TechSpot

IE/browser links result in 'random' redirects

By DGARR1
Apr 3, 2012
  1. While using IE or any browser, links are sometimes redireted to search sites or advertising. I have performed the setpe in you guide and am posting the requested logs. -Thank you in advance for your assistance.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    dean.garrison :: DEAN7 [administrator]

    4/3/2012 1:38:31 PM
    mbam-log-2012-04-03 (13-38-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 288205
    Time elapsed: 11 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lpc (Trojan.Ambler) -> Data: rundll32.exe "C:\Users\dean.garrison\AppData\Roaming\Remote\rp.dll", RegisterDll -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    gmer log was blank

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_22
    Run by dean.garrison at 14:14:18 on 2012-04-03
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8080.5669 [GMT -7:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\UnsignedThemesSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\CitiXsys\License Manager\License Server\lmgrd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files (x86)\CitiXsys\License Manager\License Server\lmgrd.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files (x86)\CitiXsys\License Manager\License Server\citixsys.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe
    C:\Program Files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy.exe
    C:\Program Files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy_Monitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\SAP\SAP Business One integration\EventSender\SAPB1iEventSender.exe
    C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\NEWTScannerSvc.exe
    C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\tomcat\bin\tomcat6.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\Xobni\XobniService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
    C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
    C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\system32\conhost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://zedworld.zeditsolutions.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun: [NPSStartup]
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAPBUS~1.LNK - C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
    mPolicies-system: DefaultLogonDomain = zedIT
    mPolicies-system: DisableStartupSound = 1 (0x1)
    dPolicies-explorer: NoPublishingWizard = 1 (0x1)
    dPolicies-explorer: NoSMMyPictures = 1 (0x1)
    dPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
    dPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\npjpi150_22.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
    TCP: DhcpNameServer = 192.168.113.22 209.218.76.2
    TCP: Interfaces\{060FA07C-7F6D-4D1A-82DF-1E8550FCD2D8} : DhcpNameServer = 192.168.113.22 209.218.76.2
    TCP: Interfaces\{F3E77310-8178-4A76-83D6-A758E6E77882}\1454456453 : DhcpNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{F3E77310-8178-4A76-83D6-A758E6E77882}\16474777966696 : DhcpNameServer = 192.168.5.1
    TCP: Interfaces\{F3E77310-8178-4A76-83D6-A758E6E77882}\24F42544542535 : DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{F3E77310-8178-4A76-83D6-A758E6E77882}\472796E61677C616E6 : DhcpNameServer = 10.0.0.4 10.0.0.220
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun-x64: [NPSStartup]
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 www.statcounter.com.
    Hosts: 67.215.245.19 www.google-analytics.com.
    Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 B1LicenseService;SAP Business One License Manager;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe [2012-2-16 3887104]
    R2 CitiXsys License Server;CitiXsys License Server;C:\Program Files (x86)\CITIXSYS\License Manager\License Server\lmgrd.exe [2010-12-2 1377104]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]
    R2 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe [2011-3-18 36864]
    R2 SAPB1iDIProxy;SAP Business One DI Proxy Service;C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe [2011-5-20 249856]
    R2 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe [2011-5-20 249856]
    R2 SAPB1iEventSender;SAP Business One EventSender Service;C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe [2011-9-14 249856]
    R2 SBODI_Server;SAP Business One DI Server;C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe [2012-2-16 729088]
    R2 SvcNEWTScanner;NEWTScanner Service;C:\Windows\SysWOW64\NEWTScannerSvc.exe [2012-3-14 78576]
    R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-5-13 2440632]
    R2 TAO_NT_Naming_Service;TAO NT Naming Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe [2012-2-16 1388544]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-3 2358656]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
    R2 Tomcat6;SAP Business One Integration Service;C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\tomcat\bin\tomcat6.exe [2012-2-20 78336]
    R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
    R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-5-18 62184]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-6 138360]
    R3 MonitorFunction;Driver for Monitor;C:\Windows\system32\DRIVERS\TVMonitor.sys --> C:\Windows\system32\DRIVERS\TVMonitor.sys [?]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
    R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
    S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-9 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-9 136176]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 SBOBackUp;SAP Business One BackUp Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-2-16 241664]
    S3 ssecbus;Samsung Mobile Modem Device driver (WDM);C:\Windows\system32\DRIVERS\ssecbus.sys --> C:\Windows\system32\DRIVERS\ssecbus.sys [?]
    S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;C:\Windows\system32\DRIVERS\ssecmdfl.sys --> C:\Windows\system32\DRIVERS\ssecmdfl.sys [?]
    S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;C:\Windows\system32\DRIVERS\ssecmdm.sys --> C:\Windows\system32\DRIVERS\ssecmdm.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-1-21 16448]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 17:02:10 31744 ----a-w- C:\Windows\System32\drivers\lgandadb.sys
    2012-04-03 17:02:10 1919968 ----a-w- C:\Windows\System32\wdfcoinstaller01005.dll
    2012-04-03 17:02:09 33792 ----a-w- C:\Windows\System32\drivers\lgandmodem64.sys
    2012-04-03 17:02:09 27648 ----a-w- C:\Windows\System32\drivers\lganddiag64.sys
    2012-04-03 17:02:09 27136 ----a-w- C:\Windows\System32\drivers\lgandgps64.sys
    2012-04-03 17:02:09 19456 ----a-w- C:\Windows\System32\drivers\lgandbus64.sys
    2012-04-03 17:02:08 -------- d-----w- C:\Program Files (x86)\LG Electronics
    2012-04-03 16:57:58 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
    2012-04-03 16:57:58 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
    2012-04-03 16:45:38 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
    2012-04-03 16:45:38 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
    2012-04-03 16:45:38 224768 ----a-w- C:\Windows\SysWow64\msvcm90.dll
    2012-04-03 16:45:33 53248 ----a-w- C:\Windows\SysWow64\CommonDL.dll
    2012-04-03 16:45:33 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2012-04-03 16:45:28 -------- d-----w- C:\ProgramData\LGMOBILEAX
    2012-04-02 16:07:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-03-28 17:30:23 -------- d-----w- C:\B1 Upgrade temp
    2012-03-15 02:14:42 1680168 ----a-w- C:\Windows\SysWow64\NEWT.dll
    2012-03-15 02:14:21 235304 ----a-w- C:\Windows\SysWow64\NEWTScan.exe
    2012-03-15 02:14:18 82672 ----a-w- C:\Windows\SysWow64\NEWTScannerCOM.exe
    2012-03-15 02:14:15 78576 ----a-w- C:\Windows\SysWow64\NEWTScannerSvc.exe
    2012-03-14 10:03:52 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 10:03:51 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 10:03:51 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-13 23:02:08 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 23:02:05 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 23:02:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 17:53:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 17:53:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-13 17:53:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 17:53:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 17:53:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 17:53:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 17:53:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    .
    ==================== Find3M ====================
    .
