TechSpot

Windows Server 2008, Sirfef.b/y and zeroaccess

Solved
By avenged187
Aug 9, 2012
  1. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Scan is running, though. It was updated yesterday before the entire server went haywire, and just the start of scanning would crash the system. Not the case now, but still not able to update.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    ZeroAcces is rather nasty stuff so I'm not surprised you had all kind of issues.
     
  3. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Heh you have no idea. Windows Update, MSE, Firewall access and updating all blocked, Quickbooks crashes, windows wanting to restart ever 60 seconds literally. The fact that this is on Windows 2008 made it harder, because there is a huge lack of tools out there, as you said earlier.
     
  4. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Full Scan up and running. Will run RKill when finished and post results.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,975   +271

  6. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    MSE didn't find any infections. Posting RKill log.

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/09/2012 01:07:35 PM in x64 mode.
    Windows Version: Windows Server 2008 R2

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\frank\Desktop\rkill-backup\rkill-08-09-2012-01-07-37.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * ALERT: ZEROACCESS rootkit symptoms found!

    * HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

    Searching for Missing Digital Signatures:

    * No issues found.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/09/2012 01:07:52 PM
    Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
     
  7. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Still have no access to the firewall, and cannot update windows or MSE.
     
  8. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    error code 0x80070424 on all of them
     
  9. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    We'll get to it.

    For now we still have some ZA leftovers.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :reg
      HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 /s
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  10. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:52 on 09/08/2012 by frank
    Administrator - Elevation successful
    ========== reg ==========
    [HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
    @="C:\Users\frank\AppData\Local\{72a5a74b-8002-844d-644c-f60ea090ba88}\n."
    "ThreadingModel"="Both"

    -= EOF =-
     
  11. Broni

    Broni Malware Annihilator Posts: 47,975   +271

     
  12. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:53 on 09/08/2012 by frank
    Administrator - Elevation successful
    ========== reg ==========
    [HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
    @="%SystemRoot%\system32\shell32.dll"
    "ThreadingModel"="Apartment"

    -= EOF =-
     
  13. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Whatever that regkey was linking to, replacing it allowed several programs that were crashing on startup to open.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Very good :)

    How is computer doing?

    ======================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Scanning with MBAM right now. Server is running much better at the moment, but still blocked from updating windows, mse, and turning on the firewall
     
  16. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    We'll get there...
     
  17. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    frank :: WINDOWS-WQH0732 [administrator]
    8/9/2012 3:55:49 PM
    mbam-log-2012-08-09 (15-55-49).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 418853
    Time elapsed: 4 minute(s), 2 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  18. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    OTL logfile created on: 8/9/2012 4:05:45 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\frank\Downloads
    64bit- Server Standard Edition (full installation) (Version = 6.1.7600) - Type = NTServer
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 55.48% Memory free
    11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.10% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 98.13 Gb Total Space | 22.88 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
    Drive D: | 738.97 Gb Total Space | 687.80 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1734.00 Gb Free Space | 93.08% Space Free | Partition Type: NTFS

