Two iexplore.exe * 32 after removing Trojan

Broni · Jul 26, 2012

Can I run the Combofix in the safemode without network?

Yes.

I still need a log from FRST fix.

doubleTrouble · Jul 26, 2012

I can't figure out how to disable spybot. I had a look at the instructions, but the newer spybot does not have those options. Spybot 2.0.9.0.

doubleTrouble · Jul 26, 2012

Here is the fixlog.
I couldn't run the combo fix yet, as I cannot figure out how to turn off the spybot. In safemode without network, it hasn't complained about kapersky yet. I don't have permission to disable kapersky either.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 13:59:40 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6} moved successfully.
C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

Broni · Jul 26, 2012

According to Spybot forum the only way to do it is to disable it through Windows services.
Personally I consider Spybot as a tool of the past.

doubleTrouble · Jul 26, 2012

Here is the combofix log.

ComboFix 12-07-27.02 - maaldridge 07/26/2012 15:41:56.1.4 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3977.3298 [GMT -7:00]
Running from: c:\users\maaldridge\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\assembly\tmp
c:\users\maaldridge\AppData\Local\assembly\tmp
c:\users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 22:45 . 2012-07-26 22:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-26 22:45 . 2012-07-26 22:45 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-26 18:07 . 2012-07-26 18:07 -------- d-----w- C:\FRST
2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\users\maaldridge\AppData\Roaming\Malwarebytes
2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 17:35 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 14:22 . 2012-07-25 14:22 479744 ----a-w- c:\windows\SysWow64\RTFConv.dll
2012-07-25 05:05 . 2012-07-25 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-25 05:05 . 2009-01-25 20:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-07-25 05:05 . 2012-07-25 06:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-07-24 21:32 . 2012-07-24 21:32 -------- d-----w- c:\users\maaldridge\AppData\Local\visi_coupon
2012-07-24 21:30 . 2012-07-24 21:34 -------- d-----w- c:\programdata\Yahoo!
2012-07-24 21:30 . 2012-07-24 21:34 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-24 20:54 . 2012-07-24 20:54 -------- d-----w- c:\users\maaldridge\AppData\Local\Microsoft_Corporation
2012-07-23 16:59 . 2012-07-23 16:59 -------- d-----w- c:\users\maaldridge\AppData\Roaming\Apple Computer
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-22 22:41 . 2012-07-24 21:35 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-22 22:40 . 2012-07-22 22:40 -------- d-----w- c:\users\maaldridge\AppData\Local\Apple
2012-07-22 22:40 . 2012-07-22 22:40 -------- d-----w- c:\programdata\Apple
2012-07-20 18:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-20 18:30 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-20 18:30 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-20 18:30 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-20 18:30 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-20 18:30 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-20 18:30 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-20 18:30 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-20 18:30 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-20 18:30 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-20 18:30 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-20 18:30 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-20 18:30 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-20 18:30 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-13 04:33 . 2012-07-13 04:33 114176 ----a-w- c:\windows\SysWow64\Eclipsys.Platform.LdapReader.dll
2012-07-12 22:16 . 2012-07-12 22:18 -------- d--h--w- c:\windows\AxInstSV
2012-07-03 16:27 . 2012-04-17 05:31 918016 ----a-w- c:\windows\system32\jscript.dll
2012-07-03 16:27 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-03 16:27 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-03 16:27 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-03 16:27 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-03 16:27 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-03 16:27 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-03 16:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-03 16:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-03 16:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:46 . 2011-10-25 17:10 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-07-20 18:31 . 2010-11-20 21:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-12 16:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-12 16:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-12 16:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-12 16:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-12 16:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-12 16:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-12 16:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-12 16:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-12 16:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-20 21:17 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 21:31 . 2011-04-14 20:49 2480768 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-15 04:01 . 2012-06-21 16:51 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-21 16:51 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-21 16:51 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 19:51 . 2012-04-13 20:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-14 05:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 05:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 05:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 05:32 . 2012-06-14 05:01 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-14 05:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-07-04 3527176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2010-10-22 11937552]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
