Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 STOP: C0000135 The program can't start because %hs is missing


  • This topic is locked This topic is locked
16 replies to this topic

#1 hught78

hught78

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 12 August 2014 - 10:06 PM

Running Windows 7 Pro (64-bit). Suspected malware, I can't boot because I get the following error: STOP: C0000135 The program can't start because %hs is missing.

 

FRST64 Log is below:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by SYSTEM on MININT-GDN13DB on 12-08-2014 19:54:24
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [DesktopAuthority User Experience] => "C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.10.255\CBM\ScriptLogic.CBM.UserExperience.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\ihucalukadm\...\RunOnce: [617_126664260414] => C:\Users\MTO\AppData\Local\LMIR0001.tmp_r.bat [331 2014-06-17] ()
HKU\ihucalukadm\...\Policies\system: [NoDispScrSavPage] 0
HKU\MTO\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\MTO\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\MTO\...\Run: [SmartOffice Desktop Integrations] => [X]
HKU\MTO\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\MTO\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
HKU\MTO\...\RunOnce: [617_1222211260414] => C:\Users\MTO\AppData\Local\LMIR0003.tmp_r.bat [323 2014-06-17] ()
HKU\tgray\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\tgray\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\tgray\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\tgray\...\Run: [SOFileManager] => C:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exe [19808 2013-10-04] (Ebix CRM)
HKU\tgray\...\Run: [SmartOffice Desktop Integrations] => C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms
HKU\tgray\...\Run: [Google Update] => C:\Users\tgray\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
HKU\tgray\...\Policies\system: [HideLogoffScripts] 0
HKU\tgray\...\Policies\system: [HideLogonScripts] 0
HKU\tgray\...\Policies\Explorer: [DisallowCpl] 1
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [68096 2011-11-20] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnk
ShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Program Files (x86)\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (Ebix CRM)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [265048 2011-11-15] (Symantec Corporation)
S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2107736 2011-11-15] (Symantec Corporation)
S2 Agent; C:\windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408408 2011-11-15] (Symantec Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [267368 2011-08-12] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MSSQL$SQL_LSIDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2013-10-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-04-19] (Symantec Corporation)
S2 SLInstall; c:\windows\syswow64\slinstall.exe [557920 2010-11-07] (ScriptLogic Software Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2530392 2011-09-09] (South River Technologies, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140718.013\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-04-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-04-29] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-19] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-19] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-19] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-19] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-19] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-19] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2014-02-24] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-19] (Symantec Corporation)
S2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [186968 2011-09-09] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:54 - 2014-08-12 19:54 - 00000000 ____D () C:\FRST
2014-08-12 06:42 - 2014-08-12 09:08 - 442691820 _____ () C:\Windows\MEMORY.DMP
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-30 12:02 - 2009-06-10 13:00 - 00000824 _____ () C:\Windows\System32\Drivers\etc\hosts.20140730-130243.backup
2014-07-23 06:49 - 2014-07-30 11:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:49 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-07-23 06:48 - 2014-07-30 12:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-23 06:47 - 2014-07-23 06:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-19 11:10 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-19 11:10 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 11:10 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-19 11:08 - 2014-06-06 20:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-19 11:08 - 2014-06-06 19:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-19 11:08 - 2014-06-06 18:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-19 11:08 - 2014-06-06 18:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-19 11:08 - 2014-06-06 18:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 18:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-19 11:08 - 2014-06-06 18:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-07-19 11:08 - 2014-06-06 18:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 18:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00096768 _____ () C:\Windows\System32\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 18:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-07-19 11:08 - 2014-06-06 18:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-19 11:08 - 2014-06-06 16:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 11:08 - 2014-06-06 15:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 11:08 - 2014-06-06 15:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 11:08 - 2014-06-06 15:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 11:08 - 2014-06-06 15:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 15:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 11:08 - 2014-06-06 15:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 11:08 - 2014-06-06 14:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 14:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 11:08 - 2014-06-06 14:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 14:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 14:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 11:08 - 2014-06-06 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-19 11:07 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-19 11:07 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 11:07 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:54 - 2014-08-12 19:54 - 00000000 ____D () C:\FRST
2014-08-12 09:08 - 2014-08-12 06:42 - 442691820 _____ () C:\Windows\MEMORY.DMP
2014-08-12 09:08 - 2010-11-20 19:47 - 00794348 _____ () C:\Windows\PFRO.log
2014-08-12 06:24 - 2012-02-07 20:33 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Skype
2014-08-12 06:23 - 2011-08-22 22:07 - 01126805 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 06:20 - 2014-02-19 08:59 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-515967899-963894560-682003330-64691.job
2014-08-12 06:09 - 2012-05-30 14:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9C97D74-E4FF-4A07-9FDE-D43855937BC8}
2014-08-12 06:03 - 2013-12-10 14:09 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691UA.job
2014-08-12 06:03 - 2013-12-10 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691Core.job
2014-08-12 06:03 - 2011-08-22 22:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 05:59 - 2011-08-22 22:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 05:56 - 2012-06-13 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-04 03:50 - 2012-10-26 10:25 - 00000306 _____ () C:\Windows\Tasks\Laser App Enterprise Updates.job
2014-08-03 15:17 - 2009-07-13 20:51 - 00113753 _____ () C:\Windows\setupact.log
2014-08-02 05:29 - 2012-01-22 10:04 - 00000000 ____D () C:\Users\tgray\AppData\Local\CrashDumps
2014-08-01 14:30 - 2012-01-05 13:32 - 00000248 _____ () C:\Windows\System32\config\netlogon.ftl
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 09:44 - 2012-07-04 07:31 - 00000000 ___RD () C:\Users\tgray\Dropbox
2014-08-01 09:44 - 2012-07-04 07:28 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Dropbox
2014-08-01 09:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-08-01 09:21 - 2012-01-05 13:43 - 00004098 __RSH () C:\Users\tgray\ntuser.pol
2014-08-01 09:21 - 2012-01-05 13:43 - 00000000 ____D () C:\users\tgray
2014-08-01 09:20 - 2012-02-07 20:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-31 09:10 - 2012-04-23 09:48 - 00000000 ____D () C:\Users\tgray\AppData\Local\Deployment
2014-07-30 16:17 - 2012-02-17 13:34 - 00000000 ____D () C:\Users\tgray\Documents\Pac Cap New Business
2014-07-30 12:37 - 2014-07-23 06:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-30 11:55 - 2014-07-23 06:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-30 11:31 - 2014-06-17 12:40 - 00000000 ____D () C:\Users\tgray\Documents\Sandler
2014-07-29 05:15 - 2012-07-04 07:31 - 00001033 _____ () C:\Users\tgray\Desktop\Dropbox.lnk
2014-07-29 04:48 - 2014-06-24 08:45 - 00000000 ____D () C:\Users\tgray\Documents\ValuePrism
2014-07-24 11:20 - 2012-07-18 08:45 - 00000000 ____D () C:\Users\tgray\AppData\Local\Pershing
2014-07-24 08:14 - 2011-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\WealthInMotion Software
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:48 - 2014-07-23 06:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-22 07:43 - 2013-10-17 13:16 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-22 07:43 - 2013-02-20 15:04 - 00205335 _____ () C:\Windows\System32\sdtn
2014-07-21 14:14 - 2012-01-31 13:52 - 00000000 ____D () C:\Users\tgray\Documents\WealthInMotion-Exports
2014-07-20 09:59 - 2009-07-13 20:45 - 00424408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-19 11:48 - 2009-07-13 21:13 - 00796258 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-19 11:07 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf
2014-07-18 07:00 - 2012-09-10 09:34 - 00000000 ____D () C:\Users\tgray\Documents\Ted Personal
2014-07-17 12:38 - 2013-06-11 06:52 - 00000000 ____D () C:\Users\tgray\Documents\Data Prism
2014-07-17 10:03 - 2012-01-05 13:34 - 00064398 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 20:00 - 2013-02-10 23:04 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 14:15 - 2013-10-02 06:23 - 00000000 ____D () C:\Users\tgray\Documents\MAGU 2014
2014-07-14 12:46 - 2011-11-25 17:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 10:10 - 2012-04-27 10:56 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Ebix Inc