    Computer Name: WINDOWS-WQH0732 | User Name: frank | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/09 16:05:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe
    PRC - [2012/08/08 12:24:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/27 00:11:38 | 006,034,296 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    PRC - [2012/06/19 00:18:53 | 002,305,912 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
    PRC - [2012/04/04 08:00:39 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
    PRC - [2012/04/04 08:00:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    PRC - [2012/04/04 08:00:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/20 01:32:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/15 12:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
    PRC - [2011/11/15 12:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynTray.exe
    PRC - [2011/11/11 02:29:18 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe
    PRC - [2011/03/08 16:34:04 | 000,016,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Digital Sending Software 4.91\Filesystems\Core\bin\XP-x86\Release\HP.Dss.App.WinService.exe
    PRC - [2011/03/05 21:04:06 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2011/03/05 21:03:02 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    PRC - [2011/03/05 21:03:02 | 000,107,808 | ---- | M] (Intuit) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QuickBooksMessaging.exe
    PRC - [2011/03/05 19:26:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe
    PRC - [2010/03/12 01:22:10 | 000,050,480 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\dbextclr11.exe
    PRC - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe
    PRC - [2009/03/20 04:34:54 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
    PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/08 12:24:36 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/08/02 13:32:35 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    MOD - [2012/07/27 00:11:38 | 000,083,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
    MOD - [2012/06/19 00:18:53 | 000,079,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\Sync\Intuit.IntuitSyncManager.IDSTypes.XmlSerializers.dll
    MOD - [2012/06/14 03:32:16 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
    MOD - [2012/06/14 03:26:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 03:26:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
    MOD - [2012/06/14 03:26:07 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
    MOD - [2012/06/14 03:25:50 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:25:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:25:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
    MOD - [2012/06/14 03:25:19 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
    MOD - [2012/05/12 03:35:07 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll
    MOD - [2012/05/12 03:35:05 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/12 03:35:02 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll
    MOD - [2012/05/12 03:35:01 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
    MOD - [2012/05/12 03:34:30 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
    MOD - [2012/05/12 03:32:51 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 03:32:28 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
    MOD - [2012/05/12 03:32:27 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
    MOD - [2012/05/12 03:32:26 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
    MOD - [2012/05/12 03:31:41 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
    MOD - [2012/05/12 03:31:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
    MOD - [2012/05/12 03:31:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
    MOD - [2012/05/12 03:31:22 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
    MOD - [2012/05/12 03:31:21 | 002,508,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e8dd334aba14a540d9ac95e372564310\System.Data.SqlXml.ni.dll
    MOD - [2012/05/12 03:31:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
    MOD - [2012/05/12 03:31:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
    MOD - [2012/05/12 03:31:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
    MOD - [2012/05/12 03:31:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
    MOD - [2012/04/04 08:00:39 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
    MOD - [2011/08/05 01:17:10 | 000,198,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/25 08:49:02 | 000,024,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.QBInstanceFinder\21.0.0.0__5b3f47ba29970ccb\Interop.QBInstanceFinder.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/03/05 21:03:42 | 000,100,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\ReportBridge.DLL
    MOD - [2011/03/05 21:03:32 | 000,124,704 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
    MOD - [2011/03/05 21:03:30 | 000,020,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
    MOD - [2011/03/05 21:03:28 | 000,069,408 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QB2WPFBridge.dll
    MOD - [2011/03/05 21:03:20 | 000,041,760 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
    MOD - [2011/03/05 21:03:18 | 000,092,448 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
    MOD - [2011/03/05 21:03:18 | 000,068,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL
    MOD - [2011/03/05 21:03:16 | 000,057,120 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\htmlhelper.dll
    MOD - [2011/03/05 21:03:06 | 000,346,400 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
