TechSpot

Two iexplore.exe * 32 after removing Trojan

Solved
By doubleTrouble
Jul 25, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Looks good.

    Any current issues?

    ===============================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  2. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    My in-house tool is running better.

    IE is complaining because I have uninstalled Adobe flash player because I found it unnerving it kept asking for reinstall. Will have to get that again at some point.

    Looks like the virus is gone. =)
     
  3. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Actually, my IE pages don't crash any more even when it needs Adobe flash. So, it's a good sign!
     
  4. Broni

    Broni Malware Annihilator Posts: 47,163   +264

  5. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Is there more to do?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Hmmm...did you read my reply #26?
     
  7. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Oops. I am blind.

    Here is the MBAM log.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.26.16
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    maaldridge :: ALDRIDGE-M-W7 [administrator]
    Protection: Disabled
    7/26/2012 4:31:16 PM
    mbam-log-2012-07-26 (16-31-16).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 562265
    Time elapsed: 24 minute(s), 14 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  8. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    OTI log part 1

    OTL logfile created on: 7/26/2012 5:05:50 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\maaldridge\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.41% Memory free
    7.77 Gb Paging File | 5.37 Gb Available in Paging File | 69.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 118.94 Gb Total Space | 21.45 Gb Free Space | 18.03% Space Free | Partition Type: NTFS

    Computer Name: ALDRIDGE-M-W7 | User Name: maaldridge | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/26 17:04:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
    PRC - [2012/07/12 21:34:18 | 000,040,960 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
    PRC - [2012/07/04 12:40:58 | 003,921,432 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/06 20:40:12 | 000,123,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
    PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/03/22 14:59:46 | 000,032,768 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
    PRC - [2011/02/07 10:52:50 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/02/02 21:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/10/22 03:28:54 | 011,937,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
    PRC - [2010/10/22 03:24:52 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    PRC - [2010/10/20 10:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
    PRC - [2010/03/12 16:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    PRC - [2009/09/18 01:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
    PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2008/06/05 02:09:18 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2007/05/15 08:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/04 12:39:50 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/07/04 12:39:48 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/07/04 12:39:48 | 000,410,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/06/14 11:46:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1cb5f5d54ef9b24b90a51b006181fe71\IAStorUtil.ni.dll
    MOD - [2012/06/13 23:08:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 23:08:28 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/13 22:19:23 | 002,120,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\1758a89157670ad77ceb880524027f09\Microsoft.TeamFoundation.VersionControl.Client.ni.dll
    MOD - [2012/06/13 22:19:16 | 001,256,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\aa48e2e2016faf91c50aa93d2661a561\Microsoft.TeamFoundation.Common.ni.dll
    MOD - [2012/06/13 22:19:15 | 004,133,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\f4af624f991c0f59c2179ca860ca5e2e\Microsoft.TeamFoundation.Client.ni.dll
    MOD - [2012/06/13 22:19:08 | 001,547,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\9479405c87dfe03cdc00b99d23bf5234\Microsoft.TeamFoundation.ni.dll
    MOD - [2012/06/07 12:27:23 | 000,381,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\ffdeba2810391daa2ae4efc426db9e6c\Microsoft.TeamFoundation.VersionControl.Common.ni.dll
    MOD - [2012/06/07 12:20:11 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dbe597aa9c12df5d08fb2f3f9872b834\System.Web.Services.ni.dll
    MOD - [2012/06/07 10:34:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll
    MOD - [2012/06/07 10:31:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/06/07 10:31:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/06/07 10:31:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/06/07 10:31:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/06/07 10:31:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/06/07 10:30:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/06/07 09:26:54 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/06/07 09:26:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/06/07 09:26:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
    MOD - [2012/06/07 09:26:44 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/06/07 09:26:39 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2011/12/06 20:41:50 | 000,017,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\x86\TfsComProviderStub.DLL
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/07/01 13:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
    SRV:64bit: - [2011/05/27 17:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2011/05/24 15:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2011/05/13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2011/05/13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2011/01/18 09:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2010/12/07 19:43:40 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV:64bit: - [2010/11/08 13:18:46 | 000,051,536 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\MozyEnterprise\mozyentbackup.exe -- (mozyentbackup)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
    SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
    SRV - [2012/07/12 21:34:18 | 000,040,960 | ---- | M] (Allscripts Healthcare Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe -- (GatewayAgent60)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/03/22 14:59:46 | 000,032,768 | ---- | M] (Allscripts Healthcare Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe -- (GatewayAgent30)
    SRV - [2011/02/17 09:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2011/02/07 10:52:50 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/02/02 21:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/10/20 10:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
    SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/12 16:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
    SRV - [2009/09/18 01:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 01:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/06/05 02:09:18 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/16 12:54:08 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozyent.sys -- (mozyentFilter)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/25 20:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/05/10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2011/04/11 15:15:18 | 000,268,376 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2011/04/11 15:15:18 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/07 10:52:52 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/02/04 14:13:12 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/01/18 09:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2011/01/18 09:49:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/12/17 01:39:10 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/12/13 09:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/12/07 19:43:40 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/11/25 12:20:46 | 000,038,472 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dcdbas64.sys -- (dcdbas)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/28 07:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/19 13:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/11/11 11:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2009/11/06 01:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2009/10/26 17:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/03 12:24:28 | 000,030,736 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/06/05 01:50:08 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdX64.sys -- (dsNcAdpt)
    DRV:64bit: - [2008/06/04 11:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/09/18 01:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://inside.allscripts.com
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://inside.allscripts.com
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes,DefaultScope = {4EC2A974-AC38-414A-9936-12161FA3482A}
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{4EC2A974-AC38-414A-9936-12161FA3482A}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..\SearchScopes\{54726DF8-F314-456B-88E5-D3B4DD63D6EE}: "URL" = http://ca.search.yahoo.com/search?p...pe=W3i_DS,136,0_0,Search,20120730,16967,0,8,0
    IE - HKU\S-1-5-21-73361282-1014109674-949316387-64872\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


