Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ok this is my final go at this, I know I am infected, please sort this out.


  • This topic is locked This topic is locked
7 replies to this topic

#1 BOV72

BOV72

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 02:40 PM

Hello-  I'm sure most have read my multiple posts, as i have been sent from forum to forum.  The gentlemen who have helped me have been quite pleasant and helpful.  However, ive been told i have no infection, but i really believe I do.  I once again formatted the partition, installed windows 7 and only added bit defender 2017. well, and chrome, so i could download it.  i will provide the logs, please, please, help me sort this out. thank you in advance.

Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by Tenn-Vols_72 (16-10-2016 15:14:36)
Running from C:\Users\Tenn-Vols_72\Downloads
Boot Mode: Safe Mode (with Networking)
 
================== Search Registry: "csrss.exe" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\csrss.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\csrss.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"
 
====== End of Search ======
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016
Ran by Tenn-Vols_72 (administrator) on TENN-VOLS_72-PC (16-10-2016 15:29:22)
Running from C:\Users\Tenn-Vols_72\Downloads
Loaded Profiles: Tenn-Vols_72 (Available Profiles: Tenn-Vols_72)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tenn-Vols_72\Downloads\FRST64.com
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [320208 2016-09-01] (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3984FBCC-95AE-4F83-853C-43F6C9071776}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB50F68B-FAD0-4E67-AB5D-34D0DD6BC9F7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3630174162-2913175264-899062270-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-10-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-16] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]
CHR Extension: (Google Docs) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-16]
CHR Extension: (Google Drive) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16]
CHR Extension: (YouTube) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16]
CHR Extension: (Google Sheets) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2016-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-16]
CHR Extension: (Gmail) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-08-24] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1306832 2016-10-04] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-06-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-06-03] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-15] (BitDefender LLC)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [300840 2016-08-11] (Bitdefender)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-03-10] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-16 15:30 - 2016-10-16 08:50 - 00000000 ____D C:\Windows\Panther
2016-10-16 15:29 - 2016-10-16 15:29 - 00008753 _____ C:\Users\Tenn-Vols_72\Downloads\FRST.txt
2016-10-16 15:28 - 2016-10-16 15:29 - 00000000 ____D C:\Users\Tenn-Vols_72\Desktop\Reports
2016-10-16 15:23 - 2016-10-16 15:23 - 00092072 _____ C:\Users\Tenn-Vols_72\Downloads\OTL.Txt
2016-10-16 15:23 - 2016-10-16 15:23 - 00031670 _____ C:\Users\Tenn-Vols_72\Downloads\Extras.Txt
2016-10-16 15:18 - 2016-10-16 15:18 - 00602112 _____ (OldTimer Tools) C:\Users\Tenn-Vols_72\Downloads\OTL (1).exe
2016-10-16 15:14 - 2016-10-16 15:14 - 00003701 _____ C:\Users\Tenn-Vols_72\Downloads\SearchReg.txt
2016-10-16 15:13 - 2016-10-16 15:13 - 02406912 _____ (Farbar) C:\Users\Tenn-Vols_72\Downloads\FRST64.com
2016-10-16 14:57 - 2016-10-16 14:57 - 00602112 _____ (OldTimer Tools) C:\Users\Tenn-Vols_72\Downloads\OTL.exe
2016-10-16 14:50 - 2016-10-16 15:29 - 00000000 ____D C:\FRST
2016-10-16 14:42 - 2016-10-16 14:42 - 00175252 _____ C:\TDSSKiller.3.1.0.11_16.10.2016_14.42.19_log.txt
2016-10-16 14:33 - 2016-10-16 14:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-10-16 14:09 - 2016-10-16 14:09 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-16 14:09 - 2016-10-16 14:09 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-16 14:09 - 2016-10-16 14:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d227d86b8f1840.job
2016-10-16 14:08 - 2016-10-16 14:08 - 01065376 _____ (Google Inc.) C:\Users\Tenn-Vols_72\Downloads\ChromeSetup.exe
2016-10-16 14:06 - 2016-10-16 14:22 - 00000000 ____D C:\Users\Tenn-Vols_72\Desktop\Bleeping Computer
2016-10-16 14:04 - 2016-10-16 15:08 - 00147720 _____ C:\Windows\ntbtlog.txt
2016-10-16 13:59 - 2016-10-16 13:59 - 00026261 _____ C:\ProgramData\agent.1476640763.bdinstall.bin
2016-10-16 13:55 - 2016-10-16 13:58 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Temp
2016-10-16 09:59 - 2016-10-16 14:00 - 00002362 _____ C:\bdlog.txt
2016-10-16 09:54 - 2016-10-16 09:54 - 00355766 _____ C:\ProgramData\cl.1476625850.bdinstall.bin
2016-10-16 09:54 - 2016-10-16 09:54 - 00055447 _____ C:\ProgramData\dm.1476626054.bdinstall.bin
2016-10-16 09:54 - 2016-10-16 09:54 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-10-16 09:54 - 2016-10-16 09:54 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-16 09:53 - 2016-10-16 13:59 - 00000000 ____D C:\ProgramData\BDLogging
