
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 5EADC0A381B882DE16204D9BF80CF629
C:\Windows\System32\DRIVERS\IntcDAud.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys 5B2DFA9C5C02DDF2A113CC0F551B59DF
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 1B5011DD8D57F53AED31FF0F7D635802
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimspe86.sys AF213955C4D952C914620E8DB0CD0CF7
C:\Windows\System32\DRIVERS\risdpe86.sys FBC8E547487323CEF0582A468D9F46E1
C:\Windows\System32\DRIVERS\rixdpe86.sys A59E65DA90CCE1EEF6379D0627301725
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\system32\drivers\N360\1404000.028\SYMNETS.SYS AF879C2A9DBF8529E1F8169B8BAC643C
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\DRIVERS\tdcmdpst.sys 4084EA00D50C858D6F9038F86AE2E2D0
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\thpdrv.sys 9528F2A39CB660A49F0592D57127F370
C:\Windows\System32\DRIVERS\Thpevm.SYS E17DCDE74FF00CA802643B4A9A4A4A5C
C:\Windows\System32\DRIVERS\tosrfec.sys 9EE240F7029771B21CC6200BE6516D60
C:\Windows\System32\drivers\tpm.sys 5AD05191DC8B444A7BA4D79B76C42A30
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ.SYS 6E614DF4E1110DCF61B335EE02A34954
C:\Windows\System32\DRIVERS\TVALZFL.sys 866462F5AE3F375EF83EF9DCE436031C
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUSB.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 15:47 - 2013-11-18 15:49 - 00000000 ____D C:\Users\Dirk Peterman\Desktop\FRST
2013-11-18 15:36 - 2013-11-18 15:36 - 00000000 ____D C:\FRST
2013-11-18 09:25 - 2013-11-18 09:25 - 00004320 _____ C:\{89F0058E-3968-4FF8-A38F-E91168D35D1D}
2013-11-13 17:52 - 2013-11-13 17:52 - 00000000 ____D C:\windows\system32\directx
2013-11-13 14:59 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-11-13 14:59 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 14:59 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 14:59 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-11-13 14:59 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-11-13 14:59 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-11-13 14:59 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-13 14:59 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2013-11-13 14:59 - 2013-10-01 18:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-11-13 14:59 - 2013-10-01 17:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-11-13 14:59 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-11-13 14:59 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-11-13 14:53 - 2013-11-13 14:56 - 00007393 _____ C:\windows\IE11_main.log
2013-11-13 14:52 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 14:52 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 14:52 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-13 14:52 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-13 14:52 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-13 14:52 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 14:48 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 14:48 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 14:48 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 14:48 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 14:48 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 14:48 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 14:48 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 14:48 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 14:48 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 14:48 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 14:48 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2013-11-13 14:48 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 14:48 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 14:48 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 14:48 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 14:48 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 14:48 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 14:48 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 14:48 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-10-24 14:56 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-24 14:56 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-21 19:33 - 2013-10-21 19:33 - 00000000 ____D C:\Program Files\John Deere American Farmer Deluxe

==================== One Month Modified Files and Folders =======

2013-11-18 15:49 - 2013-11-18 15:47 - 00000000 ____D C:\Users\Dirk Peterman\Desktop\FRST
2013-11-18 15:43 - 2013-08-21 22:28 - 00000000 ___RD C:\Users\Family\Dropbox
2013-11-18 15:43 - 2013-08-21 22:26 - 00000000 ____D C:\Users\Family\AppData\Roaming\Dropbox
2013-11-18 15:41 - 2009-07-13 23:34 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 15:41 - 2009-07-13 23:34 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 15:37 - 2013-08-20 16:20 - 01277940 _____ C:\windows\WindowsUpdate.log
2013-11-18 15:36 - 2013-11-18 15:36 - 00000000 ____D C:\FRST
2013-11-18 15:34 - 2009-07-13 23:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-18 15:34 - 2009-07-13 23:39 - 00055984 _____ C:\windows\setupact.log
2013-11-18 09:25 - 2013-11-18 09:25 - 00004320 _____ C:\{89F0058E-3968-4FF8-A38F-E91168D35D1D}
2013-11-17 22:19 - 2009-12-10 02:00 - 00242628 _____ C:\windows\PFRO.log
2013-11-17 20:55 - 2009-12-10 01:37 - 00000000 ____D C:\Program Files\Google
2013-11-17 20:40 - 2013-08-20 14:44 - 00000000 ____D C:\Users\Dirk Peterman\AppData\Local\Google
2013-11-17 16:56 - 2009-07-13 21:37 - 00000000 ____D C:\windows\rescache
2013-11-16 08:17 - 2013-08-21 22:21 - 00001078 _____ C:\Users\Family\Documents\budget.txt
2013-11-15 16:09 - 2009-07-13 21:37 - 00000000 ____D C:\windows\system32\NDF
2013-11-13 18:39 - 2009-07-13 23:52 - 00000000 ____D C:\windows\system32\FxsTmp
2013-11-13 17:53 - 2009-12-10 01:51 - 00000000 ___HD C:\windows\msdownld.tmp
2013-11-13 17:52 - 2013-11-13 17:52 - 00000000 ____D C:\windows\system32\directx
2013-11-13 14:56 - 2013-11-13 14:53 - 00007393 _____ C:\windows\IE11_main.log
2013-11-13 14:52 - 2013-08-20 16:25 - 00000000 ____D C:\windows\system32\MRT
2013-11-08 15:05 - 2009-12-10 01:41 - 00839166 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-07 17:16 - 2009-07-13 23:53 - 00032630 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-07 15:50 - 2013-08-20 16:25 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-21 19:33 - 2013-10-21 19:33 - 00000000 ____D C:\Program Files\John Deere American Farmer Deluxe
2013-10-21 16:48 - 2013-08-21 16:28 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-21 16:48 - 2013-08-21 16:28 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Users\Dirk Peterman\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {cf02ac61-09dd-11e3-b870-cc892852ae91}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {cf02ac63-09dd-11e3-b870-cc892852ae91}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {cf02ac61-09dd-11e3-b870-cc892852ae91}
nx OptIn