    [2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
     
  9. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    OTI log part 2

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\maaldridge\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\maaldridge\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

    O1 HOSTS File: ([2012/07/26 15:46:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-73361282-1014109674-949316387-64872..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\maaldridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
    O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab)
    O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
    O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
    O15:64bit: - ..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: adp.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: allscripts.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: allscripts.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: books24x7.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: brainshark.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: clarity ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: codecorrect.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: diagnostix.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: eclipsnet.com ([]* in Local intranet)
    O15:64bit: - ..Trusted Domains: employee ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: eternal ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: force.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
    O15:64bit: - ..Trusted Domains: fpx.com ([od1] https in Trusted sites)
    O15:64bit: - ..Trusted Domains: global.ad ([*.misys] http in Local intranet)
    O15:64bit: - ..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: gotrain.net ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: insideallscripts.com ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: insidemisys.com ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
    O15:64bit: - ..Trusted Domains: intra ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: misys.com ([clarity] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: misysgold ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: misysimentor.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: on24.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: onemisys.com ([]http in Local intranet)
    O15:64bit: - ..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: payerpath.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: payerpath.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: salesforce.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: salesforce.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: servicedesk ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skillport.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skillport.com ([library] http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skillsoft.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: skillwsa.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
    O15:64bit: - ..Trusted Domains: velaro.com ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: adp.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: books24x7.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: brainshark.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: clarity ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: codecorrect.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: diagnostix.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eclipsnet.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: employee ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eternal ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: fpx.com ([od1] https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([*.misys] http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: gotrain.net ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insideallscripts.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insidemisys.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intra ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([clarity] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysgold ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysimentor.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: on24.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: servicedesk ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillport.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoft.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillwsa.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: velaro.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl3.eclipsnet.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.allscripts.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}: DhcpNameServer = 10.131.1.15 10.131.1.59 10.101.224.52 10.101.224.181
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{829CCC39-CBEB-4C8C-97CA-011ADB61935A}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D82732A-BEEA-4171-A7E8-6EB94ACFFE15}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFB12861-64CB-4296-9F76-0B8D6D8B641C}: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/26 17:04:11 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
    [2012/07/26 15:46:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/26 14:26:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/26 14:26:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/26 14:26:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/26 14:25:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/26 14:25:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/26 14:01:53 | 004,719,912 | R--- | C] (Swearware) -- C:\Users\maaldridge\Desktop\ComboFix.exe