2016-10-16 09:53 - 2016-10-16 09:53 - 00002226 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2016-10-16 09:53 - 2016-10-16 09:53 - 00000684 ____H C:\bdr-cf01
2016-10-16 09:53 - 2016-10-16 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2016-10-16 09:52 - 2016-10-16 09:54 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Roaming\Bitdefender
2016-10-16 09:52 - 2016-10-16 09:53 - 00253404 ____H C:\bdr-ld01
2016-10-16 09:52 - 2016-10-16 09:53 - 00009216 ____H C:\bdr-ld01.mbr
2016-10-16 09:52 - 2016-08-11 17:42 - 00300840 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-10-16 09:52 - 2016-06-29 18:07 - 01603264 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-10-16 09:52 - 2016-06-03 17:05 - 00850464 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-10-16 09:52 - 2016-04-18 12:37 - 49758821 ____H C:\bdr-im01.gz
2016-10-16 09:52 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-10-16 09:52 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2016-10-16 09:52 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-10-16 09:51 - 2016-10-16 13:55 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-16 09:51 - 2016-10-16 09:54 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-16 09:51 - 2016-10-16 09:51 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-10-16 09:51 - 2016-03-10 07:41 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-10-16 09:51 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-10-16 09:50 - 2016-10-16 09:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-16 09:50 - 2016-10-16 09:50 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Roaming\QuickScan
2016-10-16 09:49 - 2016-10-16 14:48 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-16 09:49 - 2016-10-16 09:49 - 00046044 _____ C:\ProgramData\agent.1476625740.bdinstall.bin
2016-10-16 09:49 - 2016-10-16 09:49 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-10-16 09:48 - 2016-10-16 09:48 - 09052608 _____ C:\Users\Tenn-Vols_72\Downloads\bitdefender_windows_7baa9e67-63f2-499b-861c-907a3a88c77d.exe
2016-10-16 09:47 - 2016-10-16 14:47 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-16 09:47 - 2016-10-16 14:16 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Local\Google
2016-10-16 09:47 - 2016-10-16 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-16 09:47 - 2016-10-16 09:47 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-16 09:47 - 2016-10-16 09:47 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-16 09:47 - 2016-10-16 09:47 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Local\Deployment
2016-10-16 09:47 - 2016-10-16 09:47 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Local\Apps\2.0
2016-10-16 09:36 - 2016-10-16 09:36 - 00057560 _____ C:\Users\Tenn-Vols_72\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-16 08:51 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-16 08:51 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-16 08:51 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-16 08:51 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-16 08:51 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-16 08:51 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-16 08:51 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-16 08:51 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-16 08:51 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-16 08:51 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-16 08:50 - 2016-10-16 08:51 - 00000000 ____D C:\Users\Tenn-Vols_72
2016-10-16 08:50 - 2016-10-16 08:50 - 00000020 ___SH C:\Users\Tenn-Vols_72\ntuser.ini
2016-10-16 08:50 - 2016-10-16 08:50 - 00000000 _SHDL C:\Users\Tenn-Vols_72\My Documents
2016-10-16 08:50 - 2016-10-16 08:50 - 00000000 _SHDL C:\Users\Tenn-Vols_72\Documents\My Videos
2016-10-16 08:50 - 2016-10-16 08:50 - 00000000 _SHDL C:\Users\Tenn-Vols_72\Documents\My Pictures
2016-10-16 08:50 - 2016-10-16 08:50 - 00000000 _SHDL C:\Users\Tenn-Vols_72\Documents\My Music
2016-10-16 08:50 - 2016-10-16 08:50 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Local\VirtualStore
2016-10-16 08:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-16 08:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-16 08:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-16 08:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-16 08:50 - 2010-11-21 03:16 - 00000000 ____D C:\Users\Tenn-Vols_72\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-16 15:29 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-10-16 15:12 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-16 15:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-16 14:54 - 2009-07-14 00:45 - 00020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-16 14:54 - 2009-07-14 00:45 - 00020272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-16 14:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-16 14:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-10-16 11:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-10-16 11:43 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-16 09:58 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-16 09:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-10-16 09:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2016-10-16 09:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-16 08:50 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
 