Windows Boot Loader
-------------------
identifier {cf02ac63-09dd-11e3-b870-cc892852ae91}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{cf02ac64-09dd-11e3-b870-cc892852ae91}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{cf02ac64-09dd-11e3-b870-cc892852ae91}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {cf02ac61-09dd-11e3-b870-cc892852ae91}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {cf02ac64-09dd-11e3-b870-cc892852ae91}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2013-11-10 19:15

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by Dirk Peterman at 2013-11-18 15:50:16
Running from C:\Users\Dirk Peterman\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

2007 Microsoft Office system (Version: 12.0.6425.1000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
ALPS Touch Pad Driver (Version: 7.5.303.213)
Amazon Links (Version: 2.02)
AuthenTec Fingerprint Software (Version: 9.0.4.12)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.01(T))
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Farming Simulator 2011 Demo (Version: 1.0)
Farming Simulator 2013 (Version: 1.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1995)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Network Connections Drivers (Version: 14.5)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
LSI V92 MOH Application
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MSVCRT (Version: 14.0.1468.721)
Norton 360 (Version: 20.4.0.40)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickbooks Financial Center (Version: 2.02)
Realtek High Definition Audio Driver (Version: 6.0.1.5971)
RICOH R5U230 Media Driver ver.2.07.03.02 (Version: 2.07.03.02)
Skype Launcher (Version: 2.01)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TFPU (Version: 1.0.0)
TOSHIBA Application and Driver Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 2.01.12)
TOSHIBA Bulletin Board (Version: 1.5.06.32)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2)
TOSHIBA eco Utility (Version: 1.2.4.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.3.32)
TOSHIBA Fingerprint Utility (Version: 1.0.2.18)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.4)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.5.1.0)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4)
TOSHIBA ReelTime (Version: 1.5.08.32)
TOSHIBA Security Assist (Version: 2.0.6)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Software Modem (Version: 2.2.97)
TOSHIBA USB Sleep and Charge Utility (Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.35)
TOSHIBA Web Camera Application (Version: 1.1.2.8)
ToshibaRegistration (Version: 1.0.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office Word 2007 (KB974631)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {823FEFDD-B1FA-482F-974D-E9E0E504C4EC} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {98BEC7ED-D10C-4F82-88D9-9737D8EE78D6} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {E9642210-22E3-407C-A601-7CED545F1E74} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {F1FBB63A-D1AE-4D12-A60F-D47853665248} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2013 03:34:39 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/18/2013 01:38:08 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/18/2013 01:19:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16736, time stamp: 0x5258c4cc
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x000a5f83
Faulting process id: 0x10ac
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/18/2013 10:31:43 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/18/2013 10:29:04 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/18/2013 09:23:50 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/18/2013 07:37:48 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/17/2013 11:47:12 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/17/2013 10:23:16 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (11/17/2013 10:20:01 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e


System errors:
=============
Error: (11/18/2013 03:43:27 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/18/2013 03:43:27 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/18/2013 03:40:01 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/18/2013 03:40:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/18/2013 03:38:53 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/18/2013 03:38:52 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/18/2013 03:38:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/18/2013 03:38:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/18/2013 03:35:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/18/2013 03:35:17 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2928.43 MB
Available physical RAM: 1861.9 MB
Total Pagefile: 5855.14 MB
Available Pagefile: 4675.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.62 MB