Files to move or delete:
====================
C:\Users\MTO\g2ax_customer_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\MTO\AppData\Local\Temp\Quarantine.exe
C:\Users\MTO\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\MTO\AppData\Local\Temp\ytextpdg.dll
C:\Users\tgray\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbcdeg.dll


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8098.69 MB
Available physical RAM: 7227.05 MB
Total Pagefile: 8096.89 MB
Available Pagefile: 7237.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:683.05 GB) (Free:512.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.91 GB) (Free:11.71 GB) NTFS
Drive g: (MTS) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-07-28 10:46

==================== End Of Log ============================

 



 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 13 August 2014 - 06:36 AM




Hello hught78

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

USP10.dll

It then should look like:

Search: USP10.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 13 August 2014 - 07:24 PM

I ran the Farbar tool again, log is below. I also did a search for USP10.dll but got the message "The file or directory C:\$Mft is corrupt or unreadable. Please run the Chkdsk utility." This Search.txt log is also below. I ran Chkdsk /f and it ran into a bunch of corrupt sectors at around 9%. It skipped a bunch and ended up stopping on it's own around 10%. 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by SYSTEM on MININT-14DF3P4 on 13-08-2014 17:08:08
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [DesktopAuthority User Experience] => "C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.10.255\CBM\ScriptLogic.CBM.UserExperience.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\ihucalukadm\...\RunOnce: [617_126664260414] => C:\Users\MTO\AppData\Local\LMIR0001.tmp_r.bat [331 2014-06-17] ()
HKU\ihucalukadm\...\Policies\system: [NoDispScrSavPage] 0
HKU\MTO\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\MTO\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\MTO\...\Run: [SmartOffice Desktop Integrations] => [X]
HKU\MTO\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\MTO\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
HKU\MTO\...\RunOnce: [617_1222211260414] => C:\Users\MTO\AppData\Local\LMIR0003.tmp_r.bat [323 2014-06-17] ()
HKU\tgray\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\tgray\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\tgray\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\tgray\...\Run: [SOFileManager] => C:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exe [19808 2013-10-04] (Ebix CRM)
HKU\tgray\...\Run: [SmartOffice Desktop Integrations] => C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms
HKU\tgray\...\Run: [Google Update] => C:\Users\tgray\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
HKU\tgray\...\Policies\system: [HideLogoffScripts] 0
HKU\tgray\...\Policies\system: [HideLogonScripts] 0
HKU\tgray\...\Policies\Explorer: [DisallowCpl] 1
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [68096 2011-11-20] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnk
ShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Program Files (x86)\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (Ebix CRM)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [265048 2011-11-15] (Symantec Corporation)
S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2107736 2011-11-15] (Symantec Corporation)
S2 Agent; C:\windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408408 2011-11-15] (Symantec Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [267368 2011-08-12] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MSSQL$SQL_LSIDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2013-10-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-04-19] (Symantec Corporation)
S2 SLInstall; c:\windows\syswow64\slinstall.exe [557920 2010-11-07] (ScriptLogic Software Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2530392 2011-09-09] (South River Technologies, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140718.013\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-04-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-04-29] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-19] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-19] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-19] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-19] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-19] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-19] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2014-02-24] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-19] (Symantec Corporation)
S2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [186968 2011-09-09] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:54 - 2014-08-13 17:08 - 00000000 ____D () C:\FRST
2014-08-12 06:42 - 2014-08-12 09:08 - 442691820 _____ () C:\Windows\MEMORY.DMP
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-30 12:02 - 2009-06-10 13:00 - 00000824 _____ () C:\Windows\System32\Drivers\etc\hosts.20140730-130243.backup