    MOD - [2011/03/05 21:03:06 | 000,268,064 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2011/03/05 21:03:06 | 000,175,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2011/02/22 12:35:52 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2011/02/21 16:54:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Intuit.QuickBooks.XmlDigitalSignature\1.2.0.0__5b3f47ba29970ccb\Intuit.QuickBooks.XmlDigitalSignature.dll
    MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/08/08 21:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Running] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2010/01/25 04:20:28 | 000,017,960 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\sysdown.exe -- (sysdown)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
    SRV:64bit: - [2009/07/13 20:41:19 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lserver.dll -- (TermServLicensing)
    SRV:64bit: - [2009/07/13 20:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 20:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
    SRV:64bit: - [2009/07/13 20:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
    SRV:64bit: - [2009/07/13 20:39:31 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rqs.exe -- (rqs)
    SRV - [2012/08/08 12:24:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/02 13:32:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/01/20 01:32:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/15 12:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
    SRV - [2011/11/11 02:29:18 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe -- (atnthost)
    SRV - [2011/03/11 15:20:26 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- D:\Program Files\Profit Tools\Sybase\SQLA12\Bin64\dbsrv12.exe -- (SQLANYs_ptsrv)
    SRV - [2011/03/08 16:34:04 | 000,016,440 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Digital Sending Software 4.91\Filesystems\Core\bin\XP-x86\Release\HP.Dss.App.WinService.exe -- (HP Digital Sending Software)
    SRV - [2011/03/05 19:26:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB21)
    SRV - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
    SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009/07/13 20:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/14 14:16:03 | 000,242,176 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\G200em.sys -- (G200e)
    DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/09/01 22:18:02 | 000,291,944 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
    DRV:64bit: - [2010/08/31 16:22:48 | 000,163,376 | ---- | M] (ServerEngines Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\be2iscsi.sys -- (be2iscsi)
    DRV:64bit: - [2010/08/06 01:40:44 | 000,646,664 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxcna.sys -- (elxcna)
    DRV:64bit: - [2010/08/02 08:04:30 | 000,405,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (q57nd60a)
    DRV:64bit: - [2010/08/02 08:04:30 | 000,405,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2010/08/02 07:53:42 | 000,089,128 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
    DRV:64bit: - [2010/08/02 07:53:14 | 000,524,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (BXOIS)
    DRV:64bit: - [2010/08/02 07:52:58 | 001,532,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2010/05/28 00:48:00 | 000,223,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpAHCIsr.sys -- (HpAHCIsr)
    DRV:64bit: - [2010/05/17 00:06:36 | 000,078,928 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2010/04/29 21:46:30 | 000,494,632 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2010/04/21 01:45:34 | 000,015,472 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bfad_up.sys -- (bfad_up)
    DRV:64bit: - [2010/04/21 01:45:32 | 001,125,488 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bfad.sys -- (bfad)
    DRV:64bit: - [2010/02/22 02:32:18 | 000,156,776 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpCISSs2.sys -- (HpCISSs2)
    DRV:64bit: - [2009/10/23 06:11:42 | 000,090,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bchtsw64.sys -- (bchtsw64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
    DRV:64bit: - [2009/07/13 18:42:54 | 000,121,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
    DRV:64bit: - [2009/07/13 18:42:47 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
    DRV:64bit: - [2009/06/17 03:43:00 | 000,047,144 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPUSBXSC.SYS -- (HPUSBMSC)
    DRV:64bit: - [2009/06/10 15:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/19 04:59:26 | 000,098,856 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpqmgmt.sys -- (hpqmgmt)
    DRV:64bit: - [2008/07/31 07:04:22 | 000,363,056 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aarahci.sys -- (aarahci)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 18:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Rick\Desktop
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 18 D3 68 88 58 CD 01 [binary data]
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 85 FF 3E 15 70 CD 01 [binary data]
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://skydrive.live.com/
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 54 E0 A3 E2 40 CC 01 [binary data]
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rooms.hp.com: C:\Program Files (x86)\Hewlett-Packard\HP Virutal Rooms Client Launcher Plugin\nphpvrl.dll ( )
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/08 12:22:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 12:24:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 03:23:18 | 000,000,000 | ---D | M]