==================== Drives ================================

Drive c: (TI105461W0E) (Fixed) (Total:222.1 GB) (Free:182.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DPETERMAN) (Removable) (Total:7.48 GB) (Free:5.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: D6298ECF)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 011421B2)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
Essexboy
Posted 18 November 2013 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill this and start repairing the damage

Download the attached fixlist.txt to your desktop
[attachment=67679:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that

THEN

From the sick computer

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#5
Double Duece
Posted 18 November 2013 - 05:13 PM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Dirk Peterman at 2013-11-18 17:53:12 Run:1
Running from C:\Users\Dirk Peterman\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{50f26024-d212-13e1-3efe-ad8a5fa91687}\ \...\???\{50f26024-d212-13e1-3efe-ad8a5fa91687}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-11-18 09:25 - 2013-11-18 09:25 - 00004320 _____ C:\{89F0058E-3968-4FF8-A38F-E91168D35D1D}
C:\Users\Dirk Peterman\AppData\Local\Google\Desktop
C:\Program Files\Google\Desktop
C:\Windows\assembly\GAC\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender



*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
C:\{89F0058E-3968-4FF8-A38F-E91168D35D1D} => Moved successfully.
C:\Users\Dirk Peterman\AppData\Local\Google\Desktop => Moved successfully.

"C:\Program Files\Google\Desktop" directory move:

Could not move "C:\Program Files\Google\Desktop" directory. => Scheduled to move on reboot.

C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-18 17:54:55)<=

C:\Program Files\Google\Desktop => Is moved successfully.

==== End of Fixlog ====

OTL logfile created on: 11/18/2013 6:01:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk Peterman\Desktop\FRST
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.92% Memory free
5.72 Gb Paging File | 4.70 Gb Available in Paging File | 82.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.10 Gb Total Space | 182.04 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: DIRKPETERMAN-PC | User Name: Dirk Peterman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/18 17:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk Peterman\Desktop\FRST\OTL.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/28 13:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/01 00:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 14:32:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 14:32:20 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/14 14:32:15 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/10 13:32:24 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/21 15:20:56 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/21 15:20:34 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/21 15:20:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/21 15:20:10 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 16:46:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/12/10 01:37:59 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/11/13 21:18:40 | 002,029,568 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/11/11 21:52:28 | 000,238,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/11/10 15:50:44 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/11/06 00:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/11/05 12:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/21 12:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/15 14:50:54 | 000,222,576 | ---- | M] (Toshiba America Information Systems) [Disabled | Stopped] -- c:\Program Files\TOSHIBA\ToshibaFB\fdbpinger.exe -- (fbdpinger)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/07/07 11:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/27 20:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - [2013/10/28 17:00:30 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131115.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/10/22 18:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/10/01 16:12:08 | 000,369,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2013/08/29 07:03:44 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/29 07:03:44 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/26 21:23:28 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/26 21:23:28 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/20 15:08:02 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 00:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/21 00:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/16 00:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 19:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/15 21:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 20:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/04 20:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/04/26 06:05:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 02:32:02 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/11/28 00:34:44 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/30 08:55:30 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/28 20:24:20 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/07/21 16:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 14:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2009/07/14 00:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 10:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/29 18:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/29 12:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {967D37B7-68D5-40E6-BAF7-B766972A2B6A}
IE - HKLM\..\SearchScopes\{967D37B7-68D5-40E6-BAF7-B766972A2B6A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes,DefaultScope = {967D37B7-68D5-40E6-BAF7-B766972A2B6A}
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{77199AAB-B6EA-4586-AF92-559D8B8AC68D}: "URL" = http://www.google.co...1I7TSNA_enUS550
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{967D37B7-68D5-40E6-BAF7-B766972A2B6A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\..\SearchScopes,DefaultScope = {C0648007-264E-481C-82AD-C03929A98F01}
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\..\SearchScopes\{C0648007-264E-481C-82AD-C03929A98F01}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2013/08/20 16:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 14:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/18 17:54:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1006..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0788745C-5C3E-4A83-845C-2528636735BB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/11/18 15:47:24 | 000,000,000 | ---D | C] -- C:\Users\Dirk Peterman\Desktop\FRST
[2013/11/18 15:36:32 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/13 17:52:35 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2013/11/13 14:59:11 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2013/11/13 14:59:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/11/13 14:59:10 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2013/11/13 14:59:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsRdpWebAccess.dll
[2013/11/13 14:59:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2013/11/13 14:59:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprtPS.dll
[2013/11/13 14:59:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/11/13 14:59:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdvidcrl.dll
[2013/11/13 14:59:09 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2013/11/13 14:59:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWbPrxy.exe
[2013/11/13 14:52:37 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/11/13 14:52:36 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/11/13 14:52:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/11/13 14:52:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/11/13 14:52:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/11/13 14:52:34 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/11/13 14:52:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/11/13 14:52:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/11/13 14:52:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/11/13 14:52:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/11/13 14:48:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2013/11/13 14:48:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2013/11/13 14:48:38 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2013/11/13 14:48:33 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2013/11/13 14:48:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2013/11/13 14:48:31 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2013/11/13 14:48:31 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2013/10/24 14:56:03 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbport.sys
[2013/10/24 14:56:03 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbd.sys
[2013/10/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\John Deere American Farmer Deluxe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/18 18:01:39 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 18:01:39 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 17:54:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/18 17:54:14 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 14:36:34 | 000,004,402 | ---- | M] () -- C:\Users\Dirk Peterman\Desktop\Day one.rtf
[2013/11/13 14:33:45 | 000,072,794 | ---- | M] () -- C:\Users\Dirk Peterman\Desktop\1460174_243706752452960_1348541295_n.jpg
[2013/11/08 15:05:00 | 000,703,032 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/11/08 15:05:00 | 000,137,182 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/21 16:48:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/10/21 16:48:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/13 14:36:34 | 000,004,402 | ---- | C] () -- C:\Users\Dirk Peterman\Desktop\Day one.rtf
[2013/11/13 14:34:21 | 000,072,794 | ---- | C] () -- C:\Users\Dirk Peterman\Desktop\1460174_243706752452960_1348541295_n.jpg
[2013/08/20 17:37:33 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2013/08/20 16:53:25 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2013/08/20 16:31:40 | 000,007,084 | ---- | C] () -- C:\windows\System32\drivers\HDACfg.dat
[2013/08/20 16:31:40 | 000,000,016 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2013/08/20 14:41:35 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== LOP Check ==========