    2012-04-02 16:07:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-21 20:02:30 60304 ----a-w- C:\Users\dean.garrison\g2mdlhlpx.exe
    2012-02-20 23:28:53 86016 ----a-w- C:\Windows\SysWow64\B1iTranslatorNative.dll
    2012-02-20 23:28:52 61440 ----a-w- C:\Windows\System32\B1iUtilitiesNative64.dll
    2012-02-20 23:28:51 69632 ----a-w- C:\Windows\SysWow64\B1iUtilitiesNative.dll
    2012-02-16 19:18:06 101888 ----a-r- C:\Windows\SysWow64\VB6STKIT.DLL
    2012-01-06 01:37:33 56842752 ----a-w- C:\Windows\System32\imageres.dll
    .
    ============= FINISH: 14:15:24.56 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/30/2010 5:04:59 PM
    System Uptime: 4/3/2012 1:55:56 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0J799R
    Processor: Intel(R) Core(TM)2 Duo CPU P9600 @ 2.53GHz | Microprocessor | 2535/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 21.095 GiB free.
    D: is CDROM (CDFS)
    F: is FIXED (NTFS) - 1863 GiB total, 1584.772 GiB free.
    M: is NetworkDisk (NTFS) - 49 GiB total, 29.68 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SonicWALL IPsec Driver
    Device ID: ROOT\LEGACY_SWIPSEC\0000
    Manufacturer:
    Name: SonicWALL IPsec Driver
    PNP Device ID: ROOT\LEGACY_SWIPSEC\0000
    Service: SWIPsec
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter
    .
    Class GUID: {3f966bd9-fa04-4ec5-991c-d326973b5128}
    Description: Android Composite ADB Interface
    Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_024D1028&REV_07\3&18D45AA6&0&18
    Manufacturer: Google, Inc.
    Name: Android Composite ADB Interface
    PNP Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_024D1028&REV_07\3&18D45AA6&0&18
    Service: WinUSB
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter
    .
    Class GUID:
    Description: PCI Serial Port
    Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_024D1028&REV_07\3&18D45AA6&0&1B
    Manufacturer:
    Name: PCI Serial Port
    PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_024D1028&REV_07\3&18D45AA6&0&1B
    Service:
    .
    Class GUID:
    Description: Broadcom USH w/swipe sensor
    Device ID: USB\VID_0A5C&PID_5801&MI_00\6&1EB0F4E8&0&0000
    Manufacturer:
    Name: Broadcom USH w/swipe sensor
    PNP Device ID: USB\VID_0A5C&PID_5801&MI_00\6&1EB0F4E8&0&0000
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SonicWALL Virtual NIC
    Device ID: ROOT\SWVNIC\0000
    Manufacturer: SonicWALL
    Name: SonicWALL Virtual NIC
    PNP Device ID: ROOT\SWVNIC\0000
    Service: SWVNIC
    .
    ==== System Restore Points ===================
    .
    RP249: 3/6/2012 4:51:08 PM - Windows Update
    RP250: 3/14/2012 3:00:13 AM - Windows Update
    RP251: 3/21/2012 5:45:35 PM - Scheduled Checkpoint
    RP252: 4/3/2012 10:01:41 AM - Installed LG United Mobile Driver
    RP253: 4/3/2012 10:59:36 AM - Device Driver Package Install: Google, Inc. Android Phone
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 www.statcounter.com.
    Hosts: 67.215.245.19 www.google-analytics.com.
    Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    Hosts: 67.215.245.19 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Digital Editions
    Adobe Reader X (10.1.0)
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Android SDK Tools
    Apparel One + 2.0.0.10
    Apparel One EDI 850 Importing Tool
    Apple Application Support
    Apple Software Update
    ASAP Utilities
    CCC
    CitiXsys License Server
    Citrix XenApp Web Plugin
    Combined Community Codec Pack 2011-06-26
    Cool Timer 3.7
    coresuite mobile
    Crystal Reports Basic Runtime for Visual Studio 2008
    Crystal Reports for SAP Business One
    Dell Laser MFP 1815 - TWAIN/WIA
    Feedback Tool
    FileZilla Client 3.5.3
    FOSS
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Earth
    Google Update Helper
    GoToMeeting 5.1.0.880
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    ICCHelp
    IconPackager
    J2SE Development Kit 5.0 Update 22
    J2SE Runtime Environment 5.0 Update 22
    Jing
    LG United Mobile Driver
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Books Online
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft_VC90_CRT_x86
    MSIChecker
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NA1Messenger
    Network Scan
    PDFCreator
    PolicyManager
    QuickTime
    Rainmeter
    Reconciler
    Remote Support Platform for SAP Business One
    Samsung New PC Studio
    SAP Business One - Microsoft Outlook Integration Server Installer
    SAP Business One 8.8 SP1 - BTHF
    SAP Business One 8.8 SP1 - DATEV-FI Interface
    SAP Business One 8.8 SP1 - Electronic File Manager Format Definition
    SAP Business One Client
    SAP Business One Crystal Report Integration Package
    SAP Business One Data Transfer Workbench
    SAP Business One DI API
    SAP Business One integration DIProxy
    SAP Business One integration EventSender
    SAP Business One integration Server
    SAP Business One Screen Painter
    SAP Business One Server
    SAP Business One Server Tools
    SAP Business One Software Development Kit
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Seesmic Desktop 2
    Service Pack 2 for SQL Server 2008 (KB2285068)
    ShoreTel Communicator
    Skype Click to Call
    Skype™ 5.8
    Snagit 10
    SupportUtility
    TeamViewer 6
    TeamViewer 7
    UnifiedPrinting
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vision33 1D2V CRM Dashboard + 1.8.8.1
    Vision33 1D2V CSR Edition + 2.8.8.5
    Vision33 1D2V Finance Charges + 1.8.8.2
    Vision33 1D2V Shipping + 1.8.8.3
    Visual Studio Tools for the Office system 3.0 Runtime
    VMware Player
    Windows 7 USB/DVD Download Tool
    Xobni
    Xobni Core
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/3/2012 2:11:19 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ZEDIT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    4/3/2012 10:40:37 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    4/3/2012 10:39:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/3/2012 10:30:27 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    4/3/2012 1:58:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SWIPsec
    4/3/2012 1:56:45 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
    4/2/2012 9:59:12 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    4/2/2012 7:50:20 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    4/2/2012 7:50:18 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    4/2/2012 10:01:37 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    3/30/2012 9:04:03 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
    3/30/2012 9:03:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    3/29/2012 2:56:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    3/29/2012 2:56:45 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2012 2:55:56 PM, Error: Service Control Manager [7022] - The SAP Business One RSP Agent Service service hung on starting.
    3/28/2012 3:06:27 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service terminated unexpectedly. It has done this 2 time(s).
    3/28/2012 10:05:44 AM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 09:55:54
    -----------------------------
    09:55:54.147 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:55:54.147 Number of processors: 2 586 0x170A
    09:55:54.148 ComputerName: DEAN7 UserName:
    09:55:54.930 Initialize success
    09:56:01.291 AVAST engine defs: 12040301
    09:56:17.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:56:17.546 Disk 0 Vendor: ST925041 0004 Size: 238475MB BusType: 8
    09:56:17.580 Disk 0 MBR read successfully
    09:56:17.587 Disk 0 MBR scan
    09:56:17.600 Disk 0 Windows 7 default MBR code
    09:56:17.612 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    09:56:17.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    09:56:17.674 Disk 0 scanning C:\Windows\system32\drivers
    09:56:34.563 Service scanning
    09:57:11.570 Modules scanning
    09:57:11.595 Disk 0 trace - called modules:
    09:57:11.628 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
    09:57:11.631 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800766a060]
    09:57:11.970 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800703b050]
    09:57:13.873 AVAST engine scan C:\Windows
    09:57:17.107 AVAST engine scan C:\Windows\system32
    10:03:58.697 AVAST engine scan C:\Windows\system32\drivers
    10:04:18.760 AVAST engine scan C:\Users\dean.garrison
    10:16:40.866 AVAST engine scan C:\ProgramData
    10:17:47.361 Scan finished successfully
    10:18:54.276 Disk 0 MBR has been saved successfully to "C:\Users\dean.garrison\Desktop\MBR.dat"
    10:18:54.282 The log file has been saved successfully to "C:\Users\dean.garrison\Desktop\aswMBR.txt"






