Solved Windows Server 2008, Sirfef.b/y and zeroaccess

[avenged187]

Scan is running, though. It was updated yesterday before the entire server went haywire, and just the start of scanning would crash the system. Not the case now, but still not able to update.

 

[Broni]

ZeroAcces is rather nasty stuff so I'm not surprised you had all kind of issues.

 

[avenged187]

Heh you have no idea. Windows Update, MSE, Firewall access and updating all blocked, Quickbooks crashes, windows wanting to restart ever 60 seconds literally. The fact that this is on Windows 2008 made it harder, because there is a huge lack of tools out there, as you said earlier.

 

[avenged187]

Full Scan up and running. Will run RKill when finished and post results.

 

[Broni]

OK

 

[avenged187]

MSE didn't find any infections. Posting RKill log.

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2012 01:07:35 PM in x64 mode.
Windows Version: Windows Server 2008 R2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\frank\Desktop\rkill-backup\rkill-08-09-2012-01-07-37.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/09/2012 01:07:52 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

 

[avenged187]

Still have no access to the firewall, and cannot update windows or MSE.

 

[avenged187]

error code 0x80070424 on all of them

 

[Broni]

We'll get to it.

For now we still have some ZA leftovers.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :reg
  HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[avenged187]

SystemLook 30.07.11 by jpshortstuff
Log created at 13:52 on 09/08/2012 by frank
Administrator - Elevation successful
========== reg ==========
[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
@="C:\Users\frank\AppData\Local\{72a5a74b-8002-844d-644c-f60ea090ba88}\n."
"ThreadingModel"="Both"

-= EOF =-

 

[Broni]

That key has to be replaced.

Download following registry file: http://www.bleepstatic.com/fhost/uploads/1/inproc.reg
Double click on it and confirm the prompt.
Let me know if successful.
If so, post new System Look log.

 

[avenged187]

SystemLook 30.07.11 by jpshortstuff
Log created at 14:53 on 09/08/2012 by frank
Administrator - Elevation successful
========== reg ==========
[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
@="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"

-= EOF =-

 

[avenged187]

Whatever that regkey was linking to, replacing it allowed several programs that were crashing on startup to open.

 

[Broni]

Very good

How is computer doing?

======================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[avenged187]

Scanning with MBAM right now. Server is running much better at the moment, but still blocked from updating windows, mse, and turning on the firewall

 

[Broni]

We'll get there...

 

[avenged187]

frank :: WINDOWS-WQH0732 [administrator]
8/9/2012 3:55:49 PM
mbam-log-2012-08-09 (15-55-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418853
Time elapsed: 4 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[avenged187]