.
c:\users\maaldridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-11-8 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-9-19 50688]
MozyEnterprise Status.lnk - c:\program files\MozyEnterprise\mozyentstat.exe [2012-6-4 6270088]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2007-5-15 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GatewayAgent30;Allscripts Gateway Agent - 3.0;c:\program files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2011-03-22 32768]
R2 GatewayAgent31;Allscripts Gateway Agent - 3.1;c:\program files (x86)\Allscripts Sunrise\Helios\3.1\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [x]
R2 GatewayAgent60;Allscripts Gateway Agent - 6.0;c:\program files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2012-07-13 40960]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 mozyentbackup;MozyEnterprise Backup Service;c:\program files\MozyEnterprise\mozyentbackup.exe [2010-11-08 51536]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-07 2009704]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-06 293552]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-02-07 173160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 25960]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-04-11 27736]
S1 mozyentFilter;mozyentFilter;c:\windows\system32\DRIVERS\mozyent.sys [2011-08-16 66552]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 klnagent;Kaspersky Lab Network Agent;c:\program files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-10-20 141688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [2010-11-25 38472]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-10-28 315568]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 30736]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872Core.job
- c:\users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 18:08]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872UA.job
- c:\users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 18:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-28 00:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent]
@="{567f4262-b8b0-578b-e7bc-b384643f0d85}"
[HKEY_CLASSES_ROOT\CLSID\{567f4262-b8b0-578b-e7bc-b384643f0d85}]
2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent2]
@="{5efb374b-ea9d-fd9e-528a-5f53484cb3dc}"
[HKEY_CLASSES_ROOT\CLSID\{5efb374b-ea9d-fd9e-528a-5f53484cb3dc}]
2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent3]
@="{1b4d21fd-1325-b7e3-a45e-07804bf4fc8c}"
[HKEY_CLASSES_ROOT\CLSID\{1b4d21fd-1325-b7e3-a45e-07804bf4fc8c}]
2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
@="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
[HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
@="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
[HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
@="{FF529703-3398-4c98-B88D-13F784CB10A2}"
[HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
@="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
[HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
@="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
[HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-28 00:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-08 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-15 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-15 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-15 418328]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-03 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-12-30 1875048]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-28 257392]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF8037.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://inside.allscripts.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: a4healthsystems.com
Trusted Zone: adp.com
Trusted Zone: allscripts.com
Trusted Zone: allscripts.com\clarity.corp
Trusted Zone: allscripts.com\servicedesk.corp
Trusted Zone: books24x7.com
Trusted Zone: brainshark.com
Trusted Zone: clarity
Trusted Zone: codecorrect.com
Trusted Zone: delvenetworks.com\assets
Trusted Zone: diagnostix.com
Trusted Zone: eternal
Trusted Zone: force.com
Trusted Zone: force.com\*.na0.visual
Trusted Zone: fpx.com\od1
Trusted Zone: global.ad\servicedesk.misys
Trusted Zone: gotrain.net
Trusted Zone: intersourcing.com\www
Trusted Zone: intra
Trusted Zone: llnwd.net\*.fcod
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: misys.com\clarity
Trusted Zone: misys.com\servicedesk
Trusted Zone: misysgold
Trusted Zone: misyshealthcare.com
Trusted Zone: misyshealthcare.com\kb
Trusted Zone: misysimentor.com
Trusted Zone: mlv-ris-app-e
Trusted Zone: mlv-ris-app-f
Trusted Zone: mlv-ris-app-o
Trusted Zone: on24.com
Trusted Zone: onemisys.com\clarity
Trusted Zone: onemisys.com\eternal
Trusted Zone: onemisys.com\intra
Trusted Zone: onemisys.com\misysgold
Trusted Zone: payerpath.com
Trusted Zone: salesforce.com
Trusted Zone: servicedesk
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com
Trusted Zone: skillsoftcompliance.com
Trusted Zone: skillwsa.com
Trusted Zone: symantecliveupdate.com
Trusted Zone: velaro.com
Trusted Zone: windowsupdate.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-VS Revo Group - c:\users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-898976328-1975694646-3752162016-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,99,2d,f0,b2,41,18,4b,8d,46,c7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,99,2d,f0,b2,41,18,4b,8d,46,c7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\CCM\CcmExec.exe
.
**************************************************************************
.
Completion time: 2012-07-26 15:48:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 22:48
.
Pre-Run: 20,409,544,704 bytes free
Post-Run: 22,841,856,000 bytes free
.
- - End Of File - - D7C148B28739A84495AF7DE37925FA5F

Broni · Jul 26, 2012

Looks good.

Any current issues?

===============================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

doubleTrouble · Jul 26, 2012

My in-house tool is running better.