[2013/08/20 14:44:33 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\TFPU
[2013/08/20 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\Toshiba
[2013/08/20 14:41:19 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\WinBatch
[2013/11/18 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Dropbox
[2013/08/20 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TFPU
[2013/08/21 14:57:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Toshiba

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 20:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 23:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 07:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/24 19:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 16:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 00:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 20:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\svchost.exe -- (SharedAccess)
No service found with a name of PolicyAgent
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 20:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 20:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 11:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 20:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 05:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 00:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/24 19:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 20:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 07:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 20:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/24 19:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/11/20 07:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 07:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 23:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 07:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 07:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2010/11/20 07:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2010/11/20 07:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 07:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 20:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 07:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/13 23:53:46 | 000,032,630 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/13 23:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is TI105461W0E
Volume Serial Number is 3AEC-8845
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dirk Peterman
08/20/2013 02:40 PM <JUNCTION> Application Data [C:\Users\Dirk Peterman\AppData\Roaming]
08/20/2013 02:40 PM <JUNCTION> Cookies [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Cookies]
08/20/2013 02:40 PM <JUNCTION> Local Settings [C:\Users\Dirk Peterman\AppData\Local]
08/20/2013 02:40 PM <JUNCTION> My Documents [C:\Users\Dirk Peterman\Documents]
08/20/2013 02:40 PM <JUNCTION> NetHood [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/20/2013 02:40 PM <JUNCTION> PrintHood [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/20/2013 02:40 PM <JUNCTION> Recent [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Recent]
08/20/2013 02:40 PM <JUNCTION> SendTo [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\SendTo]
08/20/2013 02:40 PM <JUNCTION> Start Menu [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Start Menu]
08/20/2013 02:40 PM <JUNCTION> Templates [C:\Users\Dirk Peterman\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dirk Peterman\AppData\Local
08/20/2013 02:40 PM <JUNCTION> Application Data [C:\Users\Dirk Peterman\AppData\Local]
08/20/2013 02:40 PM <JUNCTION> History [C:\Users\Dirk Peterman\AppData\Local\Microsoft\Windows\History]
08/20/2013 02:40 PM <JUNCTION> Temporary Internet Files [C:\Users\Dirk Peterman\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dirk Peterman\Documents
08/20/2013 02:40 PM <JUNCTION> My Music [C:\Users\Dirk Peterman\Music]
08/20/2013 02:40 PM <JUNCTION> My Pictures [C:\Users\Dirk Peterman\Pictures]
08/20/2013 02:40 PM <JUNCTION> My Videos [C:\Users\Dirk Peterman\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Family
08/20/2013 05:14 PM <JUNCTION> Application Data [C:\Users\Family\AppData\Roaming]
08/20/2013 05:14 PM <JUNCTION> Cookies [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies]
08/20/2013 05:14 PM <JUNCTION> Local Settings [C:\Users\Family\AppData\Local]
08/20/2013 05:14 PM <JUNCTION> My Documents [C:\Users\Family\Documents]
08/20/2013 05:14 PM <JUNCTION> NetHood [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/20/2013 05:14 PM <JUNCTION> PrintHood [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/20/2013 05:14 PM <JUNCTION> Recent [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Recent]
08/20/2013 05:14 PM <JUNCTION> SendTo [C:\Users\Family\AppData\Roaming\Microsoft\Windows\SendTo]
08/20/2013 05:14 PM <JUNCTION> Start Menu [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu]
08/20/2013 05:14 PM <JUNCTION> Templates [C:\Users\Family\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Family\AppData\Local
08/20/2013 05:14 PM <JUNCTION> Application Data [C:\Users\Family\AppData\Local]
08/20/2013 05:14 PM <JUNCTION> History [C:\Users\Family\AppData\Local\Microsoft\Windows\History]
08/20/2013 05:14 PM <JUNCTION> Temporary Internet Files [C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Family\Documents
08/20/2013 05:14 PM <JUNCTION> My Music [C:\Users\Family\Music]
08/20/2013 05:14 PM <JUNCTION> My Pictures [C:\Users\Family\Pictures]
08/20/2013 05:14 PM <JUNCTION> My Videos [C:\Users\Family\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4
07/13/2009 08:06 PM <SYMLINK> MpEvMsg.dll [...]
1 File(s) 52,224 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
7 File(s) 1,526,784 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
7 File(s) 1,526,784 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
7 File(s) 1,526,784 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
8 File(s) 1,579,520 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
05/26/2013 11:57 PM <SYMLINK> MpClient.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
05/26/2013 11:57 PM <SYMLINK> MpCommu.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
05/26/2013 11:57 PM <SYMLINK> MpSvc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
11 File(s) 2,877,952 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
8 File(s) 1,579,520 bytes
Total Files Listed:
49 File(s) 10,669,568 bytes
66 Dir(s) 195,463,553,024 bytes free