OTL logfile created on: 8/9/2012 4:05:45 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\frank\Downloads
64bit- Server Standard Edition (full installation) (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 55.48% Memory free
11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.13 Gb Total Space | 22.88 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
Drive D: | 738.97 Gb Total Space | 687.80 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1734.00 Gb Free Space | 93.08% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-WQH0732 | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 16:05:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe
PRC - [2012/08/08 12:24:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 00:11:38 | 006,034,296 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2012/06/19 00:18:53 | 002,305,912 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
PRC - [2012/04/04 08:00:39 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2012/04/04 08:00:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2012/04/04 08:00:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/20 01:32:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/15 12:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
PRC - [2011/11/15 12:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynTray.exe
PRC - [2011/11/11 02:29:18 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe
PRC - [2011/03/08 16:34:04 | 000,016,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Digital Sending Software 4.91\Filesystems\Core\bin\XP-x86\Release\HP.Dss.App.WinService.exe
PRC - [2011/03/05 21:04:06 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/03/05 21:03:02 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2011/03/05 21:03:02 | 000,107,808 | ---- | M] (Intuit) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QuickBooksMessaging.exe
PRC - [2011/03/05 19:26:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe
PRC - [2010/03/12 01:22:10 | 000,050,480 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\dbextclr11.exe
PRC - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/03/20 04:34:54 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/08 12:24:36 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/02 13:32:35 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/27 00:11:38 | 000,083,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2012/06/19 00:18:53 | 000,079,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\Sync\Intuit.IntuitSyncManager.IDSTypes.XmlSerializers.dll
MOD - [2012/06/14 03:32:16 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 03:26:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:26:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
MOD - [2012/06/14 03:26:07 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/14 03:25:50 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/14 03:25:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/14 03:25:19 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/05/12 03:35:07 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll
MOD - [2012/05/12 03:35:05 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 03:35:02 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll
MOD - [2012/05/12 03:35:01 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
MOD - [2012/05/12 03:34:30 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012/05/12 03:32:51 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:32:28 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:32:27 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
MOD - [2012/05/12 03:32:26 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/12 03:31:41 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
MOD - [2012/05/12 03:31:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012/05/12 03:31:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/12 03:31:22 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
MOD - [2012/05/12 03:31:21 | 002,508,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e8dd334aba14a540d9ac95e372564310\System.Data.SqlXml.ni.dll
MOD - [2012/05/12 03:31:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 03:31:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 03:31:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 03:31:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/04 08:00:39 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/08/05 01:17:10 | 000,198,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/25 08:49:02 | 000,024,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.QBInstanceFinder\21.0.0.0__5b3f47ba29970ccb\Interop.QBInstanceFinder.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/05 21:03:42 | 000,100,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\ReportBridge.DLL
MOD - [2011/03/05 21:03:32 | 000,124,704 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2011/03/05 21:03:30 | 000,020,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2011/03/05 21:03:28 | 000,069,408 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QB2WPFBridge.dll
MOD - [2011/03/05 21:03:20 | 000,041,760 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2011/03/05 21:03:18 | 000,092,448 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
MOD - [2011/03/05 21:03:18 | 000,068,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL
MOD - [2011/03/05 21:03:16 | 000,057,120 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\htmlhelper.dll
MOD - [2011/03/05 21:03:06 | 000,346,400 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2011/03/05 21:03:06 | 000,268,064 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/03/05 21:03:06 | 000,175,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/02/22 12:35:52 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/02/21 16:54:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Intuit.QuickBooks.XmlDigitalSignature\1.2.0.0__5b3f47ba29970ccb\Intuit.QuickBooks.XmlDigitalSignature.dll
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/08 21:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Running] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/01/25 04:20:28 | 000,017,960 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\sysdown.exe -- (sysdown)
SRV:64bit: - [2009/07/13 20:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 20:41:19 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lserver.dll -- (TermServLicensing)
SRV:64bit: - [2009/07/13 20:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/13 20:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV:64bit: - [2009/07/13 20:39:31 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rqs.exe -- (rqs)
SRV - [2012/08/08 12:24:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/02 13:32:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/20 01:32:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/15 12:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
SRV - [2011/11/11 02:29:18 | 000,016,776 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe -- (atnthost)
SRV - [2011/03/11 15:20:26 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- D:\Program Files\Profit Tools\Sybase\SQLA12\Bin64\dbsrv12.exe -- (SQLANYs_ptsrv)
SRV - [2011/03/08 16:34:04 | 000,016,440 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Digital Sending Software 4.91\Filesystems\Core\bin\XP-x86\Release\HP.Dss.App.WinService.exe -- (HP Digital Sending Software)
SRV - [2011/03/05 19:26:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 20:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/14 14:16:03 | 000,242,176 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\G200em.sys -- (G200e)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/01 22:18:02 | 000,291,944 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2010/08/31 16:22:48 | 000,163,376 | ---- | M] (ServerEngines Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\be2iscsi.sys -- (be2iscsi)
DRV:64bit: - [2010/08/06 01:40:44 | 000,646,664 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxcna.sys -- (elxcna)
DRV:64bit: - [2010/08/02 08:04:30 | 000,405,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (q57nd60a)
DRV:64bit: - [2010/08/02 08:04:30 | 000,405,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010/08/02 07:53:42 | 000,089,128 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2010/08/02 07:53:14 | 000,524,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (BXOIS)
DRV:64bit: - [2010/08/02 07:52:58 | 001,532,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2010/05/28 00:48:00 | 000,223,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpAHCIsr.sys -- (HpAHCIsr)
DRV:64bit: - [2010/05/17 00:06:36 | 000,078,928 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2010/04/29 21:46:30 | 000,494,632 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2010/04/21 01:45:34 | 000,015,472 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bfad_up.sys -- (bfad_up)
DRV:64bit: - [2010/04/21 01:45:32 | 001,125,488 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bfad.sys -- (bfad)
DRV:64bit: - [2010/02/22 02:32:18 | 000,156,776 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV:64bit: - [2009/10/23 06:11:42 | 000,090,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bchtsw64.sys -- (bchtsw64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/07/13 18:42:54 | 000,121,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2009/07/13 18:42:47 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2009/06/17 03:43:00 | 000,047,144 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPUSBXSC.SYS -- (HPUSBMSC)
DRV:64bit: - [2009/06/10 15:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/19 04:59:26 | 000,098,856 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpqmgmt.sys -- (hpqmgmt)
DRV:64bit: - [2008/07/31 07:04:22 | 000,363,056 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aarahci.sys -- (aarahci)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Rick\Desktop
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 18 D3 68 88 58 CD 01 [binary data]
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 85 FF 3E 15 70 CD 01 [binary data]
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://skydrive.live.com/
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 54 E0 A3 E2 40 CC 01 [binary data]
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2322292650-3426999178-766073734-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rooms.hp.com: C:\Program Files (x86)\Hewlett-Packard\HP Virutal Rooms Client Launcher Plugin\nphpvrl.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/08 12:22:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 12:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 03:23:18 | 000,000,000 | ---D | M]

[2011/07/06 16:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/05/02 09:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\36kk955o.default\extensions
[2012/04/30 08:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/08 12:24:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 08:00:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/08 12:24:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 12:24:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QLogicSaveSystemInfo] rundll32.exe qlco1006.dll,QLSaveSystemInfo File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKU\S-1-5-21-2322292650-3426999178-766073734-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hs_err_pid5788.log ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} https://timetracking.quickbooks.com/ocx/tts/TimeTrackingV2.ocx (TimeTrackingV2.UserControl1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B50028-C4F6-47FE-A178-5124A2FDB878}: DhcpNameServer = 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A35114-EF36-4060-B305-19D57C618B96}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\frank\Desktop\rkill-backup
[2012/08/09 13:06:52 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.exe
[2012/08/09 09:04:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\frank\Desktop\dds.com
[2012/08/09 08:58:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/08 16:51:23 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\frank\Desktop\tdsskiller.exe
[2012/08/08 16:50:44 | 004,727,110 | ---- | C] (Swearware) -- C:\Users\frank\Desktop\ComboFix.exe
[2012/08/08 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Macromedia
[2012/08/08 13:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/08 13:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/08 13:53:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/08 13:52:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/08/08 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Malwarebytes
[2012/08/08 12:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/08 12:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/08 12:32:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 12:23:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/27 11:03:32 | 000,000,000 | ---D | C] -- C:\imagetmp
[2012/07/25 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\SQL Anywhere 12
[2012/07/18 13:28:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sybase Central 6.1.0
[2012/07/18 13:25:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DBISQL 12.0.1
[2012/07/18 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 12
[2012/07/18 12:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Documents
[2012/07/18 12:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profit Tools
[2012/07/18 12:29:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/18 11:06:11 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Citrix
[2012/07/18 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Deployment
[2012/07/18 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2012/08/09 15:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 15:00:02 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 15:00:02 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 13:52:33 | 000,165,376 | ---- | M] () -- C:\Users\frank\Desktop\SystemLook_x64.exe
[2012/08/09 13:39:42 | 005,006,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/09 13:39:42 | 000,856,886 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/08/09 13:39:42 | 000,851,644 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/08/09 13:39:42 | 000,845,594 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/08/09 13:39:42 | 000,808,956 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/09 13:39:42 | 000,762,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/09 13:39:42 | 000,195,538 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/08/09 13:39:42 | 000,187,520 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/08/09 13:39:42 | 000,183,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/09 13:39:42 | 000,182,856 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/08/09 13:39:42 | 000,155,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/09 13:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 13:06:52 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\frank\Desktop\rkill.exe
[2012/08/09 08:50:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\frank\Desktop\dds.com
[2012/08/09 08:49:54 | 000,302,592 | ---- | M] () -- C:\Users\frank\Desktop\wy82hjq3.exe
[2012/08/08 19:01:08 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\GG Logistics Corp. 1301105924.job
[2012/08/08 16:51:31 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\frank\Desktop\tdsskiller.exe
[2012/08/08 16:50:46 | 004,727,110 | ---- | M] (Swearware) -- C:\Users\frank\Desktop\ComboFix.exe
[2012/08/08 16:43:42 | 000,881,494 | ---- | M] () -- C:\Users\frank\Desktop\SecurityCheck.exe
[2012/08/08 14:30:34 | 000,017,668 | ---- | M] () -- C:\Users\frank\TsAllUsr.Dat
[2012/08/08 14:27:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/08 13:54:58 | 005,074,708 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/08 12:32:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 12:22:34 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/08/08 12:20:08 | 000,000,462 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/07 09:16:43 | 000,001,292 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/06 18:19:08 | 000,007,607 | ---- | M] () -- C:\Users\frank\AppData\Local\Resmon.ResmonCfg
[2012/08/02 09:17:42 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut (3).lnk
[2012/08/02 09:16:48 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut (2).lnk
[2012/08/02 09:16:36 | 000,001,041 | ---- | M] () -- C:\Users\frank\Desktop\Documents - Shortcut.lnk
[2012/07/18 13:31:25 | 000,000,166 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/07/18 12:53:05 | 000,422,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 11:06:11 | 000,103,272 | ---- | M] () -- C:\Users\frank\GoToAssistDownloadHelper.exe
[2012/07/16 14:31:27 | 000,001,292 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/16 10:29:58 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat

========== Files Created - No Company Name ==========

[2012/08/09 13:52:33 | 000,165,376 | ---- | C] () -- C:\Users\frank\Desktop\SystemLook_x64.exe
[2012/08/09 09:04:48 | 000,302,592 | ---- | C] () -- C:\Users\frank\Desktop\wy82hjq3.exe
[2012/08/08 16:43:33 | 000,881,494 | ---- | C] () -- C:\Users\frank\Desktop\SecurityCheck.exe
[2012/08/08 14:30:34 | 000,017,668 | ---- | C] () -- C:\Users\frank\TsAllUsr.Dat
[2012/08/08 13:55:01 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 12:32:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 12:22:34 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/08/06 18:19:08 | 000,007,607 | ---- | C] () -- C:\Users\frank\AppData\Local\Resmon.ResmonCfg
[2012/08/02 09:17:42 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut (3).lnk
[2012/08/02 09:16:48 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut (2).lnk
[2012/08/02 09:16:35 | 000,001,041 | ---- | C] () -- C:\Users\frank\Desktop\Documents - Shortcut.lnk
[2012/07/18 15:02:04 | 000,001,292 | ---- | C] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/18 13:27:11 | 000,000,166 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 11:06:10 | 000,103,272 | ---- | C] () -- C:\Users\frank\GoToAssistDownloadHelper.exe
[2012/01/26 11:04:23 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2011/07/12 10:26:32 | 000,000,185 | ---- | C] () -- C:\Users\frank\rez1.rez1
[2011/04/15 12:46:21 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/02/23 10:05:05 | 000,000,462 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/21 16:54:02 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/21 16:48:35 | 005,074,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/01/10 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\.minecraft
[2012/07/25 15:08:27 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\SQL Anywhere 12
[2012/01/30 17:34:32 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Stamps.com Internet Postage
[2012/07/18 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\Install\AppData\Roaming\SQL Anywhere 12
[2012/01/30 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\MaryBeth\AppData\Roaming\Stamps.com Internet Postage
[2012/07/24 10:29:05 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SQL Anywhere 12
[2012/01/26 11:08:23 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Stamps.com Internet Postage
[2012/08/08 19:01:08 | 000,000,402 | -H-- | M] () -- C:\Windows\Tasks\GG Logistics Corp. 1301105924.job
[2012/08/09 01:20:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