    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    ComboFix 12-04-04.02 - dean.garrison 04/04/2012 19:13:04.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8080.4193 [GMT -7:00]
    Running from: c:\users\dean.garrison\Desktop\FIX\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\users\dean.garrison\AppData\Local\assembly\tmp
    c:\users\dean.garrison\AppData\Roaming\Remote
    c:\users\dean.garrison\AppData\Roaming\Remote\ddee.dat
    c:\users\dean.garrison\AppData\Roaming\Remote\mnj.dat
    c:\users\dean.garrison\AppData\Roaming\Remote\mxd1.txt
    c:\users\dean.garrison\AppData\Roaming\Remote\nvt.dat
    c:\users\dean.garrison\AppData\Roaming\Remote\ogb
    c:\users\dean.garrison\AppData\Roaming\Remote\ppkk.dat
    c:\users\dean.garrison\AppData\Roaming\Remote\rp_shrd
    c:\users\dean.garrison\g2mdlhlpx.exe
    c:\users\dean.garrisonold\AppData\Local\assembly\tmp
    c:\windows\SysWow64\ccrpTmr6.dll
    c:\windows\TEMP\SM_OBS_DLL\881321\ObserverDLL_881321.dll
    c:\windows\TEMP\SM_OBS_DLL\881321\Xalan-C_1_7_0.dll
    c:\windows\TEMP\SM_OBS_DLL\881321\XalanMessages_1_7_0.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\vision33\AppData\Local\temp
    2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-04-05 02:29 . 2012-04-05 02:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-04-03 17:02 . 2010-08-02 23:19 31744 ----a-w- c:\windows\system32\drivers\lgandadb.sys
    2012-04-03 17:02 . 2010-08-02 14:38 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
    2012-04-03 17:02 . 2010-08-02 23:19 33792 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
    2012-04-03 17:02 . 2010-08-02 23:19 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
    2012-04-03 17:02 . 2010-08-02 23:19 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
    2012-04-03 17:02 . 2010-08-02 23:19 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
    2012-04-03 17:02 . 2012-04-03 17:02 -------- d-----w- c:\program files (x86)\LG Electronics
    2012-04-03 16:57 . 2011-10-29 17:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-04-03 16:57 . 2011-10-29 17:43 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-04-03 16:45 . 2011-05-10 20:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
    2012-04-03 16:45 . 2011-05-10 20:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
    2012-04-03 16:45 . 2011-05-10 20:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
    2012-04-03 16:45 . 2006-05-04 15:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
    2012-04-03 16:45 . 2005-10-04 08:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2012-04-03 16:45 . 2012-04-03 16:45 -------- d-----w- c:\programdata\LGMOBILEAX
    2012-04-02 16:07 . 2012-04-02 16:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-03-28 17:30 . 2012-03-28 17:30 -------- d-----w- C:\B1 Upgrade temp
    2012-03-15 02:14 . 2012-03-15 02:14 1680168 ----a-w- c:\windows\SysWow64\NEWT.dll
    2012-03-15 02:14 . 2012-03-15 02:14 235304 ----a-w- c:\windows\SysWow64\NEWTScan.exe
    2012-03-15 02:14 . 2012-03-15 02:14 82672 ----a-w- c:\windows\SysWow64\NEWTScannerCOM.exe
    2012-03-15 02:14 . 2012-03-15 02:14 78576 ----a-w- c:\windows\SysWow64\NEWTScannerSvc.exe
    2012-03-14 10:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 10:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 10:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-13 23:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 23:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 23:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 17:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 17:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 17:53 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 17:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 17:53 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 17:53 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 17:53 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-02 16:07 . 2011-07-06 20:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-20 23:28 . 2012-02-20 23:38 86016 ----a-w- c:\windows\SysWow64\B1iTranslatorNative.dll
    2012-02-20 23:28 . 2011-09-14 18:26 61440 ----a-w- c:\windows\system32\B1iUtilitiesNative64.dll
    2012-02-20 23:28 . 2012-02-20 23:38 69632 ----a-w- c:\windows\SysWow64\B1iUtilitiesNative.dll
    2012-02-16 19:18 . 2012-02-16 19:18 101888 ----a-r- c:\windows\SysWow64\VB6STKIT.DLL
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [-] 2011-02-25 . A3744361E5999CBF6DF3DE6AEB2DF63B . 2388992 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" [2012-02-09 39816]
    "ShoreTel Personal Call Manager"="c:\program files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" [2011-03-04 2314240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
    "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-8 1133856]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    SAP Business One Service manager.lnk - c:\program files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe [2012-2-16 331776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    "dontdisplaylockeduserid"= 1 (0x1)
    "DefaultLogonDomain"= zedIT
    "DisableStartupSound"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoPublishingWizard"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "NoStartMenuMyMusic"= 1 (0x1)
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2989241390-3633008982-1486598642-2320\Scripts\Logon\0\0]
    "Script"=\\zedITSolutions.local\SysVol\zedITSolutions.local\scripts\administrator.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [x]
    R2 B1LicenseService;SAP Business One License Manager;c:\program files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe [2012-02-16 3887104]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
    R2 TAO_NT_Naming_Service;TAO NT Naming Service;c:\program files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe [2012-02-16 1388544]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 136176]
    R3 PORTMON;PORTMON;c:\users\DEAN~1.GAR\AppData\Local\Temp\Rar$EX00.804\PORTMSYS.SYS [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 SBOBackUp;SAP Business One BackUp Service;c:\program files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-02-16 241664]
    R3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\DRIVERS\ssecbus.sys [x]
    R3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\DRIVERS\ssecmdfl.sys [x]
    R3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\DRIVERS\ssecmdm.sys [x]
    R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 CitiXsys License Server;CitiXsys License Server;c:\program files (x86)\CitiXsys\License Manager\License Server\lmgrd.exe [2010-12-02 1377104]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]
    S2 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;c:\program files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe [2011-03-18 36864]
    S2 SAPB1iDIProxy;SAP Business One DI Proxy Service;c:\program files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy.exe [2012-02-16 249856]
    S2 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;c:\program files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy_Monitor.exe [2012-02-16 249856]
    S2 SAPB1iEventSender;SAP Business One EventSender Service;c:\program files (x86)\SAP\SAP Business One integration\EventSender\SAPB1iEventSender.exe [2012-02-16 249856]
    S2 SBODI_Server;SAP Business One DI Server;c:\program files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe [2012-02-16 729088]
    S2 SvcNEWTScanner;NEWTScanner Service;c:\windows\SysWOW64\NEWTScannerSvc.exe [2012-03-15 78576]
    S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S2 Tomcat6;SAP Business One Integration Service;c:\program files (x86)\SAP\SAP Business One Integration\B1iServer\tomcat\bin\tomcat6.exe [2012-02-16 78336]
    S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
    S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 138360]
    S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
    S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:07]
    .
    2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 18:57]
    .
    2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 18:57]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-29 159232]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-29 380928]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-29 358912]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://zedworld.zeditsolutions.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-NPSStartup - (no file)
    SafeBoot-Symantec Antvirus
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    AddRemove-1971452448.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\program files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-04 20:00:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-05 03:00
    .
    Pre-Run: 21,934,280,704 bytes free
    Post-Run: 25,636,700,160 bytes free
    .
    - - End Of File - - 9A2D2784B14790FD1547457399E25B63
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    explorer.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    Well it seems to be doing fine, no redirects today :)