< End of report >


OTL Extras logfile created on: 11/18/2013 6:01:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk Peterman\Desktop\FRST
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.92% Memory free
5.72 Gb Paging File | 4.70 Gb Available in Paging File | 82.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.10 Gb Total Space | 182.04 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: DIRKPETERMAN-PC | User Name: Dirk Peterman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.07.03.02
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E38B0F4-1B86-421E-9B2A-9EA617DF6ABB}" = AuthenTec Fingerprint Software
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application and Driver Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"FarmingSimulator2011DemoEN_is1" = Farming Simulator 2011 Demo
"FarmingSimulator2013INT_is1" = Farming Simulator 2013
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"N360" = Norton 360
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1693578300-4061320606-3556199853-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2013 10:24:48 AM | Computer Name = DirkPeterman-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/31/2013 10:25:20 AM | Computer Name = DirkPeterman-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\fingerprint
sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/1/2013 1:45:40 AM | Computer Name = DirkPeterman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16720 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ea8 Start
Time: 01ced6c08adf676c Termination Time: 48 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/1/2013 1:46:37 AM | Computer Name = DirkPeterman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16720 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e74 Start
Time: 01ced6c08ac799a9 Termination Time: 17 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: f6a8b379-42b8-11e3-a03d-0023180e5057

Error - 11/1/2013 2:08:26 PM | Computer Name = DirkPeterman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16720 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9d0 Start
Time: 01ced72d3c11c60a Termination Time: 10 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 97aeb6bc-4320-11e3-ae98-0023180e5057

Error - 11/2/2013 12:31:47 AM | Computer Name = DirkPeterman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 10.0.9200.16720,
time stamp: 0x523cf127 Faulting module name: MSHTML.dll, version: 10.0.9200.16721,
time stamp: 0x523f7a70 Exception code: 0xc0000005 Fault offset: 0x0034c89c Faulting
process id: 0x13d4 Faulting application start time: 0x01ced7801910ab3a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\MSHTML.dll
Report
Id: aecab6e5-4377-11e3-b76e-0023180e5057

Error - 11/7/2013 9:54:11 PM | Computer Name = DirkPeterman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16720 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2438 Start
Time: 01cedc22669b5af4 Termination Time: 45 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/10/2013 8:15:33 PM | Computer Name = DirkPeterman-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Fingerprint
Sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2013 8:16:06 PM | Computer Name = DirkPeterman-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2013 8:16:35 PM | Computer Name = DirkPeterman-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\fingerprint
sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/18/2013 6:34:21 PM | Computer Name = DirkPeterman-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/18/2013 6:39:43 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/18/2013 6:39:43 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 11/18/2013 6:54:26 PM | Computer Name = DirkPeterman-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 11/18/2013 6:54:26 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 11/18/2013 6:54:26 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/18/2013 6:54:26 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7001
Description = The Internet Connection Sharing (ICS) service depends on the Remote
Access Connection Manager service which failed to start because of the following
error: %%1058