[avenged187]

OTL Extras logfile created on: 8/9/2012 4:05:45 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\frank\Downloads
64bit- Server Standard Edition (full installation) (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 55.48% Memory free
11.98 Gb Paging File | 9.00 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.13 Gb Total Space | 22.88 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
Drive D: | 738.97 Gb Total Space | 687.80 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1734.00 Gb Free Space | 93.08% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-WQH0732 | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Matrox Graphics Uninstaller" = ServerEngines Pilot/G200e Graphics Driver (remove only)
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{26518E9D-031C-4BF9-907E-B2A91AEB9096}" = QuickBooks Remote Access
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPDSS)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B042CF9-180B-44FB-B4F9-EE800BEE55A6}" = Profit Tools
"{3D6F2BA2-5B4A-4D1B-AF74-2EF11C089A69}" = IRIS OCR Engine, v12.3.4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F69AC32-2087-40CD-BFF6-0065159BD0DE}" = HP Digital Sending Software 4.91
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{C0847D30-4B8A-11E0-98C0-80E2DED72085}" = HP Virtual Rooms Client Launcher Plugin
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
"{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DynUpdater" = Dyn Updater
"KATMLT9904416764428854" = SystemWatch IT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool
"RealVNC_is1" = VNC Free Edition 4.1.3
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
"Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
"TRANSFLO Now-_is1" = TRANSFLO Now 2.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"StreetSpeed" = StreetSpeed

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StreetSpeed" = StreetSpeed

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2322292650-3426999178-766073734-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StreetSpeed" = StreetSpeed

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2012 1:17:11 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/5/2012 1:17:11 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/5/2012 7:49:31 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
Description =

Error - 6/5/2012 7:49:31 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
Description =

Error - 6/5/2012 7:55:03 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
Description =

Error - 6/5/2012 7:55:03 PM | Computer Name = WINDOWS-WQH0732 | Source = VSS | ID = 8194
Description =

Error - 6/6/2012 2:02:04 AM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2012-06-06T06:00:24.039973300Z'
has failed with following error code '2155347997' (%%2155347997). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 6/6/2012 12:36:25 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": DMError Information:-6120Additional
Info:The maximum number of users allowed to access the company file has already
been reached

Error - 6/6/2012 12:36:25 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": QuickBooks
has experienced a problem and must be shut dow

Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/6/2012 1:00:27 PM | Computer Name = WINDOWS-WQH0732 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 8/9/2012 2:35:52 PM | Computer Name = WINDOWS-WQH0732 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/9/2012 4:02:13 PM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1638.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 8/9/2012 4:26:47 PM | Computer Name = WINDOWS-WQH0732 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1638.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4:64bit: - HKLM..\Run: [QLogicSaveSystemInfo] rundll32.exe qlco1006.dll,QLSaveSystemInfo File not found
  O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/08/09 08:58:43 | 000,000,000 | ---D | C] -- C:\FRST
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

====================================

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[avenged187]