==================== Files in the root of some directories =======
 
2016-10-16 09:49 - 2016-10-16 09:49 - 0046044 _____ () C:\ProgramData\agent.1476625740.bdinstall.bin
2016-10-16 13:59 - 2016-10-16 13:59 - 0026261 _____ () C:\ProgramData\agent.1476640763.bdinstall.bin
2016-10-16 09:54 - 2016-10-16 09:54 - 0355766 _____ () C:\ProgramData\cl.1476625850.bdinstall.bin
2016-10-16 09:54 - 2016-10-16 09:54 - 0055447 _____ () C:\ProgramData\dm.1476626054.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-16 14:30
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by Tenn-Vols_72 (16-10-2016 15:29:48)
Running from C:\Users\Tenn-Vols_72\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-10-16 12:50:25)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3630174162-2913175264-899062270-500 - Administrator - Disabled)
Guest (S-1-5-21-3630174162-2913175264-899062270-501 - Limited - Disabled)
Tenn-Vols_72 (S-1-5-21-3630174162-2913175264-899062270-1000 - Administrator - Enabled) => C:\Users\Tenn-Vols_72
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.18.898 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.18.937 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.18.898 - Bitdefender)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {519FEB0C-8D36-47E0-BFD9-02085188252A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {6FE721CB-0A8B-4EE2-8B33-1A0C265468C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
Task: {A75DBCE9-1271-49D2-B0C8-DCC47AC1C895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d227d86b8f1840.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Tenn-Vols_72\Downloads\OTL.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-10-16 14:47 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3630174162-2913175264-899062270-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{83DDF18E-A178-41E5-A9FD-0DF93666173C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
16-10-2016 08:50:34 Windows Update
16-10-2016 09:55:11 Windows Modules Installer
16-10-2016 15:04:06 OTL Restore Point - 10/16/2016 3:04:04 PM
16-10-2016 15:06:09 OTL Restore Point - 10/16/2016 3:06:09 PM
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: ignis Service
Description: ignis Service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ignis
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2016 03:09:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/16/2016 02:47:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/16/2016 02:06:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/16/2016 01:58:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (10/16/2016 01:58:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (10/16/2016 01:58:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (10/16/2016 01:58:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (10/16/2016 01:58:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (10/16/2016 01:58:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (10/16/2016 01:58:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: The specified server cannot perform the requested operation.
.
 