Error - 11/18/2013 6:54:36 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 11/18/2013 6:55:00 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/18/2013 6:55:00 PM | Computer Name = DirkPeterman-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
  • 0

#6
Essexboy
Posted 19 November 2013 - 08:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking better, could you let me know of any problems on completion of this run please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Files
C:\Users\Dirk Peterman\AppData\Local\Google\Desktop
C:\Program Files\Google\Desktop
netsh advfirewall reset /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
  4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
  00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
  00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
  7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Double Duece
Posted 19 November 2013 - 09:53 AM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the log it left after the fix. I will rescan now.

All processes killed
========== COMMANDS ==========
System Restore Service not available.
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Dirk Peterman\AppData\Local\Google\Desktop> in the current context!
Error: Unable to interpret < C:\Program Files\Google\Desktop> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh int ip reset c:\resetlog.txt /c> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < ipconfig /release /c> in the current context!
Error: Unable to interpret < ipconfig /renew /c> in the current context!
Error: Unable to interpret < :Reg> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]> in the current context!
Error: Unable to interpret < "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"> in the current context!
Error: Unable to interpret < "ErrorControl"=dword:00000001> in the current context!
Error: Unable to interpret < "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\> in the current context!
Error: Unable to interpret < 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\> in the current context!
Error: Unable to interpret < 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\> in the current context!
Error: Unable to interpret < 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\> in the current context!
Error: Unable to interpret < 00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\> in the current context!
Error: Unable to interpret < 72,00,69,00,63,00,74,00,65,00,64,00,00,00> in the current context!
Error: Unable to interpret < "Start"=dword:00000002> in the current context!
Error: Unable to interpret < "Type"=dword:00000020> in the current context!
Error: Unable to interpret < "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"> in the current context!
Error: Unable to interpret < "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\> in the current context!
Error: Unable to interpret < 4d,00,67,00,6d,00,74,00,00,00,00,00> in the current context!
Error: Unable to interpret < "ObjectName"="NT AUTHORITY\\LocalService"> in the current context!
Error: Unable to interpret < "ServiceSidType"=dword:00000001> in the current context!
Error: Unable to interpret < "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\> in the current context!
Error: Unable to interpret < 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\> in the current context!
Error: Unable to interpret < 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\> in the current context!
Error: Unable to interpret < 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\> in the current context!
Error: Unable to interpret < 00,00,00,00> in the current context!
Error: Unable to interpret < "DelayedAutoStart"=dword:00000001> in the current context!
Error: Unable to interpret < "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\> in the current context!
Error: Unable to interpret < 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]> in the current context!
Error: Unable to interpret < "ServiceDllUnloadOnStop"=dword:00000001> in the current context!
Error: Unable to interpret < "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\> in the current context!
Error: Unable to interpret < 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\> in the current context!
Error: Unable to interpret < 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]> in the current context!
Error: Unable to interpret < "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\> in the current context!
Error: Unable to interpret < 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\> in the current context!
Error: Unable to interpret < 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\> in the current context!
Error: Unable to interpret < 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\> in the current context!
Error: Unable to interpret < 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\> in the current context!
Error: Unable to interpret < 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\> in the current context!
Error: Unable to interpret < 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\> in the current context!
Error: Unable to interpret < 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\> in the current context!
Error: Unable to interpret < 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\> in the current context!
Error: Unable to interpret < 00,00,00> in the current context!
Error: Unable to interpret < :Commands> in the current context!
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dirk Peterman
->Temp folder emptied: 458565 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 540 bytes

User: Family
->Temp folder emptied: 2020249 bytes
->Temporary Internet Files folder emptied: 14237451 bytes
->Flash cache emptied: 1279 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 22444 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11192013_104725

Files\Folders moved on Reboot...
C:\Users\Dirk Peterman\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
Double Duece
Posted 19 November 2013 - 10:03 AM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 11/19/2013 10:54:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk Peterman\Desktop\FRST
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 73.14% Memory free
5.72 Gb Paging File | 4.89 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.10 Gb Total Space | 182.07 Gb Free Space | 81.98% Space Free | Partition Type: NTFS