    OTL logfile created on: 4/4/2012 10:06:21 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\dean.garrison\Desktop\FIX
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.89 Gb Total Physical Memory | 4.92 Gb Available Physical Memory | 62.40% Memory free
    15.78 Gb Paging File | 12.85 Gb Available in Paging File | 81.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.79 Gb Total Space | 23.95 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
    Drive D: | 4.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DEAN7 | User Name: dean.garrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/04 22:00:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\FIX\OTL.exe
    PRC - [2012/03/14 19:14:18 | 000,078,576 | ---- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWOW64\NEWTScannerSvc.exe
    PRC - [2012/02/23 03:40:40 | 007,983,488 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/02/23 03:24:58 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2012/02/16 16:13:58 | 000,729,088 | ---- | M] (SAP Ltd.) -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
    PRC - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe
    PRC - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe
    PRC - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe
    PRC - [2011/11/03 11:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/18 10:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
    PRC - [2011/03/04 16:39:00 | 002,314,240 | ---- | M] (ShoreTel Inc.) -- C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    PRC - [2011/03/04 15:45:58 | 001,007,616 | ---- | M] (ShoreTel, Inc.) -- C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
    PRC - [2010/12/02 11:30:14 | 001,377,104 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\CITIXSYS\License Manager\License Server\lmgrd.exe
    PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2010/11/11 14:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
    PRC - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/05/13 00:14:50 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2009/05/13 00:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/03/17 02:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2009/03/17 02:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/16 10:35:20 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\8dd2064588d0788b8499aea2b7ec28f9\AxInterop.SHDocVw.ni.dll
    MOD - [2012/02/16 10:35:18 | 000,783,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\STVideo\e0b28233e661930b8cef33cc55202a75\STVideo.ni.dll
    MOD - [2012/02/16 10:35:17 | 001,990,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMLib\bc7f9f49a9637b0aaf376d71bf5924e3\PCMLib.ni.dll
    MOD - [2012/02/16 10:35:16 | 000,840,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMControls\32067fdfc5c2d513f3df48771a7df987\PCMControls.ni.dll
    MOD - [2012/02/16 10:35:16 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMIMLib\e43381392c1f394874cd4ec995393d92\PCMIMLib.ni.dll
    MOD - [2012/02/16 10:35:14 | 001,314,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMUtils\37423c9bdc7a9b0798564f8e0ef8cc8c\PCMUtils.ni.dll
    MOD - [2012/02/16 10:35:13 | 000,274,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMBasics\c694625476af41f6df22b6bb2bfa1535\PCMBasics.ni.dll
    MOD - [2012/02/16 10:35:13 | 000,230,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMTrace\53cf60b5eb2f9c46d1dc9524ed572b8f\PCMTrace.ni.dll
    MOD - [2012/02/16 10:35:10 | 004,683,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraGrid#\2493fef1617f098773c200e121e573e8\DevExpress.XtraGrid.v9.1.ni.dll
    MOD - [2012/02/16 10:35:07 | 004,793,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraEdit#\2b40576393cb76987fae5aa620378a74\DevExpress.XtraEditors.v9.1.ni.dll
    MOD - [2012/02/16 10:35:04 | 005,160,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraBars#\a332b03adcb5ff553af2b3685b7697de\DevExpress.XtraBars.v9.1.ni.dll
    MOD - [2012/02/16 10:35:01 | 003,016,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Data.v9.1\ef964aa66f95ea32a484afa2536f185a\DevExpress.Data.v9.1.ni.dll
    MOD - [2012/02/16 10:35:01 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\STUIControls\8a8caab601af84040364b4b0465b24c2\STUIControls.ni.dll
    MOD - [2012/02/16 10:34:57 | 006,804,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils.v9#\3a7bb971668e88ff5ff2b4f00f7314a9\DevExpress.Utils.v9.1.ni.dll
    MOD - [2012/02/16 10:34:54 | 005,954,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ShoreTel\c62f0a41a981037e6757a4be24a63dd2\ShoreTel.ni.exe
    MOD - [2012/02/16 01:50:06 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
    MOD - [2012/02/16 01:49:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 01:49:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012/02/16 01:48:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/02/16 01:48:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012/02/16 01:48:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2011/10/13 03:51:11 | 001,280,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMSkin\1b9631d2a71f0aaa8a7a7ccb03b8c3dd\PCMSkin.ni.dll
    MOD - [2011/10/13 03:51:11 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EAEXCTRLLib\b842bc93c8aa3415ab53c8eaaabafcb5\EAEXCTRLLib.ni.dll
    MOD - [2011/10/13 03:51:10 | 000,508,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Office\8ea52635bca9d441b30f2f6ecbdacf67\Office.ni.dll
    MOD - [2011/10/13 03:51:09 | 001,019,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Outlook\c2b0d946d5b18055b3c513ccdff716c1\Outlook.ni.dll
    MOD - [2011/10/13 03:36:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2010/11/11 14:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
    MOD - [2010/11/11 14:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2010/10/08 22:24:28 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/05 23:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
    SRV - [2012/04/02 09:07:41 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/14 19:14:18 | 000,078,576 | ---- | M] (Komodo Laboratories LLC) [Auto | Running] -- C:\Windows\SysWOW64\NEWTScannerSvc.exe -- (SvcNEWTScanner)
    SRV - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/02/16 16:35:26 | 003,887,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe -- (B1LicenseService)
    SRV - [2012/02/16 16:13:58 | 000,729,088 | ---- | M] (SAP Ltd.) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe -- (SBODI_Server)
    SRV - [2012/02/16 16:13:02 | 000,241,664 | ---- | M] (SAP Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe -- (SBOBackUp)
    SRV - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One integration\EventSender\SAPB1iEventSender.exe -- (SAPB1iEventSender)
    SRV - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy_Monitor.exe -- (SAPB1iDIProxy_Monitor)
    SRV - [2012/02/16 12:51:32 | 000,249,856 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One integration\DIProxy\SAPB1iDIProxy.exe -- (SAPB1iDIProxy)
    SRV - [2012/02/16 12:18:26 | 001,388,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe -- (TAO_NT_Naming_Service)
    SRV - [2012/02/16 11:50:36 | 000,078,336 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\tomcat\bin\tomcat6.exe -- (Tomcat6)
    SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/11/03 11:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/18 10:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
    SRV - [2011/03/18 03:16:50 | 000,036,864 | ---- | M] (SAP) [Auto | Running] -- C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe -- (SAP Business One RSP Agent Service)
    SRV - [2011/01/07 10:52:15 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/12/02 11:30:14 | 001,377,104 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\CITIXSYS\License Manager\License Server\lmgrd.exe -- (CitiXsys License Server)
    SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/13 00:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/05/12 22:56:52 | 003,098,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2009/03/20 20:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/03/17 02:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2009/03/17 02:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2009/02/01 23:43:28 | 000,387,400 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/06/17 21:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/25 00:13:51 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2011/02/25 00:13:51 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/02/25 00:13:51 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/02/25 00:13:51 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/02/25 00:13:51 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/01/12 02:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
    DRV:64bit: - [2010/12/31 13:31:47 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
    DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2010/08/02 16:19:30 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
    DRV:64bit: - [2010/08/02 16:19:28 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
    DRV:64bit: - [2010/08/02 16:19:24 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
    DRV:64bit: - [2010/08/02 16:19:24 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
    DRV:64bit: - [2010/08/02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
    DRV:64bit: - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
    DRV:64bit: - [2010/04/26 19:25:20 | 000,152,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecmdm.sys -- (ssecmdm)
    DRV:64bit: - [2010/04/26 19:25:20 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecbus.sys -- (ssecbus) Samsung Mobile Modem Device driver (WDM)
    DRV:64bit: - [2010/04/26 19:25:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssecmdfl.sys -- (ssecmdfl)
    DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/07/28 23:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
    DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/05 23:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
    DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
    DRV:64bit: - [2009/03/04 15:07:56 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2009/03/04 15:07:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2009/03/04 15:07:54 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/06/03 17:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV:64bit: - [2008/05/13 01:01:00 | 000,315,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2006/11/17 18:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV - [2012/02/06 02:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/02/06 02:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/08/03 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120404.019\EX64.SYS -- (NAVEX15)
    DRV - [2011/08/03 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120404.019\ENG64.SYS -- (NAVENG)
    DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/03/04 15:07:56 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2009/03/04 15:07:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/03/04 15:07:54 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-560558415-991290029-2561262081-1213\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://zedworld.zeditsolutions.com/
    IE - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..\SearchScopes,DefaultScope = {05F4D61F-8A2A-4A5F-BD55-20DB24B93154}
    IE - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..\SearchScopes\{05F4D61F-8A2A-4A5F-BD55-20DB24B93154}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-560558415-991290029-2561262081-1213\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012/04/04 19:35:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-560558415-991290029-2561262081-1213..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKU\S-1-5-21-560558415-991290029-2561262081-1213..\Run: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = zedIT
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
    O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
    O15 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zedIT.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{060FA07C-7F6D-4D1A-82DF-1E8550FCD2D8}: DhcpNameServer = 192.168.113.22 209.218.76.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3E77310-8178-4A76-83D6-A758E6E77882}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/31 02:21:46 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/04 19:36:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/04 19:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/04 19:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/04 19:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/04 19:10:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/04 19:10:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/03 10:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
    [2012/04/03 09:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
    [2012/04/03 09:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
    [2012/03/28 10:30:23 | 000,000,000 | ---D | C] -- C:\B1 Upgrade temp
    [2012/03/14 19:14:42 | 001,680,168 | ---- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWT.dll
    [2012/03/14 19:14:21 | 000,235,304 | ---- | C] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
    [2012/03/14 19:14:18 | 000,082,672 | ---- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
    [2012/03/14 19:14:15 | 000,078,576 | ---- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/04/04 22:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/04 21:39:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/04 19:43:15 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/04 19:43:15 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/04 19:38:23 | 000,999,984 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/04 19:38:23 | 000,814,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/04 19:38:23 | 000,182,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/04 19:35:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/04 19:35:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/04 19:33:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dev_hwid
    [2012/04/04 19:32:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/04 19:31:41 | 2059,325,439 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/03 12:36:08 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2012/04/03 11:00:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2012/04/03 10:03:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
    [2012/03/14 19:14:51 | 001,680,168 | ---- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWT.dll
    [2012/03/14 19:14:25 | 000,235,304 | ---- | M] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
    [2012/03/14 19:14:20 | 000,082,672 | ---- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
    [2012/03/14 19:14:18 | 000,078,576 | ---- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe
    [2012/03/14 17:58:02 | 000,000,682 | RHS- | M] () -- C:\Users\dean.garrison\ntuser.pol
    [2012/03/14 03:22:48 | 000,322,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/08 13:23:33 | 000,000,518 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Documents\ChatLog KingNutronics _ License Issue _ Leslie 2012_03_08 12_23.rtf
     