 
System errors:
=============
Error: (10/16/2016 03:11:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/16/2016 03:11:06 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (10/16/2016 03:11:06 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (10/16/2016 03:11:06 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (10/16/2016 03:11:06 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (10/16/2016 03:10:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/16/2016 03:10:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/16/2016 03:10:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/16/2016 03:09:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/16/2016 03:09:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 23%
Total physical RAM: 4095.11 MB
Available physical RAM: 3116.98 MB
Total Virtual: 8188.43 MB
Available Virtual: 7267.1 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:279.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D50FCF61)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
OTL logfile created on: 10/16/2016 3:19:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tenn-Vols_72\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 79.43% Memory free
8.00 Gb Paging File | 7.21 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 279.18 Gb Free Space | 93.69% Space Free | Partition Type: NTFS
 
Computer Name: TENN-VOLS_72-PC | User Name: Tenn-Vols_72 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/10/16 15:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tenn-Vols_72\Downloads\OTL (1).exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/10/06 11:49:38 | 000,100,448 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe -- (DevMgmtService)
SRV:64bit: - [2016/10/04 12:44:46 | 001,306,832 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe -- (VSSERV)
SRV:64bit: - [2016/09/13 18:38:28 | 001,088,944 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender Agent\ProductAgentService.exe -- (ProductAgentService)
SRV:64bit: - [2016/08/24 18:56:14 | 000,216,880 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/08/11 17:42:35 | 000,300,840 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ignis.sys -- (ignis)
DRV:64bit: - [2016/06/29 18:07:26 | 001,603,264 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2016/06/15 14:18:28 | 000,119,696 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2016/06/03 17:05:18 | 000,850,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2016/03/10 07:41:58 | 000,520,032 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2015/12/16 05:53:12 | 000,182,936 | ---- | M] (BitDefender LLC) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2015/12/04 19:27:06 | 000,087,912 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 61 1C 4D AE 27 D2 01  [binary data]
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3630174162-2913175264-899062270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bdwteffv20@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2017\ANTISPAM32\BDWTEFF\ [2016/10/10 20:37:39 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2017\BDTBEXT [2016/10/10 20:37:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bdwteffv20@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff\ [2016/10/10 20:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016/10/10 20:37:16 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl\21.1.5_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Tenn-Vols_72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
 
O1 HOSTS File: ([2016/10/16 14:47:56 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll (Bitdefender)
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\pmbxie.dll (Bitdefender)
O3:64bit: - HKLM\..\Toolbar: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\pmbxie.dll (Bitdefender)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe (Bitdefender)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3984FBCC-95AE-4F83-853C-43F6C9071776}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB50F68B-FAD0-4E67-AB5D-34D0DD6BC9F7}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/10/16 15:30:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2016/10/16 14:50:54 | 000,000,000 | ---D | C] -- C:\FRST
[2016/10/16 14:33:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2016/10/16 14:31:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2016/10/16 14:30:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2016/10/16 14:06:59 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\Desktop\Bleeping Computer
[2016/10/16 09:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender Device Management
[2016/10/16 09:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
[2016/10/16 09:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2016/10/16 09:52:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2016/10/16 09:52:46 | 000,087,912 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2016/10/16 09:52:45 | 001,603,264 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2016/10/16 09:52:45 | 000,850,464 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2016/10/16 09:52:42 | 000,300,840 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\drivers\ignis.sys
[2016/10/16 09:52:39 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Bitdefender
[2016/10/16 09:52:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2016/10/16 09:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2016/10/16 09:51:12 | 000,182,936 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2016/10/16 09:51:11 | 000,520,032 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2016/10/16 09:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2016/10/16 09:50:50 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\QuickScan
[2016/10/16 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2016/10/16 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender Agent
[2016/10/16 09:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender Agent
[2016/10/16 09:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2016/10/16 09:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Google
[2016/10/16 09:47:01 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Deployment
[2016/10/16 09:47:01 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Apps
[2016/10/16 08:51:19 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/10/16 08:51:19 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/10/16 08:51:19 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/10/16 08:51:16 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2016/10/16 08:51:16 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Searches
[2016/10/16 08:51:16 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2016/10/16 08:51:16 | 000,000,000 | -H-D | C] -- C:\Users\Tenn-Vols_72\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/10/16 08:51:06 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/10/16 08:51:06 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/10/16 08:51:06 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/10/16 08:51:06 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/10/16 08:51:06 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/10/16 08:51:06 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/10/16 08:50:58 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Identities
[2016/10/16 08:50:53 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/10/16 08:50:53 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/10/16 08:50:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/10/16 08:50:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/10/16 08:50:44 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Contacts
[2016/10/16 08:50:42 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\VirtualStore
[2016/10/16 08:50:36 | 000,000,000 | --SD | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Videos
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Saved Games
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Pictures
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Music
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Links
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Favorites
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Downloads
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Documents
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\Desktop
[2016/10/16 08:50:36 | 000,000,000 | R--D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Temporary Internet Files
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Templates
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Start Menu
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\SendTo
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Recent
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\PrintHood
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\NetHood
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Documents\My Videos
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Documents\My Pictures
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Documents\My Music
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\My Documents
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Local Settings
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\AppData\Local\History
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Cookies
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\Application Data
[2016/10/16 08:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Application Data
[2016/10/16 08:50:36 | 000,000,000 | -H-D | C] -- C:\Users\Tenn-Vols_72\AppData
[2016/10/16 08:50:36 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Temp
[2016/10/16 08:50:36 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Local\Microsoft
[2016/10/16 08:50:36 | 000,000,000 | ---D | C] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Media Center Programs
[2016/10/16 08:50:22 | 000,000,000 | -HSD | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========
 