IE is complaining because I have uninstalled Adobe flash player because I found it unnerving it kept asking for reinstall. Will have to get that again at some point.

Looks like the virus is gone. =)

doubleTrouble · Jul 26, 2012

Actually, my IE pages don't crash any more even when it needs Adobe flash. So, it's a good sign!

Broni · Jul 26, 2012

doubleTrouble · Jul 26, 2012

Is there more to do?

Broni · Jul 26, 2012

Hmmm...did you read my reply #26?

doubleTrouble · Jul 26, 2012

Oops. I am blind.

Here is the MBAM log.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.26.16
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
maaldridge :: ALDRIDGE-M-W7 [administrator]
Protection: Disabled
7/26/2012 4:31:16 PM
mbam-log-2012-07-26 (16-31-16).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562265
Time elapsed: 24 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

doubleTrouble · Jul 26, 2012

OTI log part 1

OTL logfile created on: 7/26/2012 5:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\maaldridge\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.41% Memory free
7.77 Gb Paging File | 5.37 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.94 Gb Total Space | 21.45 Gb Free Space | 18.03% Space Free | Partition Type: NTFS

Computer Name: ALDRIDGE-M-W7 | User Name: maaldridge | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 17:04:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
PRC - [2012/07/12 21:34:18 | 000,040,960 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
PRC - [2012/07/04 12:40:58 | 003,921,432 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/06 20:40:12 | 000,123,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/22 14:59:46 | 000,032,768 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
PRC - [2011/02/07 10:52:50 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/02 21:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/22 03:28:54 | 011,937,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2010/10/22 03:24:52 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
PRC - [2010/10/20 10:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
PRC - [2010/03/12 16:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2009/09/18 01:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/06/05 02:09:18 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2007/05/15 08:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE

========== Modules (No Company Name) ==========

MOD - [2012/07/04 12:39:50 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/07/04 12:39:48 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/07/04 12:39:48 | 000,410,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/06/14 11:46:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1cb5f5d54ef9b24b90a51b006181fe71\IAStorUtil.ni.dll
MOD - [2012/06/13 23:08:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 23:08:28 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 22:19:23 | 002,120,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\1758a89157670ad77ceb880524027f09\Microsoft.TeamFoundation.VersionControl.Client.ni.dll
MOD - [2012/06/13 22:19:16 | 001,256,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\aa48e2e2016faf91c50aa93d2661a561\Microsoft.TeamFoundation.Common.ni.dll
MOD - [2012/06/13 22:19:15 | 004,133,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\f4af624f991c0f59c2179ca860ca5e2e\Microsoft.TeamFoundation.Client.ni.dll
MOD - [2012/06/13 22:19:08 | 001,547,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\9479405c87dfe03cdc00b99d23bf5234\Microsoft.TeamFoundation.ni.dll
MOD - [2012/06/07 12:27:23 | 000,381,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\ffdeba2810391daa2ae4efc426db9e6c\Microsoft.TeamFoundation.VersionControl.Common.ni.dll
MOD - [2012/06/07 12:20:11 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dbe597aa9c12df5d08fb2f3f9872b834\System.Web.Services.ni.dll
MOD - [2012/06/07 10:34:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll
MOD - [2012/06/07 10:31:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/07 10:31:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/07 10:31:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/07 10:31:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/07 10:31:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/07 10:30:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/07 09:26:54 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/06/07 09:26:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/06/07 09:26:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/06/07 09:26:44 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/06/07 09:26:39 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/12/06 20:41:50 | 000,017,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\x86\TfsComProviderStub.DLL
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 13:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/05/27 17:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 15:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/05/13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/01/18 09:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/12/07 19:43:40 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/08 13:18:46 | 000,051,536 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\MozyEnterprise\mozyentbackup.exe -- (mozyentbackup)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2012/07/12 21:34:18 | 000,040,960 | ---- | M] (Allscripts Healthcare Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe -- (GatewayAgent60)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/22 14:59:46 | 000,032,768 | ---- | M] (Allscripts Healthcare Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe -- (GatewayAgent30)
SRV - [2011/02/17 09:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011/02/07 10:52:50 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/02 21:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/20 10:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 16:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009/09/18 01:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 01:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/05 02:09:18 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/16 12:54:08 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozyent.sys -- (mozyentFilter)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/25 20:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/04/11 15:15:18 | 000,268,376 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/04/11 15:15:18 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 10:52:52 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/04 14:13:12 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/01/18 09:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/18 09:49:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/12/17 01:39:10 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/13 09:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/07 19:43:40 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/25 12:20:46 | 000,038,472 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dcdbas64.sys -- (dcdbas)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 07:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/19 13:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/11/11 11:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/11/06 01:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/10/26 17:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/03 12:24:28 | 000,030,736 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/05 01:50:08 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdX64.sys -- (dsNcAdpt)
DRV:64bit: - [2008/06/04 11:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/09/18 01:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://inside.allscripts.com
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://inside.allscripts.com
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes,DefaultScope = {4EC2A974-AC38-414A-9936-12161FA3482A}
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{4EC2A974-AC38-414A-9936-12161FA3482A}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{54726DF8-F314-456B-88E5-D3B4DD63D6EE}: "URL" = http://ca.search.yahoo.com/search?p...pe=W3i_DS,136,0_0,Search,20120730,16967,0,8,0
IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