    [2012/07/26 11:07:19 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/25 14:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maaldridge\Desktop\aswMBR.exe
    [2012/07/25 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\Desktop\RK_Quarantine
    [2012/07/25 12:29:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/25 12:09:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\maaldridge\Desktop\dds.scr
    [2012/07/25 10:35:41 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Roaming\Malwarebytes
    [2012/07/25 10:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/25 10:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/25 10:35:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/25 10:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/25 10:35:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/25 07:22:42 | 000,479,744 | ---- | C] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\RTFConv.dll
    [2012/07/24 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\Documents\ProcAlyzer Dumps
    [2012/07/24 22:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/07/24 22:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/07/24 22:05:23 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2012/07/24 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2012/07/24 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\visi_coupon
    [2012/07/24 14:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2012/07/24 14:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2012/07/24 13:54:06 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\Microsoft_Corporation
    [2012/07/23 09:59:00 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Roaming\Apple Computer
    [2012/07/22 15:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/07/22 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\maaldridge\AppData\Local\Apple
    [2012/07/22 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2012/07/12 21:33:52 | 000,114,176 | ---- | C] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\Eclipsys.Platform.LdapReader.dll
    [2012/07/12 15:16:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2011/12/21 14:50:31 | 000,110,080 | ---- | C] (Infragistics, Inc.) -- C:\Users\maaldridge\AppData\Local\sslcra32.exe

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\SysNative\
    [2012/07/26 17:04:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\maaldridge\Desktop\OTL.exe
    [2012/07/26 16:43:19 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872UA.job
    [2012/07/26 16:01:06 | 000,871,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/26 16:01:06 | 000,727,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/26 16:01:06 | 000,144,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/26 16:00:01 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 16:00:01 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 15:53:19 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
    [2012/07/26 15:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/26 15:52:14 | 3127,558,144 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/26 15:46:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/26 14:56:45 | 000,004,142 | ---- | M] () -- C:\Windows\mozyent.blk
    [2012/07/26 14:56:45 | 000,003,748 | ---- | M] () -- C:\Windows\mozyent.flt
    [2012/07/26 14:21:14 | 004,719,912 | R--- | M] (Swearware) -- C:\Users\maaldridge\Desktop\ComboFix.exe
    [2012/07/25 14:29:30 | 000,000,512 | ---- | M] () -- C:\Users\maaldridge\Desktop\MBR.dat
    [2012/07/25 14:18:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maaldridge\Desktop\aswMBR.exe
    [2012/07/25 14:15:29 | 001,552,384 | ---- | M] () -- C:\Users\maaldridge\Desktop\RogueKiller.exe
    [2012/07/25 12:09:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\maaldridge\Desktop\dds.scr
    [2012/07/25 12:06:23 | 000,000,000 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.reg
    [2012/07/25 12:06:14 | 000,000,000 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.bat
    [2012/07/25 11:27:28 | 000,302,592 | ---- | M] () -- C:\Users\maaldridge\Desktop\t6de78yz.exe
    [2012/07/25 10:35:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 10:35:19 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/25 10:19:37 | 000,007,597 | ---- | M] () -- C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
    [2012/07/25 09:43:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872Core.job
    [2012/07/25 07:22:42 | 000,479,744 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\RTFConv.dll
    [2012/07/24 22:25:03 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/07/24 22:05:49 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/07/24 20:36:28 | 040,095,152 | -H-- | M] () -- C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
    [2012/07/24 14:35:32 | 000,040,165 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/07/23 09:50:32 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2012/07/23 09:50:32 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2012/07/20 14:37:51 | 000,011,278 | RHS- | M] () -- C:\Users\maaldridge\ntuser.pol
    [2012/07/20 14:36:57 | 000,423,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/13 16:25:00 | 000,002,006 | -H-- | M] () -- C:\Users\maaldridge\Documents\Default.rdp
    [2012/07/13 15:13:49 | 000,002,390 | ---- | M] () -- C:\Users\maaldridge\Desktop\Google Chrome.lnk
    [2012/07/12 21:33:52 | 000,114,176 | ---- | M] (Allscripts Healthcare Solutions, Inc.) -- C:\Windows\SysWow64\Eclipsys.Platform.LdapReader.dll
    [2012/07/11 11:53:03 | 000,000,000 | ---- | M] () -- C:\Windows\BulkUnld.INI
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 09:27:23 | 000,865,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== Files Created - No Company Name ==========