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QLogicSaveSystemInfo deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88}\U folder moved successfully.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88}\L folder moved successfully.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\{72a5a74b-8002-844d-644c-f60ea090ba88} folder moved successfully.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\U folder moved successfully.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88}\L folder moved successfully.
C:\FRST\Quarantine\{72a5a74b-8002-844d-644c-f60ea090ba88} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 660696482 bytes
->Temporary Internet Files folder emptied: 201451137 bytes
->Java cache emptied: 518686 bytes
->FireFox cache emptied: 93483211 bytes
->Flash cache emptied: 3415 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: frank
->Temp folder emptied: 237104488 bytes
->Temporary Internet Files folder emptied: 601794630 bytes
->Java cache emptied: 5933172 bytes
->FireFox cache emptied: 89134144 bytes
->Flash cache emptied: 165216 bytes

User: guest1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 15489455 bytes
->Flash cache emptied: 56502 bytes

User: Install
->Temp folder emptied: 330717 bytes
->Temporary Internet Files folder emptied: 6918929 bytes
->Java cache emptied: 585383 bytes
->FireFox cache emptied: 196107644 bytes
->Flash cache emptied: 62328 bytes

User: Jon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 60254783 bytes
->Java cache emptied: 6707251 bytes
->FireFox cache emptied: 106871306 bytes
->Flash cache emptied: 10243 bytes

User: MaryBeth
->Temp folder emptied: 927104 bytes
->Temporary Internet Files folder emptied: 94868886 bytes
->Java cache emptied: 6219620 bytes
->FireFox cache emptied: 454436033 bytes
->Apple Safari cache emptied: 124684288 bytes
->Flash cache emptied: 77707 bytes

User: nick
->Temp folder emptied: 117091 bytes
->Temporary Internet Files folder emptied: 73311735 bytes
->Java cache emptied: 7271421 bytes
->FireFox cache emptied: 789194385 bytes
->Apple Safari cache emptied: 3612672 bytes
->Flash cache emptied: 142032 bytes

User: Public

User: QBDataServiceUser20
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: QBDataServiceUser21
->Temp folder emptied: 1554432 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Rick
->Temp folder emptied: 394013173 bytes
->Temporary Internet Files folder emptied: 1650846032 bytes
->Java cache emptied: 11840624 bytes
->FireFox cache emptied: 69663120 bytes
->Flash cache emptied: 506 bytes

User: TempUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3825724 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 212911634 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 986547 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60196536 bytes
RecycleBin emptied: 22016 bytes

Total Files Cleaned = 5,955.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: frank
->Java cache emptied: 0 bytes

User: guest1

User: Install
->Java cache emptied: 0 bytes

User: Jon
->Java cache emptied: 0 bytes

User: MaryBeth
->Java cache emptied: 0 bytes

User: nick
->Java cache emptied: 0 bytes

User: Public

User: QBDataServiceUser20

User: QBDataServiceUser21

User: Rick
->Java cache emptied: 0 bytes

User: TempUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: frank
->Flash cache emptied: 0 bytes