[2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

doubleTrouble · Jul 26, 2012

OTI log part 2

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

O1 HOSTS File: ([2012/07/26 15:46:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-73361282-1014109674-949316387-64872..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\maaldridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O15:64bit: - ..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: adp.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
O15:64bit: - ..Trusted Domains: books24x7.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: brainshark.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: clarity ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: codecorrect.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
O15:64bit: - ..Trusted Domains: diagnostix.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: eclipsnet.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: employee ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: eternal ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: force.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
O15:64bit: - ..Trusted Domains: fpx.com ([od1] https in Trusted sites)
O15:64bit: - ..Trusted Domains: global.ad ([*.misys] http in Local intranet)
O15:64bit: - ..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
O15:64bit: - ..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: gotrain.net ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: insideallscripts.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: insidemisys.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
O15:64bit: - ..Trusted Domains: intra ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
O15:64bit: - ..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misys.com ([clarity] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misysgold ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misysimentor.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: on24.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
O15:64bit: - ..Trusted Domains: payerpath.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: payerpath.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: salesforce.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: servicedesk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillport.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillport.com ([library] http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillsoft.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillwsa.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: velaro.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: books24x7.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: brainshark.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: clarity ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: codecorrect.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: diagnostix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eclipsnet.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: employee ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eternal ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: fpx.com ([od1] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([*.misys] http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: gotrain.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insideallscripts.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insidemisys.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intra ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([clarity] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysgold ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysimentor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: on24.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: servicedesk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillport.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillwsa.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: velaro.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl3.eclipsnet.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.allscripts.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}: DhcpNameServer = 10.131.1.15 10.131.1.59 10.101.224.52 10.101.224.181
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{829CCC39-CBEB-4C8C-97CA-011ADB61935A}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D82732A-BEEA-4171-A7E8-6EB94ACFFE15}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFB12861-64CB-4296-9F76-0B8D6D8B641C}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 17:04:11 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
[2012/07/26 15:46:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/26 14:26:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/26 14:26:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/26 14:26:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/26 14:25:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/26 14:25:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/26 14:01:53 | 004,719,912 | R--- | C] (Swearware) -- C:\Users\maaldridge\Desktop\ComboFix.exe
[2012/07/26 11:07:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/25 14:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maaldridge\Desktop\aswMBR.exe
[2012/07/25 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\Desktop\RK_Quarantine
[2012/07/25 12:29:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/25 12:09:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\maaldridge\Desktop\dds.scr
[2012/07/25 10:35:41 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Roaming\Malwarebytes
[2012/07/25 10:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 10:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/25 10:35:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/25 10:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/25 10:35:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/25 07:22:42 | 000,479,744 | ---- | C] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\RTFConv.dll
[2012/07/24 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\Documents\ProcAlyzer Dumps
[2012/07/24 22:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/24 22:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/07/24 22:05:23 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/07/24 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/07/24 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\visi_coupon