[2016/10/16 15:12:23 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/10/16 15:12:23 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/10/16 15:12:23 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/10/16 15:08:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/10/16 15:07:44 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2016/10/16 14:54:50 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/10/16 14:54:50 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/10/16 14:47:56 | 000,002,279 | ---- | M] () -- C:\Users\Tenn-Vols_72\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/16 14:47:56 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016/10/16 14:47:54 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/16 14:33:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016/10/16 14:09:47 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/10/16 14:09:21 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d227d86b8f1840.job
[2016/10/16 13:59:31 | 000,026,261 | ---- | M] () -- C:\ProgramData\agent.1476640763.bdinstall.bin
[2016/10/16 11:43:30 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/10/16 11:39:05 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2016/10/16 11:39:05 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2016/10/16 09:54:38 | 000,055,447 | ---- | M] () -- C:\ProgramData\dm.1476626054.bdinstall.bin
[2016/10/16 09:54:11 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2016/10/16 09:54:03 | 000,355,766 | ---- | M] () -- C:\ProgramData\cl.1476625850.bdinstall.bin
[2016/10/16 09:53:20 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2016/10/16 09:53:20 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2016/10/16 09:53:20 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2016/10/16 09:53:05 | 000,002,226 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender 2017.lnk
[2016/10/16 09:49:04 | 000,046,044 | ---- | M] () -- C:\ProgramData\agent.1476625740.bdinstall.bin
 