    File not found -- C:\Windows\SysNative\
    [2012/07/26 14:26:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/26 14:26:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/26 14:26:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/26 14:26:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/26 14:26:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/25 14:29:30 | 000,000,512 | ---- | C] () -- C:\Users\maaldridge\Desktop\MBR.dat
    [2012/07/25 14:15:29 | 001,552,384 | ---- | C] () -- C:\Users\maaldridge\Desktop\RogueKiller.exe
    [2012/07/25 12:06:18 | 000,000,000 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.reg
    [2012/07/25 12:06:14 | 000,000,000 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.bat
    [2012/07/25 11:27:27 | 000,302,592 | ---- | C] () -- C:\Users\maaldridge\Desktop\t6de78yz.exe
    [2012/07/25 10:35:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/25 10:19:37 | 000,007,597 | ---- | C] () -- C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
    [2012/07/24 22:25:03 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/07/24 22:05:49 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/07/24 22:05:49 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/07/24 20:34:12 | 040,095,152 | -H-- | C] () -- C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
    [2012/07/11 11:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\BulkUnld.INI
    [2011/11/03 21:17:45 | 000,000,000 | ---- | C] () -- C:\Windows\hvct.INI
    [2011/10/19 09:32:24 | 000,011,278 | RHS- | C] () -- C:\Users\maaldridge\ntuser.pol
    [2011/10/18 14:16:31 | 000,040,165 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/09/19 07:32:57 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/09/19 07:32:55 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/09/19 07:32:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/14 08:16:48 | 000,000,411 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/04/12 09:18:42 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
    [2011/04/12 09:17:16 | 000,865,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/12 09:17:16 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
    [2011/04/12 09:17:03 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
    [2010/11/20 14:01:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
    [2010/08/19 17:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

    ========== LOP Check ==========

    [2011/09/19 08:28:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp
    [2011/09/19 13:10:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WirelessManager
    [2012/07/01 22:23:38 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\BSW
    [2011/10/25 12:35:33 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Juniper Networks
    [2012/01/17 12:54:31 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\webex
    [2011/10/27 11:00:44 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Western Digital
    [2012/01/03 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\maaldridge\AppData\Roaming\Xerox
    [2009/07/13 22:08:49 | 000,027,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  10. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Extras log

    OTL Extras logfile created on: 7/26/2012 5:05:50 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\maaldridge\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.41% Memory free
    7.77 Gb Paging File | 5.37 Gb Available in Paging File | 69.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 118.94 Gb Total Space | 21.45 Gb Free Space | 18.03% Space Free | Partition Type: NTFS

    Computer Name: ALDRIDGE-M-W7 | User Name: maaldridge | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
     