[2012/07/24 14:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/07/24 14:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/07/24 13:54:06 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\Microsoft_Corporation
[2012/07/23 09:59:00 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Roaming\Apple Computer
[2012/07/22 15:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/22 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\Apple
[2012/07/22 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/12 21:33:52 | 000,114,176 | ---- | C] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\Eclipsys.Platform.LdapReader.dll
[2012/07/12 15:16:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2011/12/21 14:50:31 | 000,110,080 | ---- | C] (Infragistics, Inc.) -- C:\Users\maaldridge\AppData\Local\sslcra32.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/07/26 17:04:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
[2012/07/26 16:43:19 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872UA.job
[2012/07/26 16:01:06 | 000,871,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/26 16:01:06 | 000,727,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/26 16:01:06 | 000,144,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/26 16:00:01 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 16:00:01 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 15:53:19 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/07/26 15:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 15:52:14 | 3127,558,144 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 15:46:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/26 14:56:45 | 000,004,142 | ---- | M] () -- C:\Windows\mozyent.blk
[2012/07/26 14:56:45 | 000,003,748 | ---- | M] () -- C:\Windows\mozyent.flt
[2012/07/26 14:21:14 | 004,719,912 | R--- | M] (Swearware) -- C:\Users\maaldridge\Desktop\ComboFix.exe
[2012/07/25 14:29:30 | 000,000,512 | ---- | M] () -- C:\Users\maaldridge\Desktop\MBR.dat
[2012/07/25 14:18:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maaldridge\Desktop\aswMBR.exe
[2012/07/25 14:15:29 | 001,552,384 | ---- | M] () -- C:\Users\maaldridge\Desktop\RogueKiller.exe
[2012/07/25 12:09:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\maaldridge\Desktop\dds.scr
[2012/07/25 12:06:23 | 000,000,000 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.reg
[2012/07/25 12:06:14 | 000,000,000 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.bat
[2012/07/25 11:27:28 | 000,302,592 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.exe
[2012/07/25 10:35:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 10:35:19 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/25 10:19:37 | 000,007,597 | ---- | M] () -- C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
[2012/07/25 09:43:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872Core.job
[2012/07/25 07:22:42 | 000,479,744 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\RTFConv.dll
[2012/07/24 22:25:03 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/24 22:05:49 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/07/24 20:36:28 | 040,095,152 | -H-- | M] () -- C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
[2012/07/24 14:35:32 | 000,040,165 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/23 09:50:32 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/23 09:50:32 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/20 14:37:51 | 000,011,278 | RHS- | M] () -- C:\Users\maaldridge\ntuser.pol
[2012/07/20 14:36:57 | 000,423,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/13 16:25:00 | 000,002,006 | -H-- | M] () -- C:\Users\maaldridge\Documents\Default.rdp
[2012/07/13 15:13:49 | 000,002,390 | ---- | M] () -- C:\Users\maaldridge\Desktop\Google Chrome.lnk
[2012/07/12 21:33:52 | 000,114,176 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\Eclipsys.Platform.LdapReader.dll
[2012/07/11 11:53:03 | 000,000,000 | ---- | M] () -- C:\Windows\BulkUnld.INI
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 09:27:23 | 000,865,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/07/26 14:26:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/26 14:26:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/26 14:26:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/26 14:26:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/26 14:26:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/25 14:29:30 | 000,000,512 | ---- | C] () -- C:\Users\maaldridge\Desktop\MBR.dat
[2012/07/25 14:15:29 | 001,552,384 | ---- | C] () -- C:\Users\maaldridge\Desktop\RogueKiller.exe
[2012/07/25 12:06:18 | 000,000,000 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.reg
[2012/07/25 12:06:14 | 000,000,000 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.bat
[2012/07/25 11:27:27 | 000,302,592 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.exe
[2012/07/25 10:35:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 10:19:37 | 000,007,597 | ---- | C] () -- C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
[2012/07/24 22:25:03 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/24 22:05:49 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/07/24 22:05:49 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/07/24 20:34:12 | 040,095,152 | -H-- | C] () -- C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
[2012/07/11 11:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\BulkUnld.INI
[2011/11/03 21:17:45 | 000,000,000 | ---- | C] () -- C:\Windows\hvct.INI
[2011/10/19 09:32:24 | 000,011,278 | RHS- | C] () -- C:\Users\maaldridge\ntuser.pol
[2011/10/18 14:16:31 | 000,040,165 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/19 07:32:57 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/19 07:32:55 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/19 07:32:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/14 08:16:48 | 000,000,411 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/12 09:18:42 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/04/12 09:17:16 | 000,865,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/12 09:17:16 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/04/12 09:17:03 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/11/20 14:01:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/08/19 17:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