Computer Name: DIRKPETERMAN-PC | User Name: Dirk Peterman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/18 17:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk Peterman\Desktop\FRST\OTL.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/28 13:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/01 00:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 14:32:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 14:32:20 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/14 14:32:15 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/10 13:32:24 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/21 15:20:56 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/21 15:20:34 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/21 15:20:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/21 15:20:10 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 16:46:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/12/10 01:37:59 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/11/13 21:18:40 | 002,029,568 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/11/11 21:52:28 | 000,238,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/11/10 15:50:44 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/11/06 00:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/11/05 12:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/21 12:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/15 14:50:54 | 000,222,576 | ---- | M] (Toshiba America Information Systems) [Disabled | Stopped] -- c:\Program Files\TOSHIBA\ToshibaFB\fdbpinger.exe -- (fbdpinger)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/07/07 11:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/27 20:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - [2013/10/28 17:00:30 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131118.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/10/22 18:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/10/01 16:12:08 | 000,369,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2013/08/29 07:03:44 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/29 07:03:44 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131118.050\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/26 21:23:28 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/26 21:23:28 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/20 15:08:02 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 00:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/21 00:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/16 00:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 19:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/15 21:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 20:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/04 20:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/04/26 06:05:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 02:32:02 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/11/28 00:34:44 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/30 08:55:30 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/28 20:24:20 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/07/21 16:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 14:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2009/07/14 00:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 10:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/29 18:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/29 12:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {967D37B7-68D5-40E6-BAF7-B766972A2B6A}
IE - HKLM\..\SearchScopes\{967D37B7-68D5-40E6-BAF7-B766972A2B6A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes,DefaultScope = {967D37B7-68D5-40E6-BAF7-B766972A2B6A}
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{77199AAB-B6EA-4586-AF92-559D8B8AC68D}: "URL" = http://www.google.co...1I7TSNA_enUS550
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{967D37B7-68D5-40E6-BAF7-B766972A2B6A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2013/08/20 16:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 14:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/19 10:49:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/11/19 10:47:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0788745C-5C3E-4A83-845C-2528636735BB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/19 10:47:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/18 15:47:24 | 000,000,000 | ---D | C] -- C:\Users\Dirk Peterman\Desktop\FRST
[2013/11/18 15:36:32 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/13 17:52:35 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2013/10/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\John Deere American Farmer Deluxe

========== Files - Modified Within 30 Days ==========

[2013/11/19 10:56:35 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 10:56:35 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 10:49:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/19 10:49:08 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/19 10:47:27 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2013/11/13 14:36:34 | 000,004,402 | ---- | M] () -- C:\Users\Dirk Peterman\Desktop\Day one.rtf
[2013/11/13 14:33:45 | 000,072,794 | ---- | M] () -- C:\Users\Dirk Peterman\Desktop\1460174_243706752452960_1348541295_n.jpg
[2013/11/08 15:05:00 | 000,703,032 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/11/08 15:05:00 | 000,137,182 | ---- | M] () -- C:\windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/13 14:36:34 | 000,004,402 | ---- | C] () -- C:\Users\Dirk Peterman\Desktop\Day one.rtf
[2013/11/13 14:34:21 | 000,072,794 | ---- | C] () -- C:\Users\Dirk Peterman\Desktop\1460174_243706752452960_1348541295_n.jpg
[2013/08/20 17:37:33 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2013/08/20 16:53:25 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2013/08/20 16:31:40 | 000,007,084 | ---- | C] () -- C:\windows\System32\drivers\HDACfg.dat
[2013/08/20 16:31:40 | 000,000,016 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2013/08/20 14:41:35 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== LOP Check ==========

[2013/08/20 14:44:33 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\TFPU
[2013/08/20 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\Toshiba
[2013/08/20 14:41:19 | 000,000,000 | ---D | M] -- C:\Users\Dirk Peterman\AppData\Roaming\WinBatch
[2013/11/19 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Dropbox
[2013/08/20 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TFPU
[2013/08/21 14:57:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Toshiba

========== Purity Check ==========



< End of report >
  • 0

#9
Essexboy
Posted 19 November 2013 - 10:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run the OTL fix please as it did not work properly. Could you confirm that you pressed run fix

Select all within the quote box starting with :Commands

:Commands
[CREATERESTOREPOINT]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Files
C:\Users\Dirk Peterman\AppData\Local\Google\Desktop
C:\Program Files\Google\Desktop
netsh advfirewall reset /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00

:Commands
[resethosts]
[emptytemp]
[Reboot]