  8. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    ========== Files Created - No Company Name ==========

    [2012/04/04 19:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/04 19:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/04 19:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/04 19:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/04 19:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/03 11:00:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2012/04/03 10:03:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
    [2012/04/03 09:45:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2012/04/03 09:45:33 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2012/04/02 09:07:43 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/03/08 13:23:33 | 000,000,518 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Documents\ChatLog KingNutronics _ License Issue _ Leslie 2012_03_08 12_23.rtf
    [2011/07/05 14:45:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/02/25 10:34:16 | 000,000,220 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
    [2011/02/25 10:28:05 | 000,001,097 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/01/25 11:21:10 | 000,091,016 | ---- | C] () -- C:\Windows\wiainst.exe
    [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2011/01/06 10:56:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/12/31 12:29:44 | 000,994,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/31 11:53:40 | 000,007,592 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/09 15:51:08 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GetHostIP.exe
    [2010/12/09 11:58:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nssckbi.dll

    ========== LOP Check ==========

    [2012/01/03 17:36:35 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/12/31 14:07:58 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2012/04/04 20:01:06 | 000,024,356 | ---- | M] () -- C:\ComboFix.txt
    [2011/12/28 13:25:31 | 000,061,028 | ---- | M] () -- C:\helpabout.jpg
    [2012/04/04 19:31:41 | 2059,325,439 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/28 13:58:55 | 000,123,350 | ---- | M] () -- C:\licensecount.jpg
    [2012/04/04 19:32:10 | 4177,424,383 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2010/12/09 11:58:18 | 000,204,800 | ---- | M] () -- C:\Windows\system32\cert7.db
    [2010/12/09 11:58:18 | 000,016,384 | ---- | M] () -- C:\Windows\system32\KEY3.DB
    [2010/12/09 11:58:20 | 000,016,384 | ---- | M] () -- C:\Windows\system32\SECMOD.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/13 09:04:11 | 000,000,221 | -HS- | M] () -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/04 22:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/04 19:35:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/04 21:39:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/04 19:32:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/01/03 17:36:35 | 000,032,552 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2011/08/01 08:00:43 | 001,062,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\dean.garrison\gotomypc_540.exe

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/04/04 14:10:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/04/04 14:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/04/04 14:04:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/04/04 14:04:33 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 01:48:13 | 000,000,436 | -HS- | M] () -- C:\Users\dean.garrison\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/01/03 17:15:10 | 000,007,592 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2011/02/24 23:19:30 | 002,388,992 | ---- | M] (Microsoft Corporation) MD5=A3744361E5999CBF6DF3DE6AEB2DF63B -- C:\Windows\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < >

    < End of report >
     
  9. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    OTL Extras logfile created on: 4/4/2012 10:06:21 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\dean.garrison\Desktop\FIX
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.89 Gb Total Physical Memory | 4.92 Gb Available Physical Memory | 62.40% Memory free
    15.78 Gb Paging File | 12.85 Gb Available in Paging File | 81.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.79 Gb Total Space | 23.95 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
    Drive D: | 4.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DEAN7 | User Name: dean.garrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{20825685-AD9F-4966-89EE-566088853585}" = SciTE Text Editor
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
    "{64A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 SP1 Analysis Services
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 SP1 Integration Services
    "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 SP1 Integration Services
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 SP1 Analysis Services
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports for SAP Business One
    "{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP1 - DATEV-FI Interface
    "{0F7AD57E-2EB1-4BF1-A3F4-AD900BCE7B41}" = SAP Business One integration DIProxy
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{1525BCD6-E7E7-4F2F-BCF6-5692443898C7}" = ShoreTel Communicator
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
    "{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{42B7236B-3991-4FA9-8FC1-BEF957DD0EFB}" = SAP Business One Server Tools
    "{4804B98A-77A1-493D-869E-3844A2A362D5}" = Dell Laser MFP 1815 - TWAIN/WIA
    "{495DFE8B-8474-4437-9B5C-FA02C4732E29}" = SAP Business One integration EventSender
    "{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
    "{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
    "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
    "{5FA09853-42E3-45A2-B308-EA73F89D1F52}" = SAP Business One 8.8 SP1 - BTHF
    "{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
    "{6FA3A5F0-5E8D-4257-BAF2-1501F3D76DC7}" = SAP Business One Crystal Report Integration Package
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
    "{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{886006FA-156B-4BE3-A8F4-FCDD52E5EA76}" = Apparel One EDI 850 Importing Tool
    "{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
    "{9BE891B7-46F4-4667-A052-2ACCABAB09BE}" = CitiXsys License Server
    "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
    "{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
    "{A5E73A49-3857-4FDD-898C-C7D3EFE8AEF8}" = SAP Business One Software Development Kit
    "{A69CAB19-7D25-4A2F-98FA-11A89B400675}" = SAP Business One integration Server
    "{A772A7BF-8385-445C-AFC4-AC57825B666C}" = Network Scan
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B12A19F7-0EAC-49F7-B39A-E3E130D6D783}" = SAP Business One Data Transfer Workbench
    "{B5ED17CC-F74C-4F08-AC19-F84C50B9B32D}" = SAP Business One Screen Painter
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
    "{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
    "{DBA7F247-6E30-4737-9AE1-55F1C06A8ED6}" = SAP Business One 8.8 SP1 - Electronic File Manager Format Definition
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
    "{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Android SDK Tools" = Android SDK Tools
    "Apparel One_is1" = Apparel One + 2.0.0.10
    "ASAP Utilities_is1" = ASAP Utilities
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-06-26
    "Cool Timer_is1" = Cool Timer 3.7
    "Digital Editions" = Adobe Digital Editions
    "FileZilla Client" = FileZilla Client 3.5.3
    "IconPackager" = IconPackager
    "InstallShield_{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP1 - DATEV-FI Interface
    "InstallShield_{0F7AD57E-2EB1-4BF1-A3F4-AD900BCE7B41}" = SAP Business One integration DIProxy
    "InstallShield_{42B7236B-3991-4FA9-8FC1-BEF957DD0EFB}" = SAP Business One Server Tools
    "InstallShield_{495DFE8B-8474-4437-9B5C-FA02C4732E29}" = SAP Business One integration EventSender
    "InstallShield_{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
    "InstallShield_{5463A505-BAE0-40D1-9803-2C792EBC4FF7}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{553797BD-58E2-48ED-B046-4DD96775A9B0}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{5FA09853-42E3-45A2-B308-EA73F89D1F52}" = SAP Business One 8.8 SP1 - BTHF
    "InstallShield_{6FA3A5F0-5E8D-4257-BAF2-1501F3D76DC7}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
    "InstallShield_{A5E73A49-3857-4FDD-898C-C7D3EFE8AEF8}" = SAP Business One Software Development Kit
    "InstallShield_{A69CAB19-7D25-4A2F-98FA-11A89B400675}" = SAP Business One integration Server
    "InstallShield_{A6A3BE69-E282-437E-94C8-02FB38659519}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
    "InstallShield_{AB035684-4F86-481A-95D5-020D1D885FC0}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{B12A19F7-0EAC-49F7-B39A-E3E130D6D783}" = SAP Business One Data Transfer Workbench
    "InstallShield_{DBA7F247-6E30-4737-9AE1-55F1C06A8ED6}" = SAP Business One 8.8 SP1 - Electronic File Manager Format Definition
    "InstallShield_{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
    "InstallShield_{E6DCED3C-DEB8-4B7B-A026-0713DE9DD8E6}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "InstallShield_{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Rainmeter" = Rainmeter
    "SAP Business One Screen Painter" = SAP Business One Screen Painter
    "STANDARD" = Microsoft Office Standard 2007
    "TeamViewer 6" = TeamViewer 6
    "TeamViewer 7" = TeamViewer 7
    "Vision33 1D2V CRM Dashboard_is1" = Vision33 1D2V CRM Dashboard + 1.8.8.1
    "Vision33 1D2V CSR Edition_is1" = Vision33 1D2V CSR Edition + 2.8.8.5
    "Vision33 1D2V Finance Charges_is1" = Vision33 1D2V Finance Charges + 1.8.8.2
    "Vision33 1D2V Shipping_is1" = Vision33 1D2V Shipping + 1.8.8.3
    "VISPRO" = Microsoft Office Visio Professional 2007
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VMware_Player" = VMware Player
    "XobniMain" = Xobni

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-560558415-991290029-2561262081-1213\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "927851636.www.coresuite.com" = coresuite mobile
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
      O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
      O15 - HKU\S-1-5-21-560558415-991290029-2561262081-1213\..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-560558415-991290029-2561262081-1213\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
    Registry key HKEY_USERS\S-1-5-21-560558415-991290029-2561262081-1213\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zedit.com\zedworld\ deleted successfully.
    Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444552440000}
    C:\Windows\Downloaded Program Files\swflash64.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public

    User: vision33

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 153252476 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 146.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public

    User: vision33

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public

    User: vision33

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04092012_142322

    Files\Folders moved on Reboot...
    C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4500.log moved successfully.
    C:\Windows\temp\SM_OBS_DLL\881321\ObserverDLL_881321.dll moved successfully.
    C:\Windows\temp\SM_OBS_DLL\881321\Xalan-C_1_7_0.dll moved successfully.
    C:\Windows\temp\SM_OBS_DLL\881321\XalanMessages_1_7_0.dll moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_DEAN7$\3684 not found!
    File\Folder C:\Windows\temp\hsperfdata_DEAN7$\4396 not found!
    File\Folder C:\Windows\temp\hsperfdata_DEAN7$\6420 not found!

    Registry entries deleted on Reboot...
     
  12. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Reader X (10.1.0) Adobe Reader Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````



    Farbar Service Scanner Version: 01-03-2012
    Ran by dean.garrison (administrator) on 09-04-2012
    Running from "C:\Users\dean.garrison\Desktop\FIX"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  13. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I still need Eset scan results.
     
  15. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    it did not give me one?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    That's all I need to know.

    As for that error....