========== LOP Check ==========

[2011/09/19 08:28:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp
[2011/09/19 13:10:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WirelessManager
[2012/07/01 22:23:38 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\BSW
[2011/10/25 12:35:33 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Juniper Networks
[2012/01/17 12:54:31 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\webex
[2011/10/27 11:00:44 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Western Digital
[2012/01/03 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Xerox
[2009/07/13 22:08:49 | 000,027,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

doubleTrouble · Jul 26, 2012

Extras log

OTL Extras logfile created on: 7/26/2012 5:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\maaldridge\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.41% Memory free
7.77 Gb Paging File | 5.37 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.94 Gb Total Space | 21.45 Gb Free Space | 18.03% Space Free | Partition Type: NTFS

Computer Name: ALDRIDGE-M-W7 | User Name: maaldridge | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

Broni · Jul 26, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O15:64bit: - ..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: adp.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
O15:64bit: - ..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
O15:64bit: - ..Trusted Domains: books24x7.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: brainshark.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: clarity ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: codecorrect.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
O15:64bit: - ..Trusted Domains: diagnostix.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: eclipsnet.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: employee ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: eternal ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: force.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
O15:64bit: - ..Trusted Domains: fpx.com ([od1] https in Trusted sites)
O15:64bit: - ..Trusted Domains: global.ad ([*.misys] http in Local intranet)
O15:64bit: - ..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
O15:64bit: - ..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: gotrain.net ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: insideallscripts.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: insidemisys.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
O15:64bit: - ..Trusted Domains: intra ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
O15:64bit: - ..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misys.com ([clarity] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misysgold ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
O15:64bit: - ..Trusted Domains: misysimentor.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: on24.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
O15:64bit: - ..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
O15:64bit: - ..Trusted Domains: payerpath.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: payerpath.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: salesforce.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: servicedesk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillport.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillport.com ([library] http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillsoft.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: skillwsa.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: velaro.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: books24x7.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: brainshark.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: clarity ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: codecorrect.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: diagnostix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eclipsnet.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: employee ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eternal ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: fpx.com ([od1] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([*.misys] http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: gotrain.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insideallscripts.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insidemisys.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intra ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([clarity] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysgold ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysimentor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: on24.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: servicedesk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillport.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillwsa.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: velaro.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
[2012/07/26 11:07:19 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

doubleTrouble · Jul 26, 2012

Extras log part 2

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E463504-DBDB-4F59-AE25-595AD7F5F3E9}" = Microsoft SQL Server 2012 Setup (English)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B76DD2A-E834-4F32-A8EA-B29A0C128BA0}" = Dell ControlVault Host Components Installer 64 bit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{4322C618-94E5-3EB0-8BA5-4675C4803C34}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{62D2F823-0EAA-496D-B0F9-A869BFC51550}" = Microsoft SQL Server 2005 Backward compatibility
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom

doubleTrouble · Jul 26, 2012

Exras log part 3

"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{73D8B59D-0BFF-4B5B-A031-FAB3AC629E56}" = Microsoft SQL Server 2005 Tools (64-bit)
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC3CFEBF-06DB-FF8C-DECF-333C9231EA34}" = MozyEnterprise
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.96
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B358C627-4492-469A-8D0A-FCA1EC769DA9}" = SQLXML4
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{043EEFE0-2ED8-4E1E-A3D1-B38CD739979F}" = Eclipsys TFS DatabaseStandards Policy
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A11169B-2A6D-4B7B-B633-31252C361038}" = Allscripts Gateway 6.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3AAD74-383A-4F3F-8ED6-1B8C3763E2B4}" = Infragistics NetAdvantage Windows Forms 2009.2
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1250E27F-7AF5-46F3-962A-36CE75C65F32}" = Infragistics NetAdvantage WPF 2009.2
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{173BD5AD-90A3-3332-A9C1-1E4D8ABA00DD}" = Microsoft Visual Studio Test Professional 2010 - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19FFC743-A830-4491-8CEB-1F71F26610C0}" = Allscripts TFS DatabaseStandards Policy
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{218FFA07-2B6C-44AE-8230-638D19885DB0}" = Infragistics NetAdvantage Silverlight 2011.2
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02
"{2B914873-E352-4BA5-B090-B628EC809611}" = Sunrise Clinical Manager 6.0 Services
"{2E37E384-C2BA-47FA-A570-5560B17DB8ED}" = Allscripts Gateway 3.0 (777.0)
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E053D0-FA61-4F48-8C76-D0A11E51AB75}" = Infragistics NetAdvantage Reporting 2011.2 Samples
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D361197-5A83-4F4E-835A-0C5DF77F415F}" = Sunrise Clinical Manager 6.0 Client (3525.0)
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D7903E1-FF1E-4913-9A31-B1CA0ACD584C}" = Infragistics NetAdvantage Windows Forms 2010.3
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53C12E1E-AB56-4BF6-91F9-BB332DE0B547}" = Cisco WebEx Meeting Center for Internet Explorer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59928016-EB1E-4DD3-83BF-4BF1FE916836}" = Sunrise Clinical Manager 6.0 Client (3532.0)
"{5be4ab41-2776-4eb6-8f5a-e1dd0e72e206}" = Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1079
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6721AC10-3743-38F1-B178-C0EC6C9A4108}" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69BBC76D-EE2A-4296-AD9A-36CD721DAAA1}" = Sunrise Prescription Writer 6.0 Client (3417)
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{70B811BC-4C52-4792-A235-86529366B5BC}" = Sunrise Prescription Writer 6.0 Client (3525)
"{70FA8BA2-A751-41D1-A2BC-D8A8F9711287}" = Infragistics NetAdvantage jQuery 2011.2 Samples
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74890040-443B-44C5-89B0-6350605CB709}" = Sunrise Prescription Writer 6.0 Client (3410)
"{74D23D43-593F-4252-AB3C-A16DEB72723C}" = Sunrise Prescription Writer 6.0 Client (3453)
"{766B3A7A-B5AE-33F5-9858-75E692799C84}" = Microsoft Visual Studio 2008 Team Explorer - ENU
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{795096D9-8C08-4D47-97C5-571AA10C7B50}" = WebEx Productivity Tools
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{8130ACB7-8907-415D-B481-B955057C281C}" = Infragistics NetAdvantage Windows Forms 2011.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86090C8B-3445-49DB-8F97-117A8771B8F9}" = Infragistics NetAdvantage WPF 2011.2 Samples
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{FAA5D249-FC4B-41E0-97E3-686686672418}" =
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{DD9F1760-F02F-4282-9A95-4A5982984039}" =
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90455537-DCA5-433A-A23B-5AA70A299E97}" = Infragistics NetAdvantage jQuery 2011.2
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93BF1B65-7A4F-48B8-A12C-6818C3BAFFE7}" = Sunrise Prescription Writer 6.0 Client (3456)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D64DB7B-F422-4D81-9F9C-FEA0DAD739B8}" = Infragistics NetAdvantage WPF 2010.3
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9FA0AE10-D17F-4F66-9322-35AA145AAEE7}" = Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 2.0
"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A15213C6-9C59-4777-84D4-8073C88544DF}" = Sunrise Prescription Writer 6.0 Client (3445)
"{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}" = Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
"{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}.vc_x86runtime_30729_5570" = Visual C++ 2008 x86 Runtime - v9.0.30729.5570
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B102139C-0734-4E39-8CB3-242854F118E2}" = Microsoft Team Foundation Server 2010 Power Tools
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 SP1 Redistributable
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{C8EA30FC-B20B-465E-9D8A-CDDC09EA72D4}" = Dell Client Configuration Toolkit
"{CB1A3450-3D7D-49F4-9628-933F72372D28}" = Infragistics NetAdvantage WPF 2011.2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDFAE53-BE87-4182-91D8-6BADCF425D63}" = Infragistics NetAdvantage Reporting 2011.2
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D435D44F-BCF0-457C-972D-9E88D6F3E92D}" = Sunrise Clinical Manager 6.0 Client (3533.0)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5C8AD-6550-41A5-AC36-68222490F48B}" = Sunrise Prescription Writer 6.0 Client (3452)
"{D546AE99-C78D-431C-BF73-FA7CD6C9B404}" = SpecFlow 1.8.1
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8A0403D-AB50-4A37-86D7-F08A943D3C0D}" = Sunrise Prescription Writer 6.0 Client (3436)
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF79E0DC-4C61-4F8C-8668-BB9B7D7A8EE1}" = Sunrise Prescription Writer 6.0 Client (3438)
"{E027FE2E-3FF5-4DC9-A838-3F21CCF74EFE}" = Microsoft Visual Studio 2005 Team Explorer - ENU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7A9E2EA-D91B-43C1-89DA-C9A588FD123B}" = Sunrise Prescription Writer 6.0 Client (3454)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0199627-1AB0-4F9A-B4D3-FD221B28249F}" = Infragistics NetAdvantage Version Utility 2011.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F846D43E-4ED6-47EE-A33C-75BDFF394B6E}" = Eclipsys TFS ChangeSet Comments Policy
"{FA8C331D-6F79-4FBF-9633-D0FD46F97A52}" = Sunrise Prescription Writer 6.0 Client (3444)
"{FDF1136C-7223-412B-9F17-4B562CF7C6CA}" = Sunrise Prescription Writer 6.0 Client (3420)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"BSW" = BrettspielWelt
"InstallShield_{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
"Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"Microsoft Visual Studio 2005 Team Explorer - ENU" = Microsoft Visual Studio 2005 Team Explorer - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Team Explorer - ENU" = Microsoft Visual Studio 2008 Team Explorer - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Team System 2008 Development Edition - ENU" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
"Microsoft Visual Studio Test Professional 2010 - ENU" = Microsoft Visual Studio Test Professional 2010 - ENU
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4