  11. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-898976328-1975694646-3752162016-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
      O15:64bit: - ..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: adp.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: allscripts.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: allscripts.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: books24x7.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: brainshark.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: clarity ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: codecorrect.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: diagnostix.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: eclipsnet.com ([]* in Local intranet)
      O15:64bit: - ..Trusted Domains: employee ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: eternal ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: force.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
      O15:64bit: - ..Trusted Domains: fpx.com ([od1] https in Trusted sites)
      O15:64bit: - ..Trusted Domains: global.ad ([*.misys] http in Local intranet)
      O15:64bit: - ..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: gotrain.net ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: insideallscripts.com ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: insidemisys.com ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
      O15:64bit: - ..Trusted Domains: intra ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: misys.com ([clarity] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: misysgold ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: misysimentor.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: on24.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: onemisys.com ([]http in Local intranet)
      O15:64bit: - ..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: payerpath.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: payerpath.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: salesforce.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: salesforce.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: servicedesk ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skillport.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skillport.com ([library] http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skillsoft.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: skillwsa.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
      O15:64bit: - ..Trusted Domains: velaro.com ([]http in Trusted sites)
      O15:64bit: - ..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: a4healthsystems.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: adp.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([clarity.corp] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: allscripts.com ([servicedesk.corp] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: books24x7.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: brainshark.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: clarity ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: codecorrect.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: delvenetworks.com ([assets] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: diagnostix.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eclipsnet.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: employee ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: eternal ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: force.com ([*.na0.visual] https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: fpx.com ([od1] https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([*.misys] http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: global.ad ([servicedesk.misys] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: globalsaleskickoff.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: gotrain.net ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insideallscripts.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: insidemisys.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intersourcing.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: intra ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: llnwd.net ([*.fcod] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([clarity] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misys.com ([servicedesk] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysgold ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misyshealthcare.com ([kb] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: misysimentor.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-e ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-f ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: mlv-ris-app-o ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: on24.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([clarity] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([eternal] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([intra] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: onemisys.com ([misysgold] http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: payerpath.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: salesforce.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: servicedesk ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skilldialogue.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillport.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoft.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillsoftcompliance.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: skillwsa.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: symantecliveupdate.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: velaro.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-73361282-1014109674-949316387-64872\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      [2012/07/26 11:07:19 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Extras log part 2

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
    "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E463504-DBDB-4F59-AE25-595AD7F5F3E9}" = Microsoft SQL Server 2012 Setup (English)
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3B76DD2A-E834-4F32-A8EA-B29A0C128BA0}" = Dell ControlVault Host Components Installer 64 bit
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
    "{4322C618-94E5-3EB0-8BA5-4675C4803C34}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{62D2F823-0EAA-496D-B0F9-A869BFC51550}" = Microsoft SQL Server 2005 Backward compatibility
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
     