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  17. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
    + "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
    + "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
    + "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
    + "Zune Launcher" "Zune Auto-Launcher" "Microsoft Corporation" "c:\program files\zune\zunelauncher.exe"
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
    + "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccapp.exe"
    + "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
    + "SunJavaUpdateSched" "Java(TM) Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
    + "VMware hqtray" "VMware Host Network Access Status Tray Application" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\hqtray.exe"
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
    + "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
    + "Rainmeter.lnk" "Rainmeter - A Customizable Resource Meter" "" "c:\program files\rainmeter\rainmeter.exe"
    + "SAP Business One Service manager.lnk" "SAP Business One" "SAP Ltd." "c:\program files (x86)\sap\sap business one servertools\service manager\servermanager.exe"
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
    + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
    + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
    + "GoToMeeting" "GoToMeeting" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files (x86)\citrix\gotomeeting\880\g2mstart.exe"
    + "lpc" "" "" "File not found: C:\Users\dean.garrison\AppData\Roaming\Remote\rp.dll"
    + "ShoreTel Personal Call Manager" "ShoreTel Communicator" "ShoreTel Inc." "c:\program files (x86)\shoreline communications\shoreware client\shoretel.exe"
    + "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
    "HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
    + "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
    + "IconPackager Repair" "IconPackager Repair Module" "Stardock.net, Inc" "c:\program files (x86)\stardock\object desktop\iconpackager\iprepair.dll"
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
    + "IconPackager" "IconPackager Shell Extension" "Stardock Corporation" "c:\program files (x86)\stardock\object desktop\iconpackager\shellext64.dll"
    + "SciTE" "Context Menu Handler for SciTE" "Burgaud.com" "c:\program files (x86)\scite\wscitecm64.dll"
    + "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitshellext64.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
    + "IconPackager" "IconPackager Shell Extension" "Stardock Corporation" "c:\program files (x86)\stardock\object desktop\iconpackager\shellext.dll"
    + "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
    + "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitshellext.dll"
    + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
    + "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
    "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
    + "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitshellext64.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
    + "SnagItMainShellExt" "Snagit Shell Extension DLL" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitshellext.dll"
    + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
    "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
    + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
    "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
    + "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
    + "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
    "HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
    + "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
    + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
    + "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
    "HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
    + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
    "HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
    + "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
    + "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
    + "RUShellExt" "Revo Uninstaller Pro Extension" "VS Revo Group" "c:\program files\vs revo group\revo uninstaller pro\ruext.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
    + "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
    + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
    + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
    + "SnagIt Toolbar Loader" "Snagit Browser Helper Object for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitbho64.dll"
    + "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
    + "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
    + "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
    + "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
    + "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
    + "SnagIt Toolbar Loader" "Snagit Browser Helper Object for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitbho.dll"
    + "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
    + "Snagit" "Snagit Add-in for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\dllx64\snagitieaddin64.dll"
    "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
    + "Snagit" "Snagit Add-in for Internet Explorer" "TechSmith Corporation" "c:\program files (x86)\techsmith\snagit 10\snagitieaddin.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
    + "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
    "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
    + "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
    "Task Scheduler" "" "" ""
    + "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.2 r202" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
    + "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
    + "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
    + "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
    + "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
    + "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
    + "\{41155C96-8B2C-48F4-AF22-C1493C06EA4D}" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe"
    + "\{49D95D07-DBAB-4286-A778-B562903479A7}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
    + "\{50735F0B-2271-4C71-BBBE-BD1DA54C1AFC}" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe"
    "HKLM\System\CurrentControlSet\Services" "" "" ""
    + "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
    + "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
    + "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
    + "B1LicenseService" "" "" "c:\program files (x86)\sap\sap business one servertools\license\b1license.exe"
    + "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files (x86)\bonjour\mdnsresponder.exe"
    + "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
    + "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
    + "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
    + "CitiXsys License Server" "CitiXsys License Server" "Flexera Software, Inc." "c:\program files (x86)\citixsys\license manager\license server\lmgrd.exe"
    + "CVPND" "Cisco Systems VPN Client" "Cisco Systems, Inc." "c:\program files (x86)\cisco systems\vpn client\cvpnd.exe"
    + "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Flexera Software, Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
    + "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
    + "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
    + "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
    + "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
    + "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\lucomserver_3_3.exe"
    + "MsDtsServer100" "Provides management support for SSIS package storage and execution." "Microsoft Corporation" "c:\program files\microsoft sql server\100\dts\binn\msdtssrvr.exe"
    + "MSSQLFDLauncher" "Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10_50.mssqlserver\mssql\binn\fdlauncher.exe"
    + "MSSQLSERVER" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10_50.mssqlserver\mssql\binn\sqlservr.exe"
    + "MSSQLServerOLAPService" "Supplies online analytical processing (OLAP) and data mining functionality for business intelligence applications." "Microsoft Corporation" "c:\program files\microsoft sql server\msas10_50.mssqlserver\olap\bin\msmdsrv.exe"
    + "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
    + "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
    + "SAP Business One RSP Agent Service" "SAP Business One Remote Support Platform 2.3 Agent Service" "SAP" "c:\program files (x86)\sap\remote support platform for sap business one\service\bin\agentservice.exe"
    + "SAPB1iDIProxy" "SAP Business One DI Proxy Service" "SAP AG" "c:\program files (x86)\sap\sap business one integration\diproxy\sapb1idiproxy.exe"
    + "SAPB1iDIProxy_Monitor" "SAP Business One DI Proxy Service Monitor" "SAP AG" "c:\program files (x86)\sap\sap business one integration\diproxy\sapb1idiproxy_monitor.exe"
    + "SAPB1iEventSender" "SAP Business One EventSender Service" "SAP AG" "c:\program files (x86)\sap\sap business one integration\eventsender\sapb1ieventsender.exe"
    + "SBOBackUp" "SAP Business One Backup tool" "SAP Ltd." "c:\program files (x86)\sap\sap business one servertools\backup\b1backup.exe"
    + "SBODI_Server" "SBODI_Server Module" "SAP Ltd." "c:\program files (x86)\sap\sap business one servertools\di_server\b1di_server.exe"
    + "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
    + "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\smc.exe"
    + "SNAC" "Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe"
    + "SQLSERVERAGENT" "Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10_50.mssqlserver\mssql\binn\sqlagent.exe"
    + "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
    + "SvcNEWTScanner" "Manages secure network communication for NEWT Professional (A Network Inventory and Discovery Tool by Komodo Laboratories LLC)" "Komodo Laboratories LLC" "c:\windows\syswow64\newtscannersvc.exe"
    + "SWGVCSvc" "Provides services for the SonicWALL Global VPN Client." "SonicWALL, Inc." "c:\program files\sonicwall\sonicwall global vpn client\swgvcsvc.exe"
    + "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\rtvscan.exe"
    + "TAO_NT_Naming_Service" "" "" "c:\program files (x86)\sap\sap business one servertools\license\nt_naming_service.exe"
    + "TeamViewer6" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version6\teamviewer_service.exe"
    + "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version7\teamviewer_service.exe"
    + "Tomcat6" "Apache Tomcat 6.0.29 Server - http://tomcat.apache.org/" "Apache Software Foundation" "c:\program files (x86)\sap\sap business one integration\b1iserver\tomcat\bin\tomcat6.exe"
    + "ufad-ws60" "VMware Agent Service" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vmware-ufad.exe"
    + "UnsignedThemes" "Enables the use of unsigned themes." "The Within Network, LLC" "c:\windows\unsignedthemessvc.exe"
    + "VMAuthdService" "Authorization and authentication service for starting and accessing virtual machines" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vmware-authd.exe"
    + "VMnetDHCP" "DHCP service for virtual networks." "VMware, Inc." "c:\windows\syswow64\vmnetdhcp.exe"
    + "VMUSBArbService" "VMware USB Arbitration Service" "VMware, Inc." "c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe"
    + "VMware NAT Service" "Network address translation for virtual networks." "VMware, Inc." "c:\windows\syswow64\vmnat.exe"
    + "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
    + "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
    + "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
    + "WMZuneComm" "Zune Connectivity for Windows Mobile devices" "Microsoft Corporation" "c:\program files\zune\wmzunecomm.exe"
    + "XobniService" "Xobni software updates and error recovery" "Xobni Corporation" "c:\program files (x86)\xobni\xobniservice.exe"
    + "ZuneNetworkSvc" "Shares Zune media libraries to Zune devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\zune\zunenss.exe"
    + "ZuneWlanCfgSvc" "Configures Zune for wireless syncing" "Microsoft Corporation" "c:\program files\zune\zunewlancfgsvc.exe"
    "HKLM\System\CurrentControlSet\Services" "" "" ""
    + "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
    + "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
    + "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
    + "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
    + "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
    + "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
    + "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
    + "Andbus" "LGE Android Platform Driver" "LG Electronics Inc." "c:\windows\system32\drivers\lgandbus64.sys"
    + "AndDiag" "LGE Android Platform USB Serial Port" "LG Electronics Inc." "c:\windows\system32\drivers\lganddiag64.sys"
    + "AndGps" "LGE Android Platform USB GPS NMEA Port" "LG Electronics Inc." "c:\windows\system32\drivers\lgandgps64.sys"
    + "ANDModem" "LGE Android Platform Mobile Support" "LG Electronics Inc." "c:\windows\system32\drivers\lgandmodem64.sys"
    + "androidusb" "ADB Interface" "Google Inc" "c:\windows\system32\drivers\lgandadb.sys"