    [2011/07/06 16:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 09:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\36kk955o.default\extensions
    [2012/04/30 08:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/08 12:24:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/04 08:00:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/08/08 12:24:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/08/08 12:24:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [QLogicSaveSystemInfo] rundll32.exe qlco1006.dll,QLSaveSystemInfo File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKU\S-1-5-21-2322292650-3426999178-766073734-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hs_err_pid5788.log ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} https://timetracking.quickbooks.com/ocx/tts/TimeTrackingV2.ocx (TimeTrackingV2.UserControl1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B50028-C4F6-47FE-A178-5124A2FDB878}: DhcpNameServer = 68.94.156.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A35114-EF36-4060-B305-19D57C618B96}: NameServer = 208.67.222.222,208.67.220.220
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll File not found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/09 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\frank\Desktop\rkill-backup
    [2012/08/09 13:06:52 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.exe
    [2012/08/09 09:04:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\frank\Desktop\dds.com
    [2012/08/09 08:58:43 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/08 16:51:23 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\frank\Desktop\tdsskiller.exe
    [2012/08/08 16:50:44 | 004,727,110 | ---- | C] (Swearware) -- C:\Users\frank\Desktop\ComboFix.exe
    [2012/08/08 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Macromedia
    [2012/08/08 13:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/08/08 13:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/08 13:53:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/08/08 13:52:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/08/08 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Malwarebytes
    [2012/08/08 12:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/08 12:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/08 12:32:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/08 12:23:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/27 11:03:32 | 000,000,000 | ---D | C] -- C:\imagetmp
    [2012/07/25 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\SQL Anywhere 12
    [2012/07/18 13:28:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sybase Central 6.1.0
    [2012/07/18 13:25:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DBISQL 12.0.1
    [2012/07/18 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 12
    [2012/07/18 12:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Documents
    [2012/07/18 12:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profit Tools
    [2012/07/18 12:29:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/07/18 11:06:11 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Citrix
    [2012/07/18 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Deployment
    [2012/07/18 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2012/08/09 15:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/09 15:00:02 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/09 15:00:02 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/09 13:52:33 | 000,165,376 | ---- | M] () -- C:\Users\frank\Desktop\SystemLook_x64.exe
    [2012/08/09 13:39:42 | 005,006,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/09 13:39:42 | 000,856,886 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2012/08/09 13:39:42 | 000,851,644 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2012/08/09 13:39:42 | 000,845,594 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
    [2012/08/09 13:39:42 | 000,808,956 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012/08/09 13:39:42 | 000,762,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/09 13:39:42 | 000,195,538 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2012/08/09 13:39:42 | 000,187,520 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2012/08/09 13:39:42 | 000,183,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012/08/09 13:39:42 | 000,182,856 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
    [2012/08/09 13:39:42 | 000,155,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/09 13:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/09 13:06:52 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.exe
    [2012/08/09 08:50:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\frank\Desktop\dds.com
    [2012/08/09 08:49:54 | 000,302,592 | ---- | M] () -- C:\Users\frank\Desktop\wy82hjq3.exe
    [2012/08/08 19:01:08 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\GG Logistics Corp. 1301105924.job
    [2012/08/08 16:51:31 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\frank\Desktop\tdsskiller.exe
    [2012/08/08 16:50:46 | 004,727,110 | ---- | M] (Swearware) -- C:\Users\frank\Desktop\ComboFix.exe
    [2012/08/08 16:43:42 | 000,881,494 | ---- | M] () -- C:\Users\frank\Desktop\SecurityCheck.exe
    [2012/08/08 14:30:34 | 000,017,668 | ---- | M] () -- C:\Users\frank\TsAllUsr.Dat
    [2012/08/08 14:27:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/08 13:54:58 | 005,074,708 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/08/08 12:32:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/08 12:22:34 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
    [2012/08/08 12:20:08 | 000,000,462 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/08/07 09:16:43 | 000,001,292 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/08/06 18:19:08 | 000,007,607 | ---- | M] () -- C:\Users\frank\AppData\Local\Resmon.ResmonCfg
    [2012/08/02 09:17:42 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut (3).lnk
    [2012/08/02 09:16:48 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut (2).lnk
    [2012/08/02 09:16:36 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut.lnk
    [2012/07/18 13:31:25 | 000,000,166 | ---- | M] () -- C:\Windows\ODBC.INI
    [2012/07/18 12:53:05 | 000,422,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/18 11:06:11 | 000,103,272 | ---- | M] () -- C:\Users\frank\GoToAssistDownloadHelper.exe
    [2012/07/16 14:31:27 | 000,001,292 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/07/16 10:29:58 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat

    ========== Files Created - No Company Name ==========

    [2012/08/09 13:52:33 | 000,165,376 | ---- | C] () -- C:\Users\frank\Desktop\SystemLook_x64.exe
    [2012/08/09 09:04:48 | 000,302,592 | ---- | C] () -- C:\Users\frank\Desktop\wy82hjq3.exe
    [2012/08/08 16:43:33 | 000,881,494 | ---- | C] () -- C:\Users\frank\Desktop\SecurityCheck.exe
    [2012/08/08 14:30:34 | 000,017,668 | ---- | C] () -- C:\Users\frank\TsAllUsr.Dat
    [2012/08/08 13:55:01 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/08/08 12:32:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/08 12:22:34 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
    [2012/08/06 18:19:08 | 000,007,607 | ---- | C] () -- C:\Users\frank\AppData\Local\Resmon.ResmonCfg
    [2012/08/02 09:17:42 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut (3).lnk
    [2012/08/02 09:16:48 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut (2).lnk
    [2012/08/02 09:16:35 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut.lnk
    [2012/07/18 15:02:04 | 000,001,292 | ---- | C] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/07/18 13:27:11 | 000,000,166 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/07/18 11:06:10 | 000,103,272 | ---- | C] () -- C:\Users\frank\GoToAssistDownloadHelper.exe
    [2012/01/26 11:04:23 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2011/07/12 10:26:32 | 000,000,185 | ---- | C] () -- C:\Users\frank\rez1.rez1
    [2011/04/15 12:46:21 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2011/02/23 10:05:05 | 000,000,462 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/02/21 16:54:02 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/02/21 16:48:35 | 005,074,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2012/01/10 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\.minecraft
    [2012/07/25 15:08:27 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\SQL Anywhere 12
    [2012/01/30 17:34:32 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Stamps.com Internet Postage
    [2012/07/18 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\Install\AppData\Roaming\SQL Anywhere 12
    [2012/01/30 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\MaryBeth\AppData\Roaming\Stamps.com Internet Postage
    [2012/07/24 10:29:05 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SQL Anywhere 12
    [2012/01/26 11:08:23 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Stamps.com Internet Postage
    [2012/08/08 19:01:08 | 000,000,402 | -H-- | M] () -- C:\Windows\Tasks\GG Logistics Corp. 1301105924.job
    [2012/08/09 01:20:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  19. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    OTL Extras logfile created on: 8/9/2012 4:05:45 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\frank\Downloads
    64bit- Server Standard Edition (full installation) (Version = 6.1.7600) - Type = NTServer
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 55.48% Memory free
    11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.10% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 98.13 Gb Total Space | 22.88 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
    Drive D: | 738.97 Gb Total Space | 687.80 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1734.00 Gb Free Space | 93.08% Space Free | Partition Type: NTFS

    Computer Name: WINDOWS-WQH0732 | User Name: frank | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "Matrox Graphics Uninstaller" = ServerEngines Pilot/G200e Graphics Driver (remove only)
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR 4.10 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
    "{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
    "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
    "{26518E9D-031C-4BF9-907E-B2A91AEB9096}" = QuickBooks Remote Access
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPDSS)
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3B042CF9-180B-44FB-B4F9-EE800BEE55A6}" = Profit Tools
    "{3D6F2BA2-5B4A-4D1B-AF74-2EF11C089A69}" = IRIS OCR Engine, v12.3.4
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F69AC32-2087-40CD-BFF6-0065159BD0DE}" = HP Digital Sending Software 4.91
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{C0847D30-4B8A-11E0-98C0-80E2DED72085}" = HP Virtual Rooms Client Launcher Plugin
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "DynUpdater" = Dyn Updater
    "KATMLT9904416764428854" = SystemWatch IT
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
    "TRANSFLO Now-_is1" = TRANSFLO Now 2.1

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "StreetSpeed" = StreetSpeed

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "StreetSpeed" = StreetSpeed

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "StreetSpeed" = StreetSpeed

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/5/2012 1:17:11 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/5/2012 1:17:11 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/5/2012 7:49:31 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
    Description =

    Error - 6/5/2012 7:49:31 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
    Description =

    Error - 6/5/2012 7:55:03 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
    Description =

    Error - 6/5/2012 7:55:03 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
    Description =

    Error - 6/6/2012 2:02:04 AM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft-Windows-Backup | ID = 517
    Description = The backup operation that started at '2012-06-06T06:00:24.039973300Z'
    has failed with following error code '2155347997' (%%2155347997). Please review
    the event details for a solution, and then rerun the backup operation once the
    issue is resolved.

    Error - 6/6/2012 12:36:25 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks Pro 2011": DMError Information:-6120Additional
    Info:The maximum number of users allowed to access the company file has already
    been reached

    Error - 6/6/2012 12:36:25 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks Pro 2011": QuickBooks
    has experienced a problem and must be shut dow

    Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    [ System Events ]
    Error - 8/9/2012 2:35:52 PM | Computer Name = WINDOWS-WQH0732 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 8/9/2012 4:02:13 PM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.1638.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
    description: The specified service does not exist as an installed service.

    Error - 8/9/2012 4:26:47 PM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.1638.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
    Current
    Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
    description: The specified service does not exist as an installed service.