2014-07-23 06:49 - 2014-07-30 11:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:49 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-07-23 06:48 - 2014-07-30 12:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-23 06:47 - 2014-07-23 06:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-19 11:10 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-19 11:10 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 11:10 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-19 11:08 - 2014-06-06 20:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-19 11:08 - 2014-06-06 19:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-19 11:08 - 2014-06-06 18:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-19 11:08 - 2014-06-06 18:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-19 11:08 - 2014-06-06 18:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 18:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-19 11:08 - 2014-06-06 18:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-07-19 11:08 - 2014-06-06 18:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 18:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00096768 _____ () C:\Windows\System32\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 18:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-07-19 11:08 - 2014-06-06 18:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-19 11:08 - 2014-06-06 16:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 11:08 - 2014-06-06 15:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 11:08 - 2014-06-06 15:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 11:08 - 2014-06-06 15:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 11:08 - 2014-06-06 15:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 15:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 11:08 - 2014-06-06 15:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 11:08 - 2014-06-06 14:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 14:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 11:08 - 2014-06-06 14:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 14:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 14:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 11:08 - 2014-06-06 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-19 11:07 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-19 11:07 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 11:07 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 17:08 - 2014-08-12 19:54 - 00000000 ____D () C:\FRST
2014-08-12 09:08 - 2014-08-12 06:42 - 442691820 _____ () C:\Windows\MEMORY.DMP
2014-08-12 09:08 - 2010-11-20 19:47 - 00794348 _____ () C:\Windows\PFRO.log
2014-08-12 06:24 - 2012-02-07 20:33 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Skype
2014-08-12 06:23 - 2011-08-22 22:07 - 01126805 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 06:20 - 2014-02-19 08:59 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-515967899-963894560-682003330-64691.job
2014-08-12 06:09 - 2012-05-30 14:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9C97D74-E4FF-4A07-9FDE-D43855937BC8}
2014-08-12 06:03 - 2013-12-10 14:09 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691UA.job
2014-08-12 06:03 - 2013-12-10 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691Core.job
2014-08-12 06:03 - 2011-08-22 22:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 05:59 - 2011-08-22 22:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 05:56 - 2012-06-13 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-04 03:50 - 2012-10-26 10:25 - 00000306 _____ () C:\Windows\Tasks\Laser App Enterprise Updates.job
2014-08-03 15:17 - 2009-07-13 20:51 - 00113753 _____ () C:\Windows\setupact.log
2014-08-02 05:29 - 2012-01-22 10:04 - 00000000 ____D () C:\Users\tgray\AppData\Local\CrashDumps
2014-08-01 14:30 - 2012-01-05 13:32 - 00000248 _____ () C:\Windows\System32\config\netlogon.ftl
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 09:44 - 2012-07-04 07:31 - 00000000 ___RD () C:\Users\tgray\Dropbox
2014-08-01 09:44 - 2012-07-04 07:28 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Dropbox
2014-08-01 09:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-08-01 09:21 - 2012-01-05 13:43 - 00004098 __RSH () C:\Users\tgray\ntuser.pol
2014-08-01 09:21 - 2012-01-05 13:43 - 00000000 ____D () C:\users\tgray
2014-08-01 09:20 - 2012-02-07 20:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-31 09:10 - 2012-04-23 09:48 - 00000000 ____D () C:\Users\tgray\AppData\Local\Deployment
2014-07-30 16:17 - 2012-02-17 13:34 - 00000000 ____D () C:\Users\tgray\Documents\Pac Cap New Business
2014-07-30 12:37 - 2014-07-23 06:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-30 11:55 - 2014-07-23 06:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-30 11:31 - 2014-06-17 12:40 - 00000000 ____D () C:\Users\tgray\Documents\Sandler
2014-07-29 05:15 - 2012-07-04 07:31 - 00001033 _____ () C:\Users\tgray\Desktop\Dropbox.lnk
2014-07-29 04:48 - 2014-06-24 08:45 - 00000000 ____D () C:\Users\tgray\Documents\ValuePrism
2014-07-24 11:20 - 2012-07-18 08:45 - 00000000 ____D () C:\Users\tgray\AppData\Local\Pershing
2014-07-24 08:14 - 2011-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\WealthInMotion Software
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:48 - 2014-07-23 06:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-22 07:43 - 2013-10-17 13:16 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-22 07:43 - 2013-02-20 15:04 - 00205335 _____ () C:\Windows\System32\sdtn
2014-07-21 14:14 - 2012-01-31 13:52 - 00000000 ____D () C:\Users\tgray\Documents\WealthInMotion-Exports
2014-07-20 09:59 - 2009-07-13 20:45 - 00424408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-19 11:48 - 2009-07-13 21:13 - 00796258 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-19 11:07 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf
2014-07-18 07:00 - 2012-09-10 09:34 - 00000000 ____D () C:\Users\tgray\Documents\Ted Personal
2014-07-17 12:38 - 2013-06-11 06:52 - 00000000 ____D () C:\Users\tgray\Documents\Data Prism
2014-07-17 10:03 - 2012-01-05 13:34 - 00064398 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 20:00 - 2013-02-10 23:04 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 14:15 - 2013-10-02 06:23 - 00000000 ____D () C:\Users\tgray\Documents\MAGU 2014
2014-07-14 12:46 - 2011-11-25 17:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 10:10 - 2012-04-27 10:56 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Ebix Inc