    + "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
    + "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
    + "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
    + "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
    + "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
    + "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
    + "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
    + "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
    + "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
    + "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
    + "btusbflt" "Widcomm Bluetooth USB Filter for Windows XP" "Broadcom Corporation." "c:\windows\system32\drivers\btusbflt.sys"
    + "BTWAMPFL" "btwampfl Bluetooth filter driver" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys"
    + "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
    + "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
    + "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
    + "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
    + "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
    + "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
    + "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta64.sys"
    + "CVPNDRVA" "" "" "c:\windows\system32\drivers\cvpndrva.sys"
    + "DgiVecp" "" "" "File not found: C:\Windows\system32\Drivers\DgiVecp.sys"
    + "DNE" "Deterministic Network Enhancer for NDIS 5.1" "Deterministic Networks, Inc." "c:\windows\system32\drivers\dne64x.sys"
    + "e1yexpress" "Intel(R) Gigabit Network Connection NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1y62x64.sys"
    + "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
    + "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
    + "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
    + "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
    + "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
    + "hcmon" "VMware USB Driver." "VMware, Inc." "c:\windows\system32\drivers\hcmon.sys"
    + "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
    + "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
    + "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
    + "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
    + "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
    + "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
    + "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
    + "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
    + "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
    + "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
    + "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
    + "MonitorFunction" "TVMonitor.sys" "TeamViewer GmbH" "c:\windows\system32\drivers\tvmonitor.sys"
    + "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120410.020\eng64.sys"
    + "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120410.020\ex64.sys"
    + "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
    + "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
    + "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
    + "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
    + "OA001Ufd" "Provides a software interface to control effects of Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001ufd.sys"
    + "OA001Vid" "Provides a software interface to control Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001vid.sys"
    + "PORTMON" "" "" "File not found: C:\Users\DEAN~1.GAR\AppData\Local\Temp\Rar$EX00.804\PORTMSYS.SYS"
    + "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
    + "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
    + "Revoflt" "Revo Uninstaller Filter driver" "VS Revo Group" "c:\windows\system32\drivers\revoflt.sys"
    + "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmpx64.sys"
    + "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb_amd64.sys"
    + "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
    + "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
    + "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
    + "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp64.sys"
    + "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl64.sys"
    + "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx64.sys"
    + "ssecbus" "Samsung Mobile Modem Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssecbus.sys"
    + "ssecmdfl" "Samsung Mobile Modem Device 2 Filter" "MCCI Corporation" "c:\windows\system32\drivers\ssecmdfl.sys"
    + "ssecmdm" "Samsung Mobile Modem Device 2 Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssecmdm.sys"
    + "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
    + "SWIPsec" "SonicWALL VPN Client IPsec Driver" "SonicWALL, Inc." "c:\windows\system32\drivers\swipsec.sys"
    + "SWVNIC" "SonicWALL Virtual NIC" "SonicWALL, Inc." "c:\windows\system32\drivers\swvnic.sys"
    + "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
    + "TFsExDisk" "TFsExDisk" "Teruten Inc" "c:\windows\system32\drivers\tfsexdisk.sys"
    + "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
    + "uxpatch" "" "" "c:\windows\system32\drivers\uxpatch.sys"
    + "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
    + "vmci" "VMware vmci Driver." "VMware, Inc." "c:\windows\system32\drivers\vmci.sys"
    + "vmkbd" "VMware Keyboard Driver." "VMware, Inc." "c:\windows\system32\drivers\vmkbd.sys"
    + "VMnetAdapter" "Driver for VMware's Virtual Ethernet Adapters Ver. 2" "VMware, Inc." "c:\windows\system32\drivers\vmnetadapter.sys"
    + "VMnetBridge" "VMware Bridge Protocol" "VMware, Inc." "c:\windows\system32\drivers\vmnetbridge.sys"
    + "VMnetuserif" "Allows VMware applications to use virtual networks." "VMware, Inc." "c:\windows\system32\drivers\vmnetuserif.sys"
    + "vmx86" "VMware Virtualization Driver." "VMware, Inc." "c:\windows\system32\drivers\vmx86.sys"
    + "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
    + "vstor2-ws60" "VMware Virtual Storage Volume Driver" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vstor2-ws60.sys"
    + "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
    + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
    + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
    + "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
    + "VIDC.FFDS" "" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ff_vfw.dll"
    + "VIDC.VMnc" "VMware Movie decoder" "VMware, Inc." "c:\windows\syswow64\vmnc.dll"
    "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
    + "Microsoft Zune H.264 Video Decoder" "Microsoft Zune H.264 Video Decoder" "Microsoft Corporation" "c:\program files\zune\zuneh264dec.dll"
    + "WMEnc Screen Capture Filter" "ZuneSrcWrp Module" "Microsoft Corporation" "c:\program files\zune\zunesrcwrp.dll"
    + "Zune Enhanced Video Renderer" "Enhanced Video Renderer DLL" "Microsoft Corporation" "c:\program files\zune\zuneevr.dll"
    "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
    + "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
    + "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\vsfilter.dll"
    + "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\vsfilter.dll"
    + "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
    + "FunUnify Async Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax"
    + "FunUnify Audio Trnas Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax"
    + "FunUnify Codec Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax"
    + "FunUnify Encoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax"
    + "FunUnify Video Trans Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\samsung\samsung new pc studio\funcodecfilter.ax"
    + "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
    + "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
    + "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
    + "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
    + "Haali Video Renderer" "" "" "c:\program files (x86)\combined community codec pack\filters\haali\dxr.dll"
    + "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
    + "KTF MUSIC AoD Sourcer" "KTF MUSIC AoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsasrc.dll"
    + "KTF MUSIC AoD WMT Splitter" "KTF MUSIC AoD WMT Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsawms.dll"
    + "KTF MUSIC Audio Decoder" "KTF MUSIC Audio Decoder" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsadec.dll"
    + "KTF MUSIC Audio Effector" "KTF MUSIC Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsaef.dll"
    + "KTF MUSIC MPEG Splitter" "KTF MUSIC MPEG Splitter" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsmpgs.dll"
    + "KTF MUSIC VoD Audio Effector" "KTF MUSIC VoD Audio Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvae.dll"
    + "KTF MUSIC VoD Sourcer" "KTF MUSIC VoD Sourcer" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvsrc.dll"
    + "KTF MUSIC VoD Video Effector" "KTF MUSIC VoD Video Effector" "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvve.dll"
    + "KTF MUSIC VoD WMT Splitter" "KTF MUSIC VoD WMT Splitter " "PeeringPortal" "c:\program files (x86)\samsung\samsung new pc studio\npsvwms.dll"
    + "Moto Image Decoder Filter" "image filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npsimgfilter.ax"
    + "MPC - FLV Source (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\flvsplitter.ax"
    + "MPC - FLV Splitter (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\flvsplitter.ax"
    + "MPC - MPEG-2 Video Decoder (Gabest)" "MPEG-2 Decoder Filter for DirectShow" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\mpeg2decfilter.ax"
    + "SubPicture Filter" "subpicture filter" "mobileleader" "c:\program files (x86)\samsung\samsung new pc studio\npssubpicture.dll"
    + "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files (x86)\combined community codec pack\filters\wavpackdsdecoder.ax"
    + "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files (x86)\combined community codec pack\filters\wavpackdssplitter.ax"
    + "Windows Media Video Decoder" "Windows Media Video Decoder" "Microsoft Corporation" "c:\program files (x86)\samsung\samsung new pc studio\wmvds32.ax"
    + "Windows Media Video Decoder" "Windows Media Video Decoder V8" "Microsoft Corporation" "c:\program files (x86)\samsung\samsung new pc studio\wmv8ds32.ax"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
    + "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
    + "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
    + "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
    + "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vsocklib.dll"
    + "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vsocklib.dll"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
    + "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
    + "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
    + "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
    + "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\x64\vsocklib.dll"
    + "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\program files (x86)\vmware\vmware player\x64\vsocklib.dll"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
    + "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
    + "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
    + "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
    "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
    + "KM Language Monitor" "KM language monitor" "KYOCERA MITA Corporation" "c:\windows\system32\kmpjl64.dll"
    + "PDFCreator" "" "" "c:\windows\system32\pdfcmnnt.dll"
    "C:\Users\dean.garrison\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
    + "The Magic Folder" "Drag files to move them to more useful places on your computer." "David E. Craig" "C:\Users\dean.garrison\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TheMagicFolder.Gadget\Gadget.xml"
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Autoruns, click on "Logon" tab and UN-check following line:
    + "lpc" "" "" "File not found: C:\Users\dean.garrison\AppData\Roaming\Remote\rp.dll"

    Restart computer.
     
  19. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    OK Done...now I have seen tat before and used MSCONFIG to uncheck it from start up...but it comes back...does not seem to be an issue...just keeps coming back.

    //DEAN
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    This time it shouldn't as the file doesn't exist anymore.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public

    User: vision33

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 153254906 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 146.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public

    User: vision33

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: dean.garrison

    User: dean.garrisonold

    User: Default

    User: Default User

    User: Public
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Whenever ready...
     
  23. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    seems like it is doing great...Thanks alot!

    Now on to bigger challenges...my son's PC...I just don't want to wipe it again...I post another thread for that soon.

    Thanks Again!

    //DEAN
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...