  • 0

#10
Double Duece
Posted 19 November 2013 - 11:07 AM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran the program again:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\S-1-5-21-1693578300-4061320606-3556199853-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Dirk Peterman\AppData\Local\Google\Desktop> in the current context!
Error: Unable to interpret < C:\Program Files\Google\Desktop> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh int ip reset c:\resetlog.txt /c> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < ipconfig /release /c> in the current context!
Error: Unable to interpret < ipconfig /renew /c> in the current context!
Error: Unable to interpret < :Reg> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]> in the current context!
Error: Unable to interpret < "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"> in the current context!
Error: Unable to interpret < "ErrorControl"=dword:00000001> in the current context!
Error: Unable to interpret < "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\> in the current context!
Error: Unable to interpret < 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\> in the current context!
Error: Unable to interpret < 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\> in the current context!
Error: Unable to interpret < 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\> in the current context!
Error: Unable to interpret < 00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\> in the current context!
Error: Unable to interpret < 72,00,69,00,63,00,74,00,65,00,64,00,00,00> in the current context!
Error: Unable to interpret < "Start"=dword:00000002> in the current context!
Error: Unable to interpret < "Type"=dword:00000020> in the current context!
Error: Unable to interpret < "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"> in the current context!
Error: Unable to interpret < "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\> in the current context!
Error: Unable to interpret < 4d,00,67,00,6d,00,74,00,00,00,00,00> in the current context!
Error: Unable to interpret < "ObjectName"="NT AUTHORITY\\LocalService"> in the current context!
Error: Unable to interpret < "ServiceSidType"=dword:00000001> in the current context!
Error: Unable to interpret < "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\> in the current context!
Error: Unable to interpret < 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\> in the current context!
Error: Unable to interpret < 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\> in the current context!
Error: Unable to interpret < 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\> in the current context!
Error: Unable to interpret < 00,00,00,00> in the current context!
Error: Unable to interpret < "DelayedAutoStart"=dword:00000001> in the current context!
Error: Unable to interpret < "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\> in the current context!
Error: Unable to interpret < 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]> in the current context!
Error: Unable to interpret < "ServiceDllUnloadOnStop"=dword:00000001> in the current context!
Error: Unable to interpret < "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\> in the current context!
Error: Unable to interpret < 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\> in the current context!
Error: Unable to interpret < 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]> in the current context!
Error: Unable to interpret < "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\> in the current context!
Error: Unable to interpret < 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\> in the current context!
Error: Unable to interpret < 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\> in the current context!
Error: Unable to interpret < 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\> in the current context!
Error: Unable to interpret < 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\> in the current context!
Error: Unable to interpret < 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\> in the current context!
Error: Unable to interpret < 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\> in the current context!
Error: Unable to interpret < 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\> in the current context!
Error: Unable to interpret < 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\> in the current context!
Error: Unable to interpret < 00,00,00> in the current context!
Error: Unable to interpret < :Commands> in the current context!
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dirk Peterman
->Temp folder emptied: 41180 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Family
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

Error: Unable to interpret < [Reboot> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11192013_120304

Files\Folders moved on Reboot...
C:\Users\Dirk Peterman\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
Essexboy
Posted 19 November 2013 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm there is a problem of some sort there .. One more go before I use a different tool

Download the attached fix.txt to the desktop
[attachment=67710:fix.txt]
Run OTL and press Fix
A dialogue will open asking for the location of fix.txt
Navigate to the desktop within the dialogue and select Fix.txt
Press fix again
Allow OTL to reboot the system
  • 0

#12
Double Duece
Posted 19 November 2013 - 12:26 PM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1693578300-4061320606-3556199853-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
File\Folder C:\Users\Dirk Peterman\AppData\Local\Google\Desktop not found.
File\Folder C:\Program Files\Google\Desktop not found.
< netsh advfirewall reset /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.bat deleted successfully.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.bat deleted successfully.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.bat deleted successfully.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6079:553a:7b51:6864%11
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{0788745C-5C3E-4A83-845C-2528636735BB}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Dirk Peterman\Desktop\FRST\cmd.bat deleted successfully.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6079:553a:7b51:6864%11
IPv4 Address. . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{0788745C-5C3E-4A83-845C-2528636735BB}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Dirk Peterman\Desktop\FRST\cmd.bat deleted successfully.
C:\Users\Dirk Peterman\Desktop\FRST\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DisplayName"|"@%SystemRoot%\\System32\\wscsvc.dll,-200" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,65,00,64,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Description"|"@%SystemRoot%\\System32\\wscsvc.dll,-201" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DependOnService"|hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ObjectName"|"NT AUTHORITY\\LocalService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DelayedAutoStart"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security\\"Security"|hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dirk Peterman
->Temp folder emptied: 1660 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Family
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11192013_132231

Files\Folders moved on Reboot...
C:\Users\Dirk Peterman\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#13
Essexboy
Posted 19 November 2013 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Are you able to access windows updates
  • 0

#14
Double Duece
Posted 19 November 2013 - 01:20 PM

Double Duece

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Not able to access updates but do not have the virus alerts anymore.
  • 0

#15
Essexboy
Posted 19 November 2013 - 01:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try an Eset repair

On completion of this let me know if updates is available

Eset Service Repair

  • Please download ESET Services Repair Tool from here and save it to your Desktop;
  • Right click and choose Run as administrator
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP