Jump to content

Browser results redirected


Recommended Posts

This is the first I have ever posted such a question in this type of forum so please be patient with my ignorance.

I have a Windows 7 Ultimate, 64 bit PC with IE 8 as the default browser but also have Safari installed as well. No Firefox. The problems I'm listing below happen with IE but not with Safari.

Each search I do (doesn't have to be Google, Bing and Yahoo do the same thing). The results come back just fine but when I click on one of the results I am redireced to what appears to be the results of the search performed on a different search engine. Often times just an IP address but sometimes is Scour.com.

I've scanned the machine with MalWareBytes, Hitman, Spyware Hunter, Spyware Doctor, Norton Power Eraser and found nothing more then a few basically harmless pieces of malware. I've also run TDSS Killer; nothing. I've made sure DNS is okay and checked that the hosts file was not tampered with as well. At this point I don't know what else to try or look at.

I have tried to upload my hijackthis.log file but I keep getting an error "The server returned an error during upload".

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:10:16 PM, on 8/16/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe

C:\Program Files (x86)\Remind-Me\RemindMe.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120803030739.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

O4 - HKLM\..\Run: [RDPClip] C:\Windows\system32\rdpclip.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [GoToAssist Express Expert] "C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe" "/Trigger RunAtLogon"

O4 - Startup: RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe

O4 - Startup: SalesLogix Desktop Manager.lnk = C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {C16B6BCB-ABFC-4507-9486-5F6A2DC6D93F} - C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\sagegears.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: *.sagenorthamerica.com

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - Trusted IP range: http://208.99.245.150

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O16 - DPF: toolboxOI - http://it.toolbox.co...e/toolboxOI.CAB

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} (UniPrintCab Control) - https://www.rightnet...ntclient408.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab

O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - https://msft2.busine...bComponents.cab

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://208.5.237.2/...LL/extender.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.we...nt/ieatgpc1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = spinneybeck.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = spinneybeck.com

O17 - HKLM\System\CS2\Services\Tcpip\..\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = spinneybeck.com

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: APC Data Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RDPSSW32 - Unknown owner - C:\Windows\System32\RDPSSW32.EXE (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: SalesLogix System Service (SalesLogix System) - Sage Software, Inc. - C:\Program Files (x86)\SalesLogix\SLXSystem.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18692 bytes

Link to post
Share on other sites

Please stop self-medicating. Do NOT run any further tools on your own :excl:

Step 1

Open Internet Explorer (only!) to http://support.microsoft.com/kb/923737 [ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.

Note=> For optimal results, check the Delete personal settings option.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 4

Download DDS and save it to your desktop from http://www.techsuppo...ctools/sUBs/dds here

or http://download.blee...om/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Edited by Maurice Naggar
Link to post
Share on other sites

Ok - I ran everything as instructed.

Here's DDS.TXT

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1

Run by twestfall at 9:22:18 on 2012-08-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2347 [GMT -4:00]

.

AV: McAfee® Security-as-a-Service *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee® Security-as-a-Service *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SALESLOGIX\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Program Files (x86)\SalesLogix\SLXSystem.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\RealVNC\VNC4\winvnc4.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWoW64\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Remind-Me\RemindMe.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\spool\DRIVERS\x64\3\hpmup094.bin

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Gadwin PrintScreen 3.5] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

uRun: [GoToAssist Express Expert] "C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" "/Trigger RunAtLogon"

uRun: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [GoToAssist Remote Support Expert] "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe" "/Trigger RunAtLogon"

mRun: [<NO NAME>]

mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

mRun: [RDPClip] C:\Windows\system32\rdpclip.exe

StartupFolder: C:\Users\TWESTF~1.SPI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RemindMe.lnk - C:\Program Files (x86)\Remind-Me\RemindMe.exe

StartupFolder: C:\Users\TWESTF~1.SPI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SALESL~1.LNK - C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: sagenorthamerica.com

Trusted Zone: sharepoint.com\spinneybeck1

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: toolboxOI - hxxp://it.toolbox.com/home/toolboxOI.CAB

DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} - hxxps://www.rightnetworks.com/tsweb/uniprintclient408.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://msft2.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab

DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://208.5.237.2/SNX/CSHELL/extender.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E} : NameServer = 192.168.3.30,192.168.3.9

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [(Default)]

mRun-x64: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun-x64: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

mRun-x64: [RDPClip] C:\Windows\system32\rdpclip.exe

IE-X64: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 BeTwinSystem;BeTwinSystem;C:\Windows\system32\Drivers\BeTwinSystemVS.sys --> C:\Windows\system32\Drivers\BeTwinSystemVS.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-10-27 134456]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-22 199272]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-4-28 2060192]

R2 MSSQL$SALESLOGIX;SQL Server (SALESLOGIX);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SALESLOGIX\MSSQL\Binn\sqlservr.exe [2010-4-3 42884448]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-3-22 291360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-21 2214504]

R2 osubsvc;Microsoft Office 2010 Subscription Agent;C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe [2011-11-16 493384]

R2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-3-22 291360]

R2 SalesLogix System;SalesLogix System Service;C:\Program Files (x86)\SalesLogix\SLXSystem.exe [2012-1-4 385024]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]

R2 SWAGENT;SonicWALL Agent Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe [2012-3-22 194152]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RDPSSW32;RDPSSW32;C:\Windows\System32\RDPSSW32.EXE --> C:\Windows\System32\RDPSSW32.EXE [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S3 BeTwinProxy;BeTwin Terminal Services Proxy;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 20992]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SALESLOGIX;SQL Server Agent (SALESLOGIX);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SALESLOGIX\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 367456]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-08-16 15:07:09 -------- d-----w- C:\Users\twestfall.SPINNEYBECK\AppData\Local\NPE

2012-08-16 15:07:09 -------- d-----w- C:\ProgramData\Norton

2012-08-16 14:56:55 -------- d-----w- C:\Program Files\Enigma Software Group

2012-08-16 14:56:20 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-16 14:56:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-08-16 14:04:33 -------- d-----w- C:\ProgramData\HitmanPro

2012-08-16 13:46:15 -------- d-----w- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Threat Expert

2012-08-16 13:33:08 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-08-16 13:23:57 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-08-16 13:23:57 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-08-16 13:23:40 -------- d-----w- C:\ProgramData\PC Tools

2012-08-16 13:23:39 -------- d-----w- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

2012-08-15 20:37:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-08-15 20:37:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-08-15 03:04:08 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-08-14 23:03:07 264 ----a-w- C:\Windows\SysWow64\winsusrm.dll

2012-08-14 23:03:07 120 ----a-w- C:\Windows\SysWow64\winsusrx.dll

2012-08-14 23:03:07 -------- d-----w- C:\ProgramData\ThinSoft

2012-08-13 18:05:00 -------- d-----w- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-07-22 06:21:31 67584 ----a-w- C:\Windows\System32\Rdpssw32.exe

2012-07-22 06:21:31 46664 ----a-w- C:\Windows\System32\BeTwinScreenSaver.exe

2012-07-22 06:21:31 35640 ----a-w- C:\Windows\System32\drivers\BeTwinMF.sys

2012-07-22 06:21:31 35512 ----a-w- C:\Windows\System32\drivers\BeTwinKF.sys

2012-07-22 06:21:31 24120 ----a-w- C:\Windows\System32\drivers\BeTwinVF.sys

2012-07-22 06:21:31 22600 ----a-w- C:\Windows\System32\drivers\BeTwinSystemVS.sys

2012-07-22 06:21:30 249856 ----a-w- C:\Windows\System32\Slsapi.dll

2012-07-22 06:21:30 214080 ----a-w- C:\Windows\System32\BeTwinProxyVS.dll

2012-07-22 06:21:30 16696 ----a-w- C:\Windows\System32\BeTwinDD.dll

2012-07-22 06:21:30 151552 ----a-w- C:\Windows\System32\SlsApiEx.dll

.

==================== Find3M ====================

.

2012-08-15 19:00:25 60304 ----a-w- C:\Users\twestfall.SPINNEYBECK\g2mdlhlpx.exe

2012-08-15 03:04:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 03:04:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-27 18:52:24 103272 ----a-w- C:\Users\twestfall.SPINNEYBECK\GoToAssistDownloadHelper.exe

.

============= FINISH: 9:23:47.23 ===============

Here's Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 5/25/2011 11:24:30 AM

System Uptime: 8/16/2012 4:00:48 PM (17 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7P55 LX

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | LGA1156 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 337.058 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is NetworkDisk (NTFS) - 250 GiB total, 46.031 GiB free.

M: is NetworkDisk (NTFS) - 250 GiB total, 46.031 GiB free.

N: is NetworkDisk (NTFS) - 50 GiB total, 11.758 GiB free.

O: is NetworkDisk (NTFS) - 250 GiB total, 46.031 GiB free.