========== Files Created - No Company Name ==========
 
[2016/10/16 14:33:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016/10/16 14:30:33 | 3220,525,056 | -HS- | C] () -- C:\hiberfil.sys
[2016/10/16 14:09:47 | 000,002,279 | ---- | C] () -- C:\Users\Tenn-Vols_72\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/16 14:09:47 | 000,002,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/10/16 14:09:47 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/10/16 14:09:21 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d227d86b8f1840.job
[2016/10/16 13:59:31 | 000,026,261 | ---- | C] () -- C:\ProgramData\agent.1476640763.bdinstall.bin
[2016/10/16 09:54:38 | 000,055,447 | ---- | C] () -- C:\ProgramData\dm.1476626054.bdinstall.bin
[2016/10/16 09:54:11 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2016/10/16 09:54:03 | 000,355,766 | ---- | C] () -- C:\ProgramData\cl.1476625850.bdinstall.bin
[2016/10/16 09:53:20 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2016/10/16 09:53:05 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender 2017.lnk
[2016/10/16 09:52:36 | 049,758,821 | -H-- | C] () -- C:\bdr-im01.gz
[2016/10/16 09:52:36 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2016/10/16 09:52:36 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2016/10/16 09:52:36 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2016/10/16 09:49:04 | 000,046,044 | ---- | C] () -- C:\ProgramData\agent.1476625740.bdinstall.bin
[2016/10/16 09:47:17 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/16 08:50:36 | 000,000,290 | ---- | C] () -- C:\Users\Tenn-Vols_72\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2016/10/16 08:50:36 | 000,000,272 | ---- | C] () -- C:\Users\Tenn-Vols_72\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 23:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016/10/16 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\Tenn-Vols_72\AppData\Roaming\Bitdefender
[2016/10/16 09:50:50 | 000,000,000 | ---D | M] -- C:\Users\Tenn-Vols_72\AppData\Roaming\QuickScan
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 23:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 23:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 23:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010/11/20 23:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2010/11/20 23:24:00 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 23:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 12:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< End of report >
OTL Extras logfile created on: 10/16/2016 3:19:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tenn-Vols_72\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 79.43% Memory free
8.00 Gb Paging File | 7.21 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 279.18 Gb Free Space | 93.69% Space Free | Partition Type: NTFS
 
Computer Name: TENN-VOLS_72-PC | User Name: Tenn-Vols_72 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3630174162-2913175264-899062270-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCA78DD-B648-46B8-B1F9-C647FD4BF421}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{322CF8B2-616B-41AC-84C8-8FFD51C68AC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43BAB026-9985-4953-93D5-C172ABE3F6F2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E8D84A1-CDB0-4EAA-93EE-F8C289A942EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6371A840-C126-4AF1-B365-214B27E1E71B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6E1CA981-F600-4CD5-B95C-3C518FA8B1B8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EBBEFD4-AABF-4AE3-B569-D28A1E9B8BB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{82288944-48EC-4116-A3AC-DF0CA2389C5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83D21A3B-DBA7-473A-8A4C-0B3525FB4D10}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{83DDF18E-A178-41E5-A9FD-0DF93666173C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{86D9D6F6-0B97-4C4A-BC25-9EF95D16F182}" = lport=137 | protocol=17 | dir=in | app=system | 
"{951D6943-A4FD-480D-BABD-19C6D2E4E17C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A9B4275-A410-41D3-8E9D-378D9C25E404}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A72FA5DC-DC40-4B3F-9FA3-FAB8CEF318D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7B8ED9B-FA9B-4F57-A57C-3691B089DC9A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CABDAA94-4222-4320-B907-0EB074E38393}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DC252311-3DB2-4E83-8451-A3E200C2DAD1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DD9AA82A-2DDF-425D-8DBF-E0586D6F4383}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EC31A0B4-4993-4250-BA77-1ACDDC853659}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EDE76BF2-11E2-4832-9197-C87069B9E890}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EF0F4661-905D-4A2F-8886-D978CF4F2A69}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E0B6BF5-5854-432B-8738-6A260F599581}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95EB12F1-38B4-43CB-A442-17DC94D77FC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9E2B4575-FCE6-4327-8171-70FC3D1BC3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E58BCA35-207E-4BBA-AD5C-CCCADA8AFCC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E615C7B3-3F1A-4D11-BC7E-CF42C303BBB8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitdefender" = Bitdefender Total Security 2017
"Bitdefender Agent" = Bitdefender Agent
"Bitdefender Device Management" = Bitdefender Device Management
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/16/2016 1:58:00 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: The specified server cannot perform the requested operation.  .
 
Error - 10/16/2016 1:58:00 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: This operation returned because the timeout period expired.  .
 