  13. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Exras log part 3

    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
    "{73D8B59D-0BFF-4B5B-A031-FAB3AC629E56}" = Microsoft SQL Server 2005 Tools (64-bit)
    "{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
    "{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{AC3CFEBF-06DB-FF8C-DECF-333C9231EA34}" = MozyEnterprise
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.96
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.96
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.96
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B358C627-4492-469A-8D0A-FCA1EC769DA9}" = SQLXML4
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PROSet" = Intel(R) Network Connections Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{043EEFE0-2ED8-4E1E-A3D1-B38CD739979F}" = Eclipsys TFS DatabaseStandards Policy
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0A11169B-2A6D-4B7B-B633-31252C361038}" = Allscripts Gateway 6.0
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F3AAD74-383A-4F3F-8ED6-1B8C3763E2B4}" = Infragistics NetAdvantage Windows Forms 2009.2
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{1250E27F-7AF5-46F3-962A-36CE75C65F32}" = Infragistics NetAdvantage WPF 2009.2
    "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{173BD5AD-90A3-3332-A9C1-1E4D8ABA00DD}" = Microsoft Visual Studio Test Professional 2010 - ENU
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19FFC743-A830-4491-8CEB-1F71F26610C0}" = Allscripts TFS DatabaseStandards Policy
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{218FFA07-2B6C-44AE-8230-638D19885DB0}" = Infragistics NetAdvantage Silverlight 2011.2
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02
    "{2B914873-E352-4BA5-B090-B628EC809611}" = Sunrise Clinical Manager 6.0 Services
    "{2E37E384-C2BA-47FA-A570-5560B17DB8ED}" = Allscripts Gateway 3.0 (777.0)
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33E053D0-FA61-4F48-8C76-D0A11E51AB75}" = Infragistics NetAdvantage Reporting 2011.2 Samples
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3D361197-5A83-4F4E-835A-0C5DF77F415F}" = Sunrise Clinical Manager 6.0 Client (3525.0)
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D7903E1-FF1E-4913-9A31-B1CA0ACD584C}" = Infragistics NetAdvantage Windows Forms 2010.3
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{53C12E1E-AB56-4BF6-91F9-BB332DE0B547}" = Cisco WebEx Meeting Center for Internet Explorer
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59928016-EB1E-4DD3-83BF-4BF1FE916836}" = Sunrise Clinical Manager 6.0 Client (3532.0)
    "{5be4ab41-2776-4eb6-8f5a-e1dd0e72e206}" = Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1079
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6721AC10-3743-38F1-B178-C0EC6C9A4108}" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69BBC76D-EE2A-4296-AD9A-36CD721DAAA1}" = Sunrise Prescription Writer 6.0 Client (3417)
    "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{70B811BC-4C52-4792-A235-86529366B5BC}" = Sunrise Prescription Writer 6.0 Client (3525)
    "{70FA8BA2-A751-41D1-A2BC-D8A8F9711287}" = Infragistics NetAdvantage jQuery 2011.2 Samples
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74890040-443B-44C5-89B0-6350605CB709}" = Sunrise Prescription Writer 6.0 Client (3410)
    "{74D23D43-593F-4252-AB3C-A16DEB72723C}" = Sunrise Prescription Writer 6.0 Client (3453)
    "{766B3A7A-B5AE-33F5-9858-75E692799C84}" = Microsoft Visual Studio 2008 Team Explorer - ENU
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{795096D9-8C08-4D47-97C5-571AA10C7B50}" = WebEx Productivity Tools
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    "{8130ACB7-8907-415D-B481-B955057C281C}" = Infragistics NetAdvantage Windows Forms 2011.2
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{86090C8B-3445-49DB-8F97-117A8771B8F9}" = Infragistics NetAdvantage WPF 2011.2 Samples
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{FAA5D249-FC4B-41E0-97E3-686686672418}" =