P: is NetworkDisk (NTFS) - 50 GiB total, 11.758 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP145: 8/14/2012 7:43:52 PM - Scheduled Checkpoint

RP147: 8/16/2012 10:32:20 AM - Removed service pack backup files

RP148: 8/16/2012 10:56:26 AM - Installed SpyHunter

RP149: 8/16/2012 11:37:59 AM - Norton_Power_Eraser_20120816113755992

RP150: 8/16/2012 1:35:51 PM - Norton_Power_Eraser_20120816133546936

RP151: 8/16/2012 2:49:14 PM - Removed SpyHunter

RP152: 8/17/2012 9:11:00 AM - Installed Microsoft Fix it 50195

RP153: 8/17/2012 9:16:10 AM - Installed Microsoft Fix it 50195

.

==== Installed Programs ======================

.

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat 8 Professional

Adobe Acrobat 8.1.5 - CPSID_49013

Adobe Acrobat 8.1.5 Professional

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Connect Add-in

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe SVG Viewer

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server {ko_KR}

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

APC PowerChute Personal Edition 3.0

Apple Application Support

Apple Software Update

CaddieSync Express 1.2.9

Chilkat Mail ActiveX

Cisco Unified Presenter Add-in 6x5

Cisco WebEx Meetings

Crystal Reports for Visual Studio

Crystal Reports XI Release 2

CSDiff

D3DX10

Dotfuscator Software Services - Community Edition

ERUNT 1.1j

Gadwin PrintScreen

GoToAssist Expert 1.6.0.430

GoToMeeting 5.2.0.952

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

iMapBuilder Interactive Flash Map Builder v4.20 (Professional P

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Browser Protection Service

McAfee SiteAdvisor Enterprise Plus

McAfee Virus and Spyware Protection Service

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office Subscription (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Professional Plus Subscription 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft OLE DB Provider for Visual FoxPro

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SOAP Toolkit 3.0

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual F# 2.0 Runtime

Microsoft Visual FoxPro 9.0 Professional - English

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Professional - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio Macro Tools

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PCLReader

PDF Settings

QuickTime

Remind-Me

Safari

Sage SalesLogix Desktop Integration Module

SalesLogix Admin Tools and Servers

SalesLogix Network Client

SalesLogix OLE DB Provider

SAP Crystal Reports, version for Visual Studio 2010

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

SendBlaster 2

SkyHawke CP210x USB to UART Bridge (Driver Removal)

SoftTime Diamond Edition

SQL Server 2008 R2 Common Files

SQL Server 2008 R2 Database Engine Services

SQL Server 2008 R2 Database Engine Shared

Sql Server Customer Experience Improvement Program

UniPrint Client 4.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Visual C++ 8.0 x64 Runtime Setup Package

Visual C++ 8.0 x86 Runtime Setup Package

Visual FoxPro 9.0 Baseline - English

Visual FoxPro 9.0 Professional - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

WCF RIA Services V1.0 SP1

WebLog Expert 7.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

8/16/2012 9:47:43 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

8/16/2012 9:35:32 AM, Error: PCTCore [280] -

8/16/2012 4:01:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RDPSSW32 service to connect.

8/16/2012 4:01:33 PM, Error: Service Control Manager [7000] - The RDPSSW32 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/16/2012 4:01:26 PM, Error: Service Control Manager [7000] - The Ati External Event Utility service failed to start due to the following error: The system cannot find the file specified.

8/15/2012 1:18:57 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 127.0.0.1.

8/15/2012 1:18:57 PM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

8/14/2012 7:06:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Direct CVS Service service to connect.

8/14/2012 7:06:55 PM, Error: Service Control Manager [7000] - The Adobe Direct CVS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/14/2012 7:02:47 PM, Error: Service Control Manager [7030] - The Adobe Direct CVS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/13/2012 2:42:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/13/2012 2:32:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/13/2012 2:32:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/13/2012 2:32:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/13/2012 2:31:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/13/2012 2:30:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

8/11/2012 10:18:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee McShield service, but this action failed with the following error: An instance of the service is already running.

8/11/2012 10:17:58 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

8/10/2012 5:20:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

8/10/2012 12:34:08 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

8/10/2012 12:34:08 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

And here's RKreport

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: twestfall [Admin rights]

Mode: Scan -- Date: 08/17/2012 09:28:53

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] SalesLogix Desktop Manager.lnk @twestfall.SPINNEYBECK : C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 ATA Device +++++

--- User ---

[MBR] f736515531cb3f6b606420e22a9facea

[bSP] 612e1f9de8a4bde2d32ff0c5d36ae543 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Hello twesfall,

Using IE (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Now do a careful test with Internet Explorer, and tell me the result.

Link to post
Share on other sites

IF this is not your pc, or, if this is a pc belonging to an organization or company, let me know.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Okay here's the files you requested.

OTL.TXT

OTL logfile created on: 8/17/2012 12:16:09 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\twestfall.SPINNEYBECK\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 64.94% Memory free

7.98 Gb Paging File | 6.08 Gb Available in Paging File | 76.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 336.59 Gb Free Space | 72.28% Space Free | Partition Type: NTFS

Drive E: | 2.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive M: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive N: | 49.90 Gb Total Space | 11.75 Gb Free Space | 23.54% Space Free | Partition Type: NTFS

Drive O: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive P: | 49.90 Gb Total Space | 11.75 Gb Free Space | 23.54% Space Free | Partition Type: NTFS

Computer Name: MISTWW72 | User Name: twestfall | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/20 12:06:30 | 000,194,152 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe

PRC - [2012/07/20 12:06:00 | 000,476,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe

PRC - [2012/07/20 11:59:48 | 000,291,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

PRC - [2012/05/16 16:02:34 | 012,098,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe

PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

PRC - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/08 18:23:28 | 002,371,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

PRC - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe

PRC - [2011/06/08 07:54:00 | 000,605,264 | ---- | M] (Sage Software, Inc.) -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

PRC - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

PRC - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2010/09/14 16:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2010/07/06 12:51:26 | 000,672,624 | ---- | M] (Beiley Software Inc.) -- C:\Program Files (x86)\Remind-Me\RemindMe.exe

PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2006/07/08 04:57:52 | 001,101,824 | ---- | M] (Gadwin Systems, Inc.) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 22:30:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/27 22:05:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/10 09:20:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 09:20:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/02/08 18:23:28 | 000,163,704 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll

MOD - [2012/02/08 18:18:28 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll

MOD - [2012/02/08 18:18:16 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/09/23 10:52:52 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll

MOD - [2010/09/13 01:12:38 | 000,744,448 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll

MOD - [2010/09/12 22:16:14 | 002,173,952 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll

MOD - [2010/09/12 21:30:18 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll

MOD - [2010/09/12 20:55:26 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll

MOD - [2010/09/12 20:51:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll

MOD - [2009/06/22 22:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll

MOD - [2009/01/10 14:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/22 02:21:32 | 000,214,080 | ---- | M] (ThinSoft Pte Ltd.) [On_Demand | Stopped] -- C:\Windows\SysNative\BeTwinProxyVS.dll -- (BeTwinProxy)

SRV:64bit: - [2012/07/22 02:21:32 | 000,067,584 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Rdpssw32.exe -- (RDPSSW32)

SRV:64bit: - [2012/02/22 08:25:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/02/13 16:09:34 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/02/04 22:36:56 | 002,360,048 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/08/14 23:04:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/20 12:06:30 | 000,194,152 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe -- (SWAGENT)

SRV - [2012/07/20 11:59:48 | 000,291,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)

SRV - [2012/07/20 11:59:48 | 000,291,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)

SRV - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe -- (SalesLogix System)

SRV - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)

SRV - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/07/22 02:21:32 | 000,022,600 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys -- (BeTwinSystem)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 08:25:30 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 08:25:30 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 08:25:30 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 08:25:30 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 08:25:30 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 08:25:30 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/05/25 03:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/04 22:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)

DRV:64bit: - [2011/01/27 20:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2011/01/27 20:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 76 C0 8E 8E 7C CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2012/03/22 10:28:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/08/10 09:51:42 | 000,000,000 | ---D | M]

[2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/08/16 16:30:11 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)

O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)

O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [RDPClip] C:\Windows\system32\rdpclip.exe File not found

O4 - HKCU..\Run: [Gadwin PrintScreen 3.5] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - Startup: C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)

O4 - Startup: C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SalesLogix Desktop Manager.lnk = C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe (Sage Software, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Value error. File not found

O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: sagenorthamerica.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sharepoint.com ([spinneybeck1] https in Trusted sites)

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} https://www.rightnetworks.com/tsweb/uniprintclient408.cab (UniPrintCab Control)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} https://msft2.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab (Reg Error: Key error.)

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://208.5.237.2/SNX/CSHELL/extender.cab (SlimClient Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: toolboxOI http://it.toolbox.com/home/toolboxOI.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/13 12:26:23 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{e1fadf02-86f9-11e0-9ecb-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{e1fadf02-86f9-11e0-9ecb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008/09/13 16:43:51 | 000,132,376 | R--- | M] (Macrovision Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 12:15:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 09:27:29 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\RK_Quarantine

[2012/08/17 09:21:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/08/17 09:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/08/17 09:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/08/16 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\backups

[2012/08/16 15:53:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\NPE

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/08/16 10:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/08/16 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/08/16 10:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/08/16 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Threat Expert

[2012/08/16 09:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2012/08/16 09:23:57 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2012/08/16 09:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/08/16 09:23:39 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/08/14 23:04:08 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/08/14 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ThinSoft

[2012/08/13 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

[2012/07/22 02:21:31 | 000,046,664 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinScreenSaver.exe

[2012/07/22 02:21:31 | 000,035,640 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinMF.sys

[2012/07/22 02:21:31 | 000,035,512 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinKF.sys

[2012/07/22 02:21:31 | 000,024,120 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinVF.sys

[2012/07/22 02:21:31 | 000,022,600 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys

[2012/07/22 02:21:30 | 000,249,856 | ---- | C] (Acudata) -- C:\Windows\SysNative\Slsapi.dll

[2012/07/22 02:21:30 | 000,214,080 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinProxyVS.dll

[2012/07/22 02:21:30 | 000,151,552 | ---- | C] (Acudata Limited) -- C:\Windows\SysNative\SlsApiEx.dll

[2012/07/22 02:21:30 | 000,016,696 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinDD.dll

[2012/07/18 18:00:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX Tools

[2011/09/12 16:16:53 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\twestfall.SPINNEYBECK\gotomypc_626.exe

[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[106 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 12:16:56 | 000,881,521 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 12:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/17 11:41:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 11:41:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 11:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/17 11:33:43 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 09:26:08 | 001,558,528 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:21:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:17:36 | 000,000,924 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 16:58:02 | 000,197,596 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/08/16 16:30:11 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/16 16:05:00 | 000,002,423 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting Quick Connect.lnk

[2012/08/16 16:05:00 | 000,001,365 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/08/16 12:33:34 | 000,002,006 | -H-- | M] () -- C:\Users\twestfall.SPINNEYBECK\Documents\Default.rdp

[2012/08/16 12:09:51 | 000,001,456 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToAssist Expert.lnk

[2012/08/16 09:24:31 | 001,943,895 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/15 16:15:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/15 15:00:25 | 000,060,304 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\g2mdlhlpx.exe

[2012/08/14 23:04:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/14 23:04:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/14 23:04:08 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/08/14 19:09:38 | 000,000,192 | ---- | M] () -- C:\Windows\SysWow64\svc2dll.dat

[2012/08/14 19:03:07 | 000,000,264 | ---- | M] () -- C:\Windows\SysWow64\winsusrm.dll

[2012/08/14 19:03:07 | 000,000,120 | ---- | M] () -- C:\Windows\SysWow64\winsusrx.dll

[2012/08/13 15:10:42 | 000,980,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/13 15:10:42 | 000,802,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/13 15:10:42 | 000,175,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/13 13:23:00 | 000,093,983 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 16:14:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 15:38:30 | 000,375,964 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/08/09 18:04:58 | 000,519,300 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Quotation Updates.sxb

[2012/08/01 18:59:05 | 002,376,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/25 17:48:59 | 000,129,917 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Account Details.sxb

[2012/07/22 02:21:32 | 000,249,856 | ---- | M] (Acudata) -- C:\Windows\SysNative\Slsapi.dll

[2012/07/22 02:21:32 | 000,214,080 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinProxyVS.dll

[2012/07/22 02:21:32 | 000,151,552 | ---- | M] (Acudata Limited) -- C:\Windows\SysNative\SlsApiEx.dll

[2012/07/22 02:21:32 | 000,067,584 | ---- | M] () -- C:\Windows\SysNative\Rdpssw32.exe

[2012/07/22 02:21:32 | 000,046,664 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinScreenSaver.exe

[2012/07/22 02:21:32 | 000,035,640 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinMF.sys

[2012/07/22 02:21:32 | 000,035,512 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinKF.sys

[2012/07/22 02:21:32 | 000,024,120 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinVF.sys

[2012/07/22 02:21:32 | 000,022,600 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys

[2012/07/22 02:21:32 | 000,016,696 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinDD.dll

[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[106 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 12:17:10 | 000,881,521 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 09:26:03 | 001,558,528 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:17:36 | 000,000,924 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 09:24:01 | 001,943,895 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/14 19:03:13 | 000,000,192 | ---- | C] () -- C:\Windows\SysWow64\svc2dll.dat

[2012/08/14 19:03:07 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\winsusrm.dll

[2012/08/14 19:03:07 | 000,000,120 | ---- | C] () -- C:\Windows\SysWow64\winsusrx.dll

[2012/08/13 13:22:59 | 000,093,983 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 15:38:29 | 000,375,964 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/07/30 11:15:07 | 000,001,365 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/07/25 17:48:58 | 000,129,917 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Account Details.sxb

[2012/07/22 02:21:31 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\Rdpssw32.exe

[2012/07/20 18:15:21 | 000,519,300 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Quotation Updates.sxb

[2012/06/27 14:52:24 | 000,103,272 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\GoToAssistDownloadHelper.exe

[2012/06/21 13:13:43 | 000,004,134 | ---- | C] () -- C:\ProgramData\xmohfmvs.ugv

[2012/06/05 12:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\CSDiff.INI

[2012/06/05 11:06:15 | 000,154,576 | ---- | C] () -- C:\Windows\SysWow64\dbclient.dll

[2012/03/05 16:26:46 | 000,000,711 | ---- | C] () -- C:\Windows\GATOR32.INI

[2012/03/05 11:41:53 | 000,000,300 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/10/28 10:49:58 | 000,005,632 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/15 12:48:02 | 000,197,596 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/09/12 10:54:17 | 000,001,832 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\SLC_twestfall.prx

[2011/07/07 14:00:33 | 000,060,304 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\g2mdlhlpx.exe

[2011/06/02 18:04:35 | 000,110,968 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\g2ax_expert_downloadhelper_win32_x86.exe

[2011/06/02 10:15:42 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2011/05/27 11:14:18 | 000,000,600 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\PUTTY.RND

[2011/05/26 10:22:04 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

[2011/05/26 10:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011/05/25 17:27:48 | 000,002,504 | RHS- | C] () -- C:\Users\twestfall.SPINNEYBECK\ntuser.pol

[2011/05/25 17:26:07 | 000,013,302 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/25 16:14:25 | 001,002,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/25 14:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/08/13 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

[2011/05/26 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\iMapBuilder

[2012/05/10 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Remind-Me

[2012/07/18 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\SalesLogix

[2012/05/10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\SendBlaster2

[2012/08/16 09:23:39 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

[2012/01/09 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\UniPrint

[2012/02/01 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\webex

[2009/07/14 01:08:49 | 000,025,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 8/17/2012 12:16:09 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\twestfall.SPINNEYBECK\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 64.94% Memory free

7.98 Gb Paging File | 6.08 Gb Available in Paging File | 76.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 336.59 Gb Free Space | 72.28% Space Free | Partition Type: NTFS

Drive E: | 2.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive M: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive N: | 49.90 Gb Total Space | 11.75 Gb Free Space | 23.54% Space Free | Partition Type: NTFS

Drive O: | 249.90 Gb Total Space | 46.01 Gb Free Space | 18.41% Space Free | Partition Type: NTFS

Drive P: | 49.90 Gb Total Space | 11.75 Gb Free Space | 23.54% Space Free | Partition Type: NTFS

Computer Name: MISTWW72 | User Name: twestfall | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"RemoteAddresses" = 192.168.3.215

"Enabled" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"RemoteAddresses" = 192.168.3.215

"Enabled" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"RemoteAddresses" = 192.168.3.215

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"RemoteAddresses" = 192.168.3.215

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{227D884C-B159-40F4-9214-74E14F93B754}" = lport=59152 | protocol=17 | dir=in | name=sonicwall anti-virus compliance port 59152 |

"{45F6F9A1-59B2-462F-808D-5A67045E55EC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{4964FAE9-DBCB-4FE0-8200-84BDBD9B6E72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{57A4EFEB-2127-4383-AA2C-89151CAFD119}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{5A1ACB01-DCAF-4886-8215-B5B6C5CD31BC}" = lport=59152 | protocol=17 | dir=in | name=sonicwall anti-virus compliance port 59152 |

"{7106A633-1604-484F-9902-5D13F7ADA22A}" = lport=59153 | protocol=17 | dir=in | name=sonicwall anti-virus compliance port 59153 |

"{83CA3D74-23C6-4C55-911E-35C217B127FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{86C7AA2D-A0BC-43D6-B463-26E80C5F8D77}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{90B664F6-C94B-4199-915E-AD51C8C3FAE3}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{B7F6A36A-0724-4F1F-96F8-17B2183096FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C76DD69B-433B-4D9D-9307-62FB14C62CF6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D07E0AB3-5226-48C2-BC2F-1070F1A539BA}" = lport=59153 | protocol=17 | dir=in | name=sonicwall anti-virus compliance port 59153 |

"{FC61C465-861E-482A-B855-F9EA68E16D72}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02EA83D8-7C57-4727-BB77-8DDBEADC35AB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{12B2FA06-96CB-489E-9934-3BCB5297BF45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{1426F4F3-1ED5-47D2-9FEA-317286CA1413}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |

"{216588D9-B977-4FE7-AE09-3165A0AB5621}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |

"{2A3273EF-C492-47F6-849D-8ED7068CCA26}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |

"{2F2B5D5A-9566-4A55-A0F7-2BA43B6AB1E7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{4AB9449B-163C-4953-BAC9-C31F6A24D854}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |

"{53BD551B-7DB0-479F-9821-B3BD881C0882}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |

"{55BAAC1D-51B6-445C-96CD-2A68166E1347}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |

"{60BF87EB-F4F0-43F2-8502-317F69A3DFB2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{61219785-7876-4255-AA6D-8DE051EE8753}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{654FBB58-1B4D-454D-B083-43A50848CFC5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{71E86B49-F80F-4D8A-9669-B8D76AB6661F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{74945246-07AD-4986-B2B8-DA3CAD72703C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |

"{7B5FEEA2-B992-40F0-88FE-58875F78288D}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |

"{83949026-FEA6-44E9-9096-A25AF1FBE9BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{870795F8-A111-4A88-806D-595D95943D69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8F5252C1-99B3-495C-B161-C35259013511}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |

"{AA974139-E965-4259-B753-5C743F34B624}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ACD612DC-AE9D-4DFB-BB0E-D3DF98323098}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{B5EF7DDD-93A7-4CE6-A1B1-3331F8ABD7B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BE6E21C7-5CC2-4840-98C3-645A238FC148}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |

"{BF191E07-699B-405D-BDA0-1DDCD1AA7141}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{D04D9357-7A12-4084-AE7B-C18F93CE0154}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{D3557DD9-E184-49DE-B15A-5E6167AB0BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{F2835D1A-BB0C-45D7-BD02-8141081E200F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F7078459-A7FF-499C-B995-D8EA4AB2CA0A}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |

"{F74C05D0-06C6-47A9-AE5E-37309613FE8F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)

"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client

"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{3CD25975-A787-4E44-9990-DBE887266DF9}" = SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{62488E51-5C3E-46E9-8BD2-0DBC5934B1EC}" = Microsoft Exception Message Box

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files

"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{CF2EFAB4-B938-47C6-8426-0FB50D610E92}" = Microsoft Online Services Sign-in Assistant

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"RealVNC_is1" = VNC Enterprise Edition E4.6.1

"VNCMirror_is1" = VNC Mirror Driver 1.8.0

"VNCPrinter_is1" = VNC Printer Driver 1.7.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{07FDF5D7-26D6-4EAD-843A-8E0EF6A9C4CA}" = SAP Crystal Reports, version for Visual Studio 2010

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}

"{1D5FDAFE-FFB2-4657-981E-7F659DF796C7}" = Chilkat Mail ActiveX

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200212F5-36B0-403A-950F-80B989132A10}" = Microsoft OLE DB Provider for Visual FoxPro

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{20A981DF-6170-422C-8A29-7DC5CFC904DC}" = Visual C++ 8.0 x64 Runtime Setup Package

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{29879ADC-74EF-40F8-AB1F-6433D96E568D}" = UniPrint Client 4.0

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2ED9C1D8-2A83-44E9-973A-2EFCA0425054}" = SoftTime Diamond Edition

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services

"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin

"{893F65B1-C697-4149-A766-B3D80D9B2A49}" = SalesLogix Network Client

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSSUB_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSSUB_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSSUB_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSSUB_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Office Subscription (English) 2010

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010

"{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program

"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus

"{99FA46D3-0ED0-4FB1-9FB5-B323C6AFBBCE}" = SalesLogix Admin Tools and Servers

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AC7C3598-0510-43FA-9EEF-21258DB950D5}" = SalesLogix OLE DB Provider

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{BFBFB7CD-505E-4087-A5A5-730709546D40}" = Sage SalesLogix Desktop Integration Module

"{C586D427-4F62-4B9A-B8D0-F752E9ADCA45}" = PCLReader

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DA4E6EB8-C15C-48BD-9462-DB293C239697}" = Visual C++ 8.0 x64 Runtime Setup Package