Error - 10/16/2016 1:58:00 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: The specified server cannot perform the requested operation.  .
 
Error - 10/16/2016 1:58:02 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: This operation returned because the timeout period expired.  .
 
Error - 10/16/2016 1:58:02 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: The specified server cannot perform the requested operation.  .
 
Error - 10/16/2016 1:58:07 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: This operation returned because the timeout period expired.  .
 
Error - 10/16/2016 1:58:07 PM | Computer Name = Tenn-Vols_72-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
 with error: The specified server cannot perform the requested operation.  .
 
Error - 10/16/2016 2:06:28 PM | Computer Name = Tenn-Vols_72-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/16/2016 2:47:32 PM | Computer Name = Tenn-Vols_72-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/16/2016 3:09:38 PM | Computer Name = Tenn-Vols_72-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10/16/2016 3:09:24 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:09:24 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:09:24 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:10:22 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:10:22 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:10:22 PM | Computer Name = Tenn-Vols_72-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 10/16/2016 3:11:06 PM | Computer Name = Tenn-Vols_72-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 10/16/2016 3:11:06 PM | Computer Name = Tenn-Vols_72-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 10/16/2016 3:11:06 PM | Computer Name = Tenn-Vols_72-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.
 
Error - 10/16/2016 3:11:06 PM | Computer Name = Tenn-Vols_72-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
 
< End of report >


BC AdBot (Login to Remove)

 


#2 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 02:42 PM

I apologize in advance for the mass information, and although nasdaq, Aura, and The Codesee have been tremendous help, i feel like something is being over looked. Thanks again.



#3 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 03:20 PM

Again, i do apologize for the influx of information.  I would like to note, that TSSDKiller found nothing,

and aswMBR will not work in normal mode, (freezes) then reboots.  It will run in safe mode, and i have those logs as well, if requested.


Edited by BOV72, 16 October 2016 - 03:21 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,088 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:41 PM

Posted 16 October 2016 - 03:34 PM

Hello,

If you reformatted and reinstalled, what still makes you believe your computer is infected?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 04:16 PM

Hello Elise, I am driving at the moment, give me 15min, and I'll be home. Then I can give you my thoughts. Will that be ok?

#6 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 04:30 PM

Ok, here is what I know.  Several months ago, i performed the upgrade to windows 10.  All was well until i installed my nvidia drivers.  From that point on, my Bitdefender would not work, nor would any other security applications.  I reinstalled after formatting, and same thing happened.  Bitdefender services that i did not recognize, defender was disabled, etc. When i ran GMER, it gave a slew of rootkit/maleware, especially focusing on csrss.exe, which i was told is a false positive.  now i dont understand the ins and outs of FRST and OLT, but it appears that there are malicious files, i.e hklm...run and runonce.  I traced this back to a registry folder RADAR which I renamed. There was also something about a BVBTbin or close unstaller package in registry.  I could very well be crazy, but when i ran aswmbr in normal, it froze then rebooted. OLT ran once, but after that it changed to OLT*32 and wouldnt do anthing. I know you guys that are specialized at this think im nuts, and probably so. it just doesnt seem right.  My bitdefender really seems to be affected. I dont know if that helps. I appreciate your patience.



#7 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:08:41 AM

Posted 16 October 2016 - 04:55 PM

Sorry for the trouble guys, I'm using too many of your resources. I'm just going to drop the issue. Many thanks for the effort, you guys are he best. Thanks a lot. Really you can close this now.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,088 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:41 PM

Posted 17 October 2016 - 01:50 AM

Okay, in that case I'll close this topics. But from your description I can assure you that it is extremely unlikely your computer is infected. Your OTL log also shows nothing untoward, but OTL is a very old tool that is no longer updated to run with modern OS versions. 

 

For example, you could have a hardware conflict with some older hardware and Windows 10 that doesn't play well, or other software incompatibility issues. That doesn't mean your computer is infected. The symptoms you describe are not malware related.

 

I will now close this topic as requested.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users