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{DD9F1760-F02F-4282-9A95-4A5982984039}" =
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90455537-DCA5-433A-A23B-5AA70A299E97}" = Infragistics NetAdvantage jQuery 2011.2
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93BF1B65-7A4F-48B8-A12C-6818C3BAFFE7}" = Sunrise Prescription Writer 6.0 Client (3456)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9D64DB7B-F422-4D81-9F9C-FEA0DAD739B8}" = Infragistics NetAdvantage WPF 2010.3
    "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
    "{9FA0AE10-D17F-4F66-9322-35AA145AAEE7}" = Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 2.0
    "{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A15213C6-9C59-4777-84D4-8073C88544DF}" = Sunrise Prescription Writer 6.0 Client (3445)
    "{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}" = Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
    "{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}.vc_x86runtime_30729_5570" = Visual C++ 2008 x86 Runtime - v9.0.30729.5570
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B102139C-0734-4E39-8CB3-242854F118E2}" = Microsoft Team Foundation Server 2010 Power Tools
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 SP1 Redistributable
    "{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
    "{C8EA30FC-B20B-465E-9D8A-CDDC09EA72D4}" = Dell Client Configuration Toolkit
    "{CB1A3450-3D7D-49F4-9628-933F72372D28}" = Infragistics NetAdvantage WPF 2011.2
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEDFAE53-BE87-4182-91D8-6BADCF425D63}" = Infragistics NetAdvantage Reporting 2011.2
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D435D44F-BCF0-457C-972D-9E88D6F3E92D}" = Sunrise Clinical Manager 6.0 Client (3533.0)
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4E5C8AD-6550-41A5-AC36-68222490F48B}" = Sunrise Prescription Writer 6.0 Client (3452)
    "{D546AE99-C78D-431C-BF73-FA7CD6C9B404}" = SpecFlow 1.8.1
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D8A0403D-AB50-4A37-86D7-F08A943D3C0D}" = Sunrise Prescription Writer 6.0 Client (3436)
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF79E0DC-4C61-4F8C-8668-BB9B7D7A8EE1}" = Sunrise Prescription Writer 6.0 Client (3438)
    "{E027FE2E-3FF5-4DC9-A838-3F21CCF74EFE}" = Microsoft Visual Studio 2005 Team Explorer - ENU
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7A9E2EA-D91B-43C1-89DA-C9A588FD123B}" = Sunrise Prescription Writer 6.0 Client (3454)
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F0199627-1AB0-4F9A-B4D3-FD221B28249F}" = Infragistics NetAdvantage Version Utility 2011.2
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F846D43E-4ED6-47EE-A33C-75BDFF394B6E}" = Eclipsys TFS ChangeSet Comments Policy
    "{FA8C331D-6F79-4FBF-9633-D0FD46F97A52}" = Sunrise Prescription Writer 6.0 Client (3444)
    "{FDF1136C-7223-412B-9F17-4B562CF7C6CA}" = Sunrise Prescription Writer 6.0 Client (3420)
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "BSW" = BrettspielWelt
    "InstallShield_{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
    "Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
    "Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
    "Microsoft Visual Studio 2005 Team Explorer - ENU" = Microsoft Visual Studio 2005 Team Explorer - ENU
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Team Explorer - ENU" = Microsoft Visual Studio 2008 Team Explorer - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Microsoft Visual Studio Team System 2008 Development Edition - ENU" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
    "Microsoft Visual Studio Test Professional 2010 - ENU" = Microsoft Visual Studio Test Professional 2010 - ENU
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PRJPRO" = Microsoft Project Professional 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WinLiveSuite" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
     