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4:64bit: - HKLM..\Run: [QLogicSaveSystemInfo] rundll32.exe qlco1006.dll,QLSaveSystemInfo File not found
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/09 08:58:43 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

    ====================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QLogicSaveSystemInfo deleted successfully.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88}\U folder moved successfully.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88}\L folder moved successfully.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88} folder moved successfully.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\U folder moved successfully.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\L folder moved successfully.
    C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 660696482 bytes
    ->Temporary Internet Files folder emptied: 201451137 bytes
    ->Java cache emptied: 518686 bytes
    ->FireFox cache emptied: 93483211 bytes
    ->Flash cache emptied: 3415 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: frank
    ->Temp folder emptied: 237104488 bytes
    ->Temporary Internet Files folder emptied: 601794630 bytes
    ->Java cache emptied: 5933172 bytes
    ->FireFox cache emptied: 89134144 bytes
    ->Flash cache emptied: 165216 bytes

    User: guest1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 15489455 bytes
    ->Flash cache emptied: 56502 bytes

    User: Install
    ->Temp folder emptied: 330717 bytes
    ->Temporary Internet Files folder emptied: 6918929 bytes
    ->Java cache emptied: 585383 bytes
    ->FireFox cache emptied: 196107644 bytes
    ->Flash cache emptied: 62328 bytes

    User: Jon
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 60254783 bytes
    ->Java cache emptied: 6707251 bytes
    ->FireFox cache emptied: 106871306 bytes
    ->Flash cache emptied: 10243 bytes

    User: MaryBeth
    ->Temp folder emptied: 927104 bytes
    ->Temporary Internet Files folder emptied: 94868886 bytes
    ->Java cache emptied: 6219620 bytes
    ->FireFox cache emptied: 454436033 bytes
    ->Apple Safari cache emptied: 124684288 bytes
    ->Flash cache emptied: 77707 bytes

    User: nick
    ->Temp folder emptied: 117091 bytes
    ->Temporary Internet Files folder emptied: 73311735 bytes
    ->Java cache emptied: 7271421 bytes
    ->FireFox cache emptied: 789194385 bytes
    ->Apple Safari cache emptied: 3612672 bytes
    ->Flash cache emptied: 142032 bytes

    User: Public

    User: QBDataServiceUser20
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: QBDataServiceUser21
    ->Temp folder emptied: 1554432 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Rick
    ->Temp folder emptied: 394013173 bytes
    ->Temporary Internet Files folder emptied: 1650846032 bytes
    ->Java cache emptied: 11840624 bytes
    ->FireFox cache emptied: 69663120 bytes
    ->Flash cache emptied: 506 bytes

    User: TempUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 3825724 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 212911634 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 986547 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60196536 bytes
    RecycleBin emptied: 22016 bytes

    Total Files Cleaned = 5,955.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: frank
    ->Java cache emptied: 0 bytes

    User: guest1

    User: Install
    ->Java cache emptied: 0 bytes

    User: Jon
    ->Java cache emptied: 0 bytes

    User: MaryBeth
    ->Java cache emptied: 0 bytes

    User: nick
    ->Java cache emptied: 0 bytes

    User: Public

    User: QBDataServiceUser20

    User: QBDataServiceUser21

    User: Rick
    ->Java cache emptied: 0 bytes

    User: TempUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: frank
    ->Flash cache emptied: 0 bytes

    User: guest1
    ->Flash cache emptied: 0 bytes

    User: Install
    ->Flash cache emptied: 0 bytes

    User: Jon
    ->Flash cache emptied: 0 bytes

    User: MaryBeth
    ->Flash cache emptied: 0 bytes

    User: nick
    ->Flash cache emptied: 0 bytes

    User: Public

    User: QBDataServiceUser20

    User: QBDataServiceUser21
    ->Flash cache emptied: 0 bytes

    User: Rick
    ->Flash cache emptied: 0 bytes

    User: TempUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08092012_163828
    Files\Folders moved on Reboot...
    C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E8FB688F-755E-4EDC-9398-9C1B04152594}.tmp moved successfully.
    C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2F122681-EE7D-4454-8BA2-73E187C2B910}.tmp moved successfully.
    C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{315F466E-3470-4A27-B325-A81EAEC9F6FD}.tmp moved successfully.
    C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33CD1F5F-8678-4B1A-908E-BDEFDE6319DD}.tmp moved successfully.
    File\Folder C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{372CD393-601C-48FF-8AB1-6D2FECF0792C}.tmp not found!
    C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0S8GWAE\page-3[1].htm moved successfully.
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\Outlook Logging\OPMLog.log not found!
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-PB4S.log not found!
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-UM.log not found!
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PIA283.tmp not found!
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PICEA5.tmp not found!
    File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PIF04B.tmp not found!
    C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B8997AB5-341C-4822-99D2-C1F9C6D02805}.tmp moved successfully.
    File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13962908-9462-4763-8F11-A7127BD84C97}.tmp not found!
    C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{20E59816-4E29-4FBB-956F-F9FAA7E5233B}.tmp moved successfully.
    File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7208E0DE-18B4-4818-AF51-C076FA031E78}.tmp not found!
    C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{844E7177-E1DB-4B19-8A3A-09E8A3B191DC}.tmp moved successfully.
    C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F376211D-2B0D-4B3D-AF0F-6EBB92123367}.tmp moved successfully.
    File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\BF49TDCT\FAX_20120809_1344535365_10.pdf not found!
    File move failed. C:\Windows\temp\WebEx\Log\89\atnthost.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\sqla0000.tmp scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E8FB688F-755E-4EDC-9398-9C1B04152594}.tmp not found!
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2F122681-EE7D-4454-8BA2-73E187C2B910}.tmp not found!
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{315F466E-3470-4A27-B325-A81EAEC9F6FD}.tmp not found!
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33CD1F5F-8678-4B1A-908E-BDEFDE6319DD}.tmp not found!
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{372CD393-601C-48FF-8AB1-6D2FECF0792C}.tmp not found!
    File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0S8GWAE\page-3[1].htm not found!
    File C:\Users\Rick\AppData\Local\Temp\2\Outlook Logging\OPMLog.log not found!
    File C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-PB4S.log not found!
    File C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-UM.log not found!
    File C:\Users\Rick\AppData\Local\Temp\2\~PIA283.tmp not found!
    File C:\Users\Rick\AppData\Local\Temp\2\~PICEA5.tmp not found!
    File C:\Users\Rick\AppData\Local\Temp\2\~PIF04B.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B8997AB5-341C-4822-99D2-C1F9C6D02805}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13962908-9462-4763-8F11-A7127BD84C97}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{20E59816-4E29-4FBB-956F-F9FAA7E5233B}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7208E0DE-18B4-4818-AF51-C076FA031E78}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{844E7177-E1DB-4B19-8A3A-09E8A3B191DC}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F376211D-2B0D-4B3D-AF0F-6EBB92123367}.tmp not found!
    File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\BF49TDCT\FAX_20120809_1344535365_10.pdf not found!
    [2012/08/09 16:55:39 | 000,000,317 | ---- | M] () C:\Windows\temp\WebEx\Log\89\atnthost.log : Unable to obtain MD5
    [2012/08/09 16:55:53 | 000,167,936 | ---- | M] () C:\Windows\temp\sqla0000.tmp : Unable to obtain MD5
    Registry entries deleted on Reboot...
     
  22. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    No notepad opened with security check.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Disable MSE, download fresh copy of Security Check.
     
  24. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Done and done. Still no notepad file opening. While the command prompt is up, it flashes, and I could almost make out what looked "bad command or batch" though I'm not sure.
     
  25. avenged187

    avenged187 TS Rookie Topic Starter Posts: 68

    Farbar Service Scanner Version: 06-08-2012
    Ran by frank (administrator) on 09-08-2012 at 17:04:39
    Running from "C:\Users\frank\Desktop"
    Microsoft Windows Server 2008 R2 Standard (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.

    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    RpcSs Service is not running. Checking service configuration:
    The start type of RpcSs service is OK.
    The ImagePath of RpcSs service is OK.
    The ServiceDll of RpcSs service is OK.

    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

    File Check:
    ========
    ATTENTION!=====> d:\Windows\System32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\dhcpcore.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\wuaueng.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.

    ATTENTION!=====> d:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.

    **** End of log ****
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.