Broni · Jul 26, 2012

We posted at the same time.
Scroll up to see my previous reply.

doubleTrouble · Jul 26, 2012

Here is the OTL custom scan result:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-898976328-1975694646-3752162016-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\a4healthsystems.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\clarity.corp\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\servicedesk.corp\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\books24x7.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\brainshark.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clarity\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecorrect.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\delvenetworks.com\assets\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\diagnostix.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eclipsnet.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\employee\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eternal\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\force.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\force.com\*.na0.visual\ not found.
Invalid CLSID key: *.na0.visual
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fpx.com\od1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\global.ad\*.misys\ deleted successfully.
Invalid CLSID key: *.misys
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\global.ad\servicedesk.misys\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\globalsaleskickoff.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotrain.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\insideallscripts.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\insidemisys.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intersourcing.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intra\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\llnwd.net\*.fcod\ deleted successfully.
Invalid CLSID key: *.fcod
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate\ deleted successfully.
Invalid CLSID key: *.windowsupdate
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misys.com\clarity\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misys.com\servicedesk\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misysgold\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\kb\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misysimentor.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-e\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-f\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-o\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\on24.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\clarity\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\eternal\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\intra\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\misysgold\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\payerpath.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\payerpath.com\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\salesforce.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\salesforce.com\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\servicedesk\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skilldialogue.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillport.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillsoft.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillsoftcompliance.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillwsa.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantecliveupdate.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantecliveupdate.com\ not found.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\velaro.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windowsupdate.com\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6}\U folder moved successfully.
C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6}\L folder moved successfully.
C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6} folder moved successfully.
C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\U folder moved successfully.
C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\L folder moved successfully.
Folder move failed. C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} scheduled to be moved on reboot.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327639 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 527 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: maaldridge
->Temp folder emptied: 86982 bytes
->Temporary Internet Files folder emptied: 183135075 bytes
->Java cache emptied: 19892048 bytes
->Google Chrome cache emptied: 77649233 bytes
->Flash cache emptied: 8192199 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135777 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66583 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100733 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: maaldridge
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: maaldridge
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07262012_173451
Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} not found!
File\Folder C:\FRST\Quarantine not found!
C:\Users\maaldridge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\kladminkit\.lock scheduled to be moved on reboot.
File\Folder C:\Windows\temp\kladminkit\e808689f-f771-483a-b55f-f9fd055223d4.dll not found!
File move failed. C:\Windows\temp\kladminkit.lck scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} not found!
File C:\FRST\Quarantine not found!
File C:\Users\maaldridge\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/26 17:41:55 | 000,000,000 | ---- | M] () C:\Windows\temp\kladminkit\.lock : Unable to obtain MD5
File C:\Windows\temp\kladminkit\e808689f-f771-483a-b55f-f9fd055223d4.dll not found!
[2012/07/26 15:46:04 | 000,000,000 | ---- | M] () C:\Windows\temp\kladminkit.lck : Unable to obtain MD5
Registry entries deleted on Reboot...

TechSpot

Welcome to TechSpot

Two iexplore.exe * 32 after removing Trojan

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

Attached Files:

spybot.jpg

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

doubleTrouble Newcomer, in training Posts: 40

doubleTrouble Newcomer, in training Posts: 40

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

doubleTrouble Newcomer, in training Posts: 40

Broni Malware Annihilator Posts: 40,051 +187

doubleTrouble Newcomer, in training Posts: 40

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.