  14. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    We posted at the same time.
    Scroll up to see my previous reply.
     
  15. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Here is the OTL custom scan result:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-898976328-1975694646-3752162016-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\a4healthsystems.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\clarity.corp\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allscripts.com\servicedesk.corp\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\books24x7.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\brainshark.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clarity\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\codecorrect.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\delvenetworks.com\assets\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\diagnostix.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eclipsnet.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\employee\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eternal\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\force.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\force.com\*.na0.visual\ not found.
    Invalid CLSID key: *.na0.visual
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fpx.com\od1\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\global.ad\*.misys\ deleted successfully.
    Invalid CLSID key: *.misys
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\global.ad\servicedesk.misys\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\globalsaleskickoff.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotrain.net\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\insideallscripts.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\insidemisys.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intersourcing.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intra\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\llnwd.net\*.fcod\ deleted successfully.
    Invalid CLSID key: *.fcod
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate\ deleted successfully.
    Invalid CLSID key: *.windowsupdate
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misys.com\clarity\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misys.com\servicedesk\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misysgold\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misyshealthcare.com\kb\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\misysimentor.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-e\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-f\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlv-ris-app-o\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\on24.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\clarity\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\eternal\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\intra\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onemisys.com\misysgold\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\payerpath.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\payerpath.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\salesforce.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\salesforce.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\servicedesk\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skilldialogue.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillport.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillsoft.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillsoftcompliance.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillwsa.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantecliveupdate.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantecliveupdate.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\velaro.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-73361282-1014109674-949316387-64872\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windowsupdate.com\ deleted successfully.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6}\U folder moved successfully.
    C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6}\L folder moved successfully.
    C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\{3135917d-3e18-e023-cb24-6460c7602ab6} folder moved successfully.
    C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\U folder moved successfully.
    C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6}\L folder moved successfully.
    Folder move failed. C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} scheduled to be moved on reboot.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 327639 bytes
    ->Java cache emptied: 7140 bytes
    ->Flash cache emptied: 527 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: maaldridge
    ->Temp folder emptied: 86982 bytes
    ->Temporary Internet Files folder emptied: 183135075 bytes
    ->Java cache emptied: 19892048 bytes
    ->Google Chrome cache emptied: 77649233 bytes
    ->Flash cache emptied: 8192199 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 135777 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66583 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100733 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 276.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: maaldridge
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: maaldridge
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07262012_173451
    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} not found!
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\maaldridge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\kladminkit\.lock scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\kladminkit\e808689f-f771-483a-b55f-f9fd055223d4.dll not found!
    File move failed. C:\Windows\temp\kladminkit.lck scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\FRST\Quarantine\{3135917d-3e18-e023-cb24-6460c7602ab6} not found!
    File C:\FRST\Quarantine not found!
    File C:\Users\maaldridge\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/07/26 17:41:55 | 000,000,000 | ---- | M] () C:\Windows\temp\kladminkit\.lock : Unable to obtain MD5
    File C:\Windows\temp\kladminkit\e808689f-f771-483a-b55f-f9fd055223d4.dll not found!
    [2012/07/26 15:46:04 | 000,000,000 | ---- | M] () C:\Windows\temp\kladminkit.lck : Unable to obtain MD5
    Registry entries deleted on Reboot...
     
  16. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Security Check log

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Eclipsys TFS ChangeSet Comments Policy
    Kaspersky Anti-Virus 6.0 for Windows Workstations
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 29
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Spybot Teatimer.exe is disabled!
    Kaspersky Lab Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 avp.exe
    Kaspersky Lab NetworkAgent 8 klnagent.exe
    ``````````End of Log````````````
     
  17. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    FSS log

    Farbar Service Scanner Version: 26-07-2012
    Ran by maaldridge (administrator) on 26-07-2012 at 17:49:43
    Running from "C:\Users\maaldridge\Desktop"
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================
    ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
    ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  18. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Is there any logs to post for TFC?
     
  19. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    While I am waiting for the ESET scan result, I have a question for you.

    Is this rootkit very infectuous? Do I need to worry about other machines at work and/or at home?
    Kapersky at work didn't catch this.
    At home, we are running a linux server, and we did use a USB key to install spybot a few days ago before I found this site. We did scrub the USB key with linux. I may have connected at home before knowing I had a virus.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    That rootkit is very nasty.
    If you didn't exchange any files over the network you should be OK.

    As for USB devices I always recommend this...
    Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on your computer to protect it from any infected USB device.

    No log for TFC needed.
     
  21. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Does that mean any files can be infected?
    I have emailed files, and checked in/out files from source control (VSTS). =(
     
  22. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Theoretically yes. If it happened? There is no way to tell.
     
  23. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    If I were to recommend one tool to run for folks, which one should I recommend?
     
  24. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    It doesn't work that way.
     
  25. doubleTrouble

    doubleTrouble TS Rookie Topic Starter Posts: 40

    Finally, here is the ESETScan file.
    The funny file from VS Revo Group is still there although it's Quarantined. :(

    C:\Qoobox\Quarantine\C\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll.vir Win32/Boaxxe.G trojan
    C:\Users\maaldridge\Desktop\RK_Quarantine\yzxxvcqk.dll.vir Win32/Boaxxe.G trojan
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.