Files to move or delete:
====================
C:\Users\MTO\g2ax_customer_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\MTO\AppData\Local\Temp\Quarantine.exe
C:\Users\MTO\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\MTO\AppData\Local\Temp\ytextpdg.dll
C:\Users\tgray\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbcdeg.dll


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8098.69 MB
Available physical RAM: 7232.67 MB
Total Pagefile: 8096.89 MB
Available Pagefile: 7238.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:683.05 GB) (Free:512.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.91 GB) (Free:11.71 GB) NTFS
Drive g: (MTS) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-07-28 10:46

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by SYSTEM at 2014-08-13 17:12:41
Running from G:\
Boot Mode: Recovery

================== Search Files: "USP10.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_af5759f4d002f107\usp10.dll
[2014-07-03 08:34][2014-04-24 17:58] 0626688 ____A (Microsoft Corporation) 5A7B3405C2AAE5369F6CB42FE248FBB0

C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_aed68a9bb6df0577\usp10.dll
[2014-07-03 08:34][2014-04-24 18:06] 0626688 ____A (Microsoft Corporation) A5F833506BF6A1B5D693E1499DEE2444

C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
[2010-11-20 19:24][2010-11-20 19:24] 0626176 ____A (Microsoft Corporation) 804AAAFEBB3AD5F49334DD906BCB1DE5

C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_0b75f5788860623d\usp10.dll
[2014-07-03 08:34][2014-04-24 18:27] 0801792 ____A (Microsoft Corporation) BB2B03C6B6778A9B2866A049CC600D55

C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[2010-11-20 19:24][2010-11-20 19:24] 0800256 ____A (Microsoft Corporation) 2F8B1E3EE3545D3B5A8D56FA1AE07B65

C:\Windows\SysWOW64\usp10.dll
[2014-07-03 08:34][2014-04-24 18:06] 0626688 ____A (Microsoft Corporation) A5F833506BF6A1B5D693E1499DEE2444

C:\Program Files (x86)\Ebix Inc\ActiveXViewer\usp10.dll
[2012-04-23 05:28][2012-04-23 05:28] 0325120 ____A (Microsoft Corporation) 6D682A9D1BA5218798882A30F44E7194

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL
[2014-05-13 20:32][2014-05-13 20:32] 0649504 ____A (Microsoft Corporation) 2FAAEDA01EF1ACEB6DC103BB8892AD13

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\USP10.DLL
[2010-04-16 09:49][2010-04-16 09:49] 0503296 ____A (Microsoft Corporation) 25F871603C32AA61BBE5B292521F5772

X:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[2010-11-20 01:50][2010-11-20 05:27] 0800256 ____A (Microsoft Corporation) 2F8B1E3EE3545D3B5A8D56FA1AE07B65

X:\Windows\System32\usp10.dll
[2010-11-20 01:50][2010-11-20 05:27] 0800256 ____A (Microsoft Corporation) 2F8B1E3EE3545D3B5A8D56FA1AE07B65

====== End Of Search ======



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 14 August 2014 - 11:31 AM


Hello hught78



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
Replace: X:\Windows\System32\usp10.dll C:\Windows\System32\USP10.dll 
C:\Users\MTO\AppData\Local\Temp\Quarantine.exe
C:\Users\MTO\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\MTO\AppData\Local\Temp\ytextpdg.dll
C:\Users\tgray\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbcdeg.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 14 August 2014 - 10:02 PM

Hey Gringo, Thanks for all the help so far. I get a new, standard blue screen now when I boot regularly and in Safe Mode. I don't think chkdsk will work since before since it hasn't been able to get past 10% before, but I'm keeping hope alive. The log is below and the new blue screen error is as follows: STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA800B6B3920, 0XFFFFFA800B6B3C00,0XFFFFF800035DE0D0)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by SYSTEM at 2014-08-14 19:37:54 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Replace: X:\Windows\System32\usp10.dll C:\Windows\System32\USP10.dll
C:\Users\MTO\AppData\Local\Temp\Quarantine.exe
C:\Users\MTO\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\MTO\AppData\Local\Temp\ytextpdg.dll
C:\Users\tgray\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbcdeg.dll
*****************

Could not find C:\Windows\System32\USP10.dll.
X:\Windows\System32\usp10.dll copied successfully to C:\Windows\System32\USP10.dll
C:\Users\MTO\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\MTO\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\MTO\AppData\Local\Temp\ytextpdg.dll => Moved successfully.
C:\Users\tgray\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbcdeg.dll => Moved successfully.

==== End of Fixlog ====

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 15 August 2014 - 06:56 AM

OK rerun me a new FRST scan for me

Have you tried safe mode lately?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 15 August 2014 - 10:54 AM

In Safe Mode I get a blue screen with the  error: STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA800B6B3920, 0XFFFFFA800B6B3C00,0XFFFFF800035DE0D0)