User: guest1
->Flash cache emptied: 0 bytes

User: Install
->Flash cache emptied: 0 bytes

User: Jon
->Flash cache emptied: 0 bytes

User: MaryBeth
->Flash cache emptied: 0 bytes

User: nick
->Flash cache emptied: 0 bytes

User: Public

User: QBDataServiceUser20

User: QBDataServiceUser21
->Flash cache emptied: 0 bytes

User: Rick
->Flash cache emptied: 0 bytes

User: TempUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08092012_163828
Files\Folders moved on Reboot...
C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E8FB688F-755E-4EDC-9398-9C1B04152594}.tmp moved successfully.
C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2F122681-EE7D-4454-8BA2-73E187C2B910}.tmp moved successfully.
C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{315F466E-3470-4A27-B325-A81EAEC9F6FD}.tmp moved successfully.
C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33CD1F5F-8678-4B1A-908E-BDEFDE6319DD}.tmp moved successfully.
File\Folder C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{372CD393-601C-48FF-8AB1-6D2FECF0792C}.tmp not found!
C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0S8GWAE\page-3[1].htm moved successfully.
File\Folder C:\Users\Rick\AppData\Local\Temp\2\Outlook Logging\OPMLog.log not found!
File\Folder C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-PB4S.log not found!
File\Folder C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-UM.log not found!
File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PIA283.tmp not found!
File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PICEA5.tmp not found!
File\Folder C:\Users\Rick\AppData\Local\Temp\2\~PIF04B.tmp not found!
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B8997AB5-341C-4822-99D2-C1F9C6D02805}.tmp moved successfully.
File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13962908-9462-4763-8F11-A7127BD84C97}.tmp not found!
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{20E59816-4E29-4FBB-956F-F9FAA7E5233B}.tmp moved successfully.
File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7208E0DE-18B4-4818-AF51-C076FA031E78}.tmp not found!
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{844E7177-E1DB-4B19-8A3A-09E8A3B191DC}.tmp moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F376211D-2B0D-4B3D-AF0F-6EBB92123367}.tmp moved successfully.
File\Folder C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\BF49TDCT\FAX_20120809_1344535365_10.pdf not found!
File move failed. C:\Windows\temp\WebEx\Log\89\atnthost.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\sqla0000.tmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E8FB688F-755E-4EDC-9398-9C1B04152594}.tmp not found!
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2F122681-EE7D-4454-8BA2-73E187C2B910}.tmp not found!
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{315F466E-3470-4A27-B325-A81EAEC9F6FD}.tmp not found!
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33CD1F5F-8678-4B1A-908E-BDEFDE6319DD}.tmp not found!
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{372CD393-601C-48FF-8AB1-6D2FECF0792C}.tmp not found!
File C:\Users\frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0S8GWAE\page-3[1].htm not found!
File C:\Users\Rick\AppData\Local\Temp\2\Outlook Logging\OPMLog.log not found!
File C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-PB4S.log not found!
File C:\Users\Rick\AppData\Local\Temp\2\olkas\20120809-UM.log not found!
File C:\Users\Rick\AppData\Local\Temp\2\~PIA283.tmp not found!
File C:\Users\Rick\AppData\Local\Temp\2\~PICEA5.tmp not found!
File C:\Users\Rick\AppData\Local\Temp\2\~PIF04B.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B8997AB5-341C-4822-99D2-C1F9C6D02805}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13962908-9462-4763-8F11-A7127BD84C97}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{20E59816-4E29-4FBB-956F-F9FAA7E5233B}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7208E0DE-18B4-4818-AF51-C076FA031E78}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{844E7177-E1DB-4B19-8A3A-09E8A3B191DC}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F376211D-2B0D-4B3D-AF0F-6EBB92123367}.tmp not found!
File C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\BF49TDCT\FAX_20120809_1344535365_10.pdf not found!
[2012/08/09 16:55:39 | 000,000,317 | ---- | M] () C:\Windows\temp\WebEx\Log\89\atnthost.log : Unable to obtain MD5
[2012/08/09 16:55:53 | 000,167,936 | ---- | M] () C:\Windows\temp\sqla0000.tmp : Unable to obtain MD5
Registry entries deleted on Reboot...

 

[avenged187]

No notepad opened with security check.

 

[Broni]

Disable MSE, download fresh copy of Security Check.

 

[avenged187]

Done and done. Still no notepad file opening. While the command prompt is up, it flashes, and I could almost make out what looked "bad command or batch" though I'm not sure.

 

[avenged187]

Farbar Service Scanner Version: 06-08-2012
Ran by frank (administrator) on 09-08-2012 at 17:04:39
Running from "C:\Users\frank\Desktop"
Microsoft Windows Server 2008 R2 Standard (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
The ServiceDll of RpcSs service is OK.

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

File Check:
========
ATTENTION!=====> d:\Windows\System32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\dhcpcore.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\wuaueng.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> d:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.

**** End of log ****