Here's the latest FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by SYSTEM on MININT-0E2QR93 on 15-08-2014 08:49:52
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [DesktopAuthority User Experience] => "C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.10.255\CBM\ScriptLogic.CBM.UserExperience.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\ihucalukadm\...\RunOnce: [617_126664260414] => C:\Users\MTO\AppData\Local\LMIR0001.tmp_r.bat [331 2014-06-17] ()
HKU\ihucalukadm\...\Policies\system: [NoDispScrSavPage] 0
HKU\MTO\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\MTO\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\MTO\...\Run: [SmartOffice Desktop Integrations] => [X]
HKU\MTO\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\MTO\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
HKU\MTO\...\RunOnce: [617_1222211260414] => C:\Users\MTO\AppData\Local\LMIR0003.tmp_r.bat [323 2014-06-17] ()
HKU\tgray\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\tgray\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\tgray\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\tgray\...\Run: [SOFileManager] => C:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exe [19808 2013-10-04] (Ebix CRM)
HKU\tgray\...\Run: [SmartOffice Desktop Integrations] => C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms
HKU\tgray\...\Run: [Google Update] => C:\Users\tgray\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
HKU\tgray\...\Policies\system: [HideLogoffScripts] 0
HKU\tgray\...\Policies\system: [HideLogonScripts] 0
HKU\tgray\...\Policies\Explorer: [DisallowCpl] 1
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [68096 2011-11-20] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnk
ShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Program Files (x86)\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (Ebix CRM)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [265048 2011-11-15] (Symantec Corporation)
S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2107736 2011-11-15] (Symantec Corporation)
S2 Agent; C:\windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408408 2011-11-15] (Symantec Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [267368 2011-08-12] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MSSQL$SQL_LSIDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2013-10-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-04-19] (Symantec Corporation)
S2 SLInstall; c:\windows\syswow64\slinstall.exe [557920 2010-11-07] (ScriptLogic Software Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2530392 2011-09-09] (South River Technologies, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140718.013\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-04-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-04-29] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-19] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-19] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-19] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-19] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-19] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-19] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2014-02-24] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-19] (Symantec Corporation)
S2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [186968 2011-09-09] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 19:37 - 2010-11-20 05:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\System32\USP10.dll
2014-08-13 16:46 - 2014-08-13 16:46 - 00003352 ____N () C:\bootsqm.dat
2014-08-12 19:54 - 2014-08-15 08:49 - 00000000 ____D () C:\FRST
2014-08-12 06:42 - 2014-08-14 18:43 - 489722082 _____ () C:\Windows\MEMORY.DMP
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-30 12:02 - 2009-06-10 13:00 - 00000824 _____ () C:\Windows\System32\Drivers\etc\hosts.20140730-130243.backup
2014-07-23 06:49 - 2014-07-30 11:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:49 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-07-23 06:48 - 2014-07-30 12:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-23 06:47 - 2014-07-23 06:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-19 11:10 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-19 11:10 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 11:10 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-19 11:08 - 2014-06-06 20:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-19 11:08 - 2014-06-06 19:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-19 11:08 - 2014-06-06 18:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-19 11:08 - 2014-06-06 18:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-19 11:08 - 2014-06-06 18:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 18:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-19 11:08 - 2014-06-06 18:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-07-19 11:08 - 2014-06-06 18:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 18:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 18:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-07-19 11:08 - 2014-06-06 18:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-19 11:08 - 2014-06-06 16:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 11:08 - 2014-06-06 15:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 11:08 - 2014-06-06 15:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 11:08 - 2014-06-06 15:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 11:08 - 2014-06-06 15:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 15:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 11:08 - 2014-06-06 15:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 11:08 - 2014-06-06 14:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 14:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 11:08 - 2014-06-06 14:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 14:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 14:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 11:08 - 2014-06-06 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-19 11:07 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-19 11:07 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 11:07 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 08:49 - 2014-08-12 19:54 - 00000000 ____D () C:\FRST
2014-08-14 18:43 - 2014-08-12 06:42 - 489722082 _____ () C:\Windows\MEMORY.DMP
2014-08-13 16:46 - 2014-08-13 16:46 - 00003352 ____N () C:\bootsqm.dat
2014-08-12 09:08 - 2010-11-20 19:47 - 00794348 _____ () C:\Windows\PFRO.log
2014-08-12 06:24 - 2012-02-07 20:33 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Skype
2014-08-12 06:23 - 2011-08-22 22:07 - 01126805 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 06:20 - 2014-02-19 08:59 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-515967899-963894560-682003330-64691.job
2014-08-12 06:09 - 2012-05-30 14:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9C97D74-E4FF-4A07-9FDE-D43855937BC8}
2014-08-12 06:03 - 2013-12-10 14:09 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691UA.job
2014-08-12 06:03 - 2013-12-10 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691Core.job
2014-08-12 06:03 - 2011-08-22 22:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 05:59 - 2011-08-22 22:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 05:56 - 2012-06-13 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-04 03:50 - 2012-10-26 10:25 - 00000306 _____ () C:\Windows\Tasks\Laser App Enterprise Updates.job
2014-08-03 15:17 - 2009-07-13 20:51 - 00113753 _____ () C:\Windows\setupact.log
2014-08-02 05:29 - 2012-01-22 10:04 - 00000000 ____D () C:\Users\tgray\AppData\Local\CrashDumps
2014-08-01 14:30 - 2012-01-05 13:32 - 00000248 _____ () C:\Windows\System32\config\netlogon.ftl
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 09:44 - 2012-07-04 07:31 - 00000000 ___RD () C:\Users\tgray\Dropbox
2014-08-01 09:44 - 2012-07-04 07:28 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Dropbox
2014-08-01 09:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-08-01 09:21 - 2012-01-05 13:43 - 00004098 __RSH () C:\Users\tgray\ntuser.pol
2014-08-01 09:21 - 2012-01-05 13:43 - 00000000 ____D () C:\users\tgray
2014-08-01 09:20 - 2012-02-07 20:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-31 09:10 - 2012-04-23 09:48 - 00000000 ____D () C:\Users\tgray\AppData\Local\Deployment
2014-07-30 16:17 - 2012-02-17 13:34 - 00000000 ____D () C:\Users\tgray\Documents\Pac Cap New Business
2014-07-30 12:37 - 2014-07-23 06:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-30 11:55 - 2014-07-23 06:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-30 11:31 - 2014-06-17 12:40 - 00000000 ____D () C:\Users\tgray\Documents\Sandler
2014-07-29 05:15 - 2012-07-04 07:31 - 00001033 _____ () C:\Users\tgray\Desktop\Dropbox.lnk
2014-07-29 04:48 - 2014-06-24 08:45 - 00000000 ____D () C:\Users\tgray\Documents\ValuePrism
2014-07-24 11:20 - 2012-07-18 08:45 - 00000000 ____D () C:\Users\tgray\AppData\Local\Pershing
2014-07-24 08:14 - 2011-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\WealthInMotion Software
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:48 - 2014-07-23 06:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-22 07:43 - 2013-10-17 13:16 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-22 07:43 - 2013-02-20 15:04 - 00205335 _____ () C:\Windows\System32\sdtn
2014-07-21 14:14 - 2012-01-31 13:52 - 00000000 ____D () C:\Users\tgray\Documents\WealthInMotion-Exports
2014-07-20 09:59 - 2009-07-13 20:45 - 00424408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-19 11:48 - 2009-07-13 21:13 - 00796258 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-19 11:07 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf
2014-07-18 07:00 - 2012-09-10 09:34 - 00000000 ____D () C:\Users\tgray\Documents\Ted Personal
2014-07-17 12:38 - 2013-06-11 06:52 - 00000000 ____D () C:\Users\tgray\Documents\Data Prism
2014-07-17 10:03 - 2012-01-05 13:34 - 00064398 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 20:00 - 2013-02-10 23:04 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\MTO\g2ax_customer_downloadhelper_win32_x86.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8098.69 MB
Available physical RAM: 7223.4 MB
Total Pagefile: 8096.89 MB
Available Pagefile: 7230.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:683.05 GB) (Free:512.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (MTS) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
Drive g: () (Removable) (Total:14.91 GB) (Free:11.71 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-07-28 10:46

==================== End Of Log ============================



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 15 August 2014 - 11:21 AM


Hello XXX



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
CMD: bootrec /fixmbr
CMD: bootrec /fixboot
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 15 August 2014 - 06:56 PM

Hi Gringo,

After running Fixlist.txt and booting normally and in safe mode, I continue to get the blue screen with the same error I mentioned above. The Fixlog.txt is below. Thank you for you continued help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by SYSTEM at 2014-08-15 14:14:15 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
CMD: bootrec /fixmbr
CMD: bootrec /fixboot
*****************


=========  bootrec /fixmbr =========

??The operation completed successfully.

========= End of CMD: =========


=========  bootrec /fixboot =========

??The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog ====



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 17 August 2014 - 06:00 AM



Hello hught78



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
LastRegBack: 2014-07-28 10:46
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 17 August 2014 - 12:39 PM

I still get the same Blue Screen error at boot in both regular and safe modes. The BSOD pops up just after the "Starting Windows" screen disappears and mouse pointer pops up: STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA800B6B3920, 0XFFFFFA800B6B3C00,0XFFFFF800035DE0D0). Fixlog and FRST.txt are below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by SYSTEM at 2014-08-17 10:28:39 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-07-28 10:46
*****************

Could not copy DEFAULT hive.
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by SYSTEM on MININT-0MMSHRG on 17-08-2014 10:36:25
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [DesktopAuthority User Experience] => "C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.10.255\CBM\ScriptLogic.CBM.UserExperience.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\ihucalukadm\...\RunOnce: [617_126664260414] => C:\Users\MTO\AppData\Local\LMIR0001.tmp_r.bat [331 2014-06-17] ()
HKU\ihucalukadm\...\Policies\system: [NoDispScrSavPage] 0
HKU\MTO\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\MTO\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\MTO\...\Run: [SmartOffice Desktop Integrations] => [X]
HKU\MTO\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\MTO\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
HKU\MTO\...\RunOnce: [617_1222211260414] => C:\Users\MTO\AppData\Local\LMIR0003.tmp_r.bat [323 2014-06-17] ()
HKU\tgray\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\tgray\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1314328 2013-05-09] (Laser App Software Inc.)
HKU\tgray\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\tgray\...\Run: [SOFileManager] => C:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exe [19808 2013-10-04] (Ebix CRM)
HKU\tgray\...\Run: [SmartOffice Desktop Integrations] => C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms
HKU\tgray\...\Run: [Google Update] => C:\Users\tgray\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
HKU\tgray\...\Policies\system: [HideLogoffScripts] 0
HKU\tgray\...\Policies\system: [HideLogonScripts] 0
HKU\tgray\...\Policies\Explorer: [DisallowCpl] 1
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [68096 2011-11-20] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\tgray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnk
ShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Program Files (x86)\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (Ebix CRM)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [265048 2011-11-15] (Symantec Corporation)
S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2107736 2011-11-15] (Symantec Corporation)
S2 Agent; C:\windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408408 2011-11-15] (Symantec Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [267368 2011-08-12] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MSSQL$SQL_LSIDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2013-10-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-04-19] (Symantec Corporation)
S2 SLInstall; c:\windows\syswow64\slinstall.exe [557920 2010-11-07] (ScriptLogic Software Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2530392 2011-09-09] (South River Technologies, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-19] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-19] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-19] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-19] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-19] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-19] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2014-02-24] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-19] (Symantec Corporation)
S2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [186968 2011-09-09] ()
S1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx64.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140725.001\IDSvia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140727.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140727.021\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 10:28 - 2014-08-17 10:28 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-14 19:37 - 2010-11-20 05:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\System32\USP10.dll
2014-08-13 16:46 - 2014-08-13 16:46 - 00003352 ____N () C:\bootsqm.dat
2014-08-12 19:54 - 2014-08-17 10:36 - 00000000 ____D () C:\FRST
2014-08-12 06:42 - 2014-08-17 09:34 - 311194970 _____ () C:\Windows\MEMORY.DMP
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-30 12:02 - 2009-06-10 13:00 - 00000824 _____ () C:\Windows\System32\Drivers\etc\hosts.20140730-130243.backup
2014-07-23 06:49 - 2014-07-30 11:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:49 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-07-23 06:48 - 2014-07-30 12:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-23 06:47 - 2014-07-23 06:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-19 11:10 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-19 11:10 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 11:10 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-19 11:08 - 2014-06-06 20:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-19 11:08 - 2014-06-06 19:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-19 11:08 - 2014-06-06 18:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-19 11:08 - 2014-06-06 18:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-19 11:08 - 2014-06-06 18:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 18:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-19 11:08 - 2014-06-06 18:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-07-19 11:08 - 2014-06-06 18:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-19 11:08 - 2014-06-06 18:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 18:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 18:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 18:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 18:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-07-19 11:08 - 2014-06-06 18:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-19 11:08 - 2014-06-06 16:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 11:08 - 2014-06-06 15:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 11:08 - 2014-06-06 15:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 11:08 - 2014-06-06 15:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 11:08 - 2014-06-06 15:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 11:08 - 2014-06-06 15:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 11:08 - 2014-06-06 15:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 11:08 - 2014-06-06 14:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-19 11:08 - 2014-06-06 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-19 11:08 - 2014-06-06 14:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 11:08 - 2014-06-06 14:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 11:08 - 2014-06-06 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 11:08 - 2014-06-06 14:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 11:08 - 2014-06-06 14:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-19 11:08 - 2014-06-06 14:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 11:08 - 2014-06-06 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-19 11:07 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-19 11:07 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 11:07 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 10:36 - 2014-08-12 19:54 - 00000000 ____D () C:\FRST
2014-08-17 10:28 - 2014-08-17 10:28 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-17 09:34 - 2014-08-12 06:42 - 311194970 _____ () C:\Windows\MEMORY.DMP
2014-08-13 16:46 - 2014-08-13 16:46 - 00003352 ____N () C:\bootsqm.dat
2014-08-12 09:08 - 2010-11-20 19:47 - 00794348 _____ () C:\Windows\PFRO.log
2014-08-12 06:24 - 2012-02-07 20:33 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Skype
2014-08-12 06:23 - 2011-08-22 22:07 - 01126805 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 06:20 - 2014-02-19 08:59 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-515967899-963894560-682003330-64691.job
2014-08-12 06:09 - 2012-05-30 14:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9C97D74-E4FF-4A07-9FDE-D43855937BC8}
2014-08-12 06:03 - 2013-12-10 14:09 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691UA.job
2014-08-12 06:03 - 2013-12-10 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-963894560-682003330-64691Core.job
2014-08-12 06:03 - 2011-08-22 22:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 05:59 - 2011-08-22 22:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 05:56 - 2012-06-13 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 02:06 - 2014-08-12 02:06 - 00000073 _____ () C:\Windows\{3cc44a9f-c1ab-41b5-a954-38e8fc3d2451}
2014-08-04 03:50 - 2012-10-26 10:25 - 00000306 _____ () C:\Windows\Tasks\Laser App Enterprise Updates.job
2014-08-03 15:17 - 2009-07-13 20:51 - 00113753 _____ () C:\Windows\setupact.log
2014-08-02 05:29 - 2012-01-22 10:04 - 00000000 ____D () C:\Users\tgray\AppData\Local\CrashDumps
2014-08-01 14:30 - 2012-01-05 13:32 - 00000248 _____ () C:\Windows\System32\config\netlogon.ftl
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 10:01 - 2009-07-13 20:45 - 00030288 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 09:44 - 2012-07-04 07:31 - 00000000 ___RD () C:\Users\tgray\Dropbox
2014-08-01 09:44 - 2012-07-04 07:28 - 00000000 ____D () C:\Users\tgray\AppData\Roaming\Dropbox
2014-08-01 09:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Symantec
2014-08-01 09:21 - 2014-08-01 09:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Symantec
2014-08-01 09:21 - 2012-01-05 13:43 - 00004098 __RSH () C:\Users\tgray\ntuser.pol
2014-08-01 09:21 - 2012-01-05 13:43 - 00000000 ____D () C:\users\tgray
2014-08-01 09:20 - 2012-02-07 20:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\Users\tgray\AppData\Local\PackageAware
2014-07-31 09:10 - 2012-04-23 09:48 - 00000000 ____D () C:\Users\tgray\AppData\Local\Deployment
2014-07-30 16:17 - 2012-02-17 13:34 - 00000000 ____D () C:\Users\tgray\Documents\Pac Cap New Business
2014-07-30 12:37 - 2014-07-23 06:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-30 11:55 - 2014-07-23 06:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-30 11:31 - 2014-06-17 12:40 - 00000000 ____D () C:\Users\tgray\Documents\Sandler
2014-07-29 05:15 - 2012-07-04 07:31 - 00001033 _____ () C:\Users\tgray\Desktop\Dropbox.lnk
2014-07-29 04:48 - 2014-06-24 08:45 - 00000000 ____D () C:\Users\tgray\Documents\ValuePrism
2014-07-24 11:20 - 2012-07-18 08:45 - 00000000 ____D () C:\Users\tgray\AppData\Local\Pershing
2014-07-24 08:14 - 2011-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\WealthInMotion Software
2014-07-23 06:49 - 2014-07-23 06:49 - 00001350 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-23 06:49 - 2014-07-23 06:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-23 06:48 - 2014-07-23 06:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\tgray\Downloads\spybot-2.4.exe
2014-07-22 07:43 - 2013-10-17 13:16 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-22 07:43 - 2013-02-20 15:04 - 00205335 _____ () C:\Windows\System32\sdtn
2014-07-21 14:14 - 2012-01-31 13:52 - 00000000 ____D () C:\Users\tgray\Documents\WealthInMotion-Exports
2014-07-20 09:59 - 2009-07-13 20:45 - 00424408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-19 11:48 - 2009-07-13 21:13 - 00796258 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-19 11:07 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 12:45 - 2014-07-18 12:45 - 00183430 ____N () C:\Users\tgray\Desktop\Roache, Raymond(07-18-2014).clf
2014-07-18 07:00 - 2012-09-10 09:34 - 00000000 ____D () C:\Users\tgray\Documents\Ted Personal

Files to move or delete:
====================
C:\Users\MTO\g2ax_customer_downloadhelper_win32_x86.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8098.69 MB
Available physical RAM: 7211.25 MB
Total Pagefile: 8096.89 MB
Available Pagefile: 7204.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:683.05 GB) (Free:512.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (MTS) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
Drive g: () (Removable) (Total:14.91 GB) (Free:11.71 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-07-28 10:46

==================== End Of Log ============================



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 18 August 2014 - 07:23 AM

Hello

When you go into the recovery one of the options are to use system restore - I want you to try and use a couple of them and see if you can get it to work.

I am starting to run out of ideas to get this to work


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 18 August 2014 - 02:40 PM

Hey Gringo,

There aren't any Restore Points available. It's OK if we can't fix this. I have a hunch one of the files that needs fixing is located on a sector that's gone bad and can't be accessed. I know the drive has many bad sectors that can't be repaired by CHKDSK.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 18 August 2014 - 03:32 PM

Hello

When I seen this

C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!

I thought we had a good chance - if there are files that you want off you may use something like puppy linux to remove them

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hught78

hught78
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 19 August 2014 - 10:11 PM

OK, I removed important files and reinstalled. Thanks for all the assistance along the way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users