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1

"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0

"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package

"{F9C3B51C-DCCC-4916-B08D-A6820D914AC0}" = CSDiff

"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.5 Professional

"Adobe Acrobat 8 Professional_815" = Adobe Acrobat 8.1.5 - CPSID_49013

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium

"CaddieSync Express" = CaddieSync Express 1.2.9

"ERUNT_is1" = ERUNT 1.1j

"Gadwin PrintScreen" = Gadwin PrintScreen

"imapbuilder_webunion_is1" = iMapBuilder Interactive Flash Map Builder v4.20 (Professional P

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"McAfeeBrowserProtection" = McAfee Browser Protection Service

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"MVS" = McAfee Virus and Spyware Protection Service

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010

"Remind-Me" = Remind-Me

"SLABCOMM&10C4&EA60" = SkyHawke CP210x USB to UART Bridge (Driver Removal)

"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English

"WebLog Expert_is1" = WebLog Expert 7.1

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Connect Add-in" = Adobe Connect Add-in

"Cisco Unified Presenter Add-in 6x5" = Cisco Unified Presenter Add-in 6x5

"GoToAssist Remote Support Expert" = GoToAssist Expert 1.6.0.430

"GoToMeeting" = GoToMeeting 5.2.0.952

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/25/2012 8:09:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:10:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:11:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:12:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:13:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:14:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:15:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:16:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:17:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

Error - 6/25/2012 8:18:56 PM | Computer Name = mistww72.spinneybeck.com | Source = SLXKeepLoggedInThread | ID = 4

Description = KeepLoggedIn: System Object has no connection.

[ System Events ]

Error - 8/16/2012 2:44:03 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The Ati External Event Utility service failed to start due to the

following error: %%2

Error - 8/16/2012 2:44:10 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the RDPSSW32

service to connect.

Error - 8/16/2012 2:44:10 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The RDPSSW32 service failed to start due to the following error: %%1053

Error - 8/16/2012 4:01:26 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The Ati External Event Utility service failed to start due to the

following error: %%2

Error - 8/16/2012 4:01:33 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the RDPSSW32

service to connect.

Error - 8/16/2012 4:01:33 PM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The RDPSSW32 service failed to start due to the following error: %%1053

Error - 8/17/2012 11:32:07 AM | Computer Name = mistww72.spinneybeck.com | Source = DCOM | ID = 10010

Description =

Error - 8/17/2012 11:34:11 AM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The Ati External Event Utility service failed to start due to the

following error: %%2

Error - 8/17/2012 11:34:18 AM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the RDPSSW32

service to connect.

Error - 8/17/2012 11:34:18 AM | Computer Name = mistww72.spinneybeck.com | Source = Service Control Manager | ID = 7000

Description = The RDPSSW32 service failed to start due to the following error: %%1053

< End of report >

and Checkup.txt

Results of screen317's Security Check version 0.99.44

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfeer Security-as-a-Service

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

McAfee Virus and Spyware Protection Service

McAfee SiteAdvisor Enterprise Plus

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.0

Java 7 Update 4

Java version out of Date!

Adobe Flash Player 9 Flash Player out of Date!

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

McAfee Managed VirusScan Agent myAgtSvc.exe

McAfee Managed VirusScan Agent swAgent.exe

McAfee Managed VirusScan DesktopUI XTray.exe

Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE

Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Twestfall only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Still having the same issue after following these instructions for ComboFix. Here are the results.

ComboFix 12-08-20.01 - twestfall 08/20/2012 10:56:48.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2741 [GMT -4:00]

Running from: c:\users\twestfall.SPINNEYBECK\Desktop\ComboFix.exe

AV: McAfee® Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee® Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\fmxveaa.tmp

c:\programdata\rqwrbaa.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\136B.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\136C.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\136D.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E37.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E38.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E39.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4FC9.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4FCA.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\4FCB.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\CE62.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\CE63.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\CE64.tmp

c:\users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\PTC32.log

c:\users\twestfall.SPINNEYBECK\g2ax_expert_downloadhelper_win32_x86.exe

c:\users\twestfall.SPINNEYBECK\g2mdlhlpx.exe

c:\users\twestfall.SPINNEYBECK\GoToAssistDownloadHelper.exe

c:\windows\SysWow64\MailBee.dll

c:\windows\SysWow64\winsusrm.dll

c:\windows\SysWow64\winsusrx.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-20 15:08 . 2012-08-20 15:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-20 15:08 . 2012-08-20 15:08 -------- d-----w- c:\users\twestfall\AppData\Local\temp

2012-08-20 15:08 . 2012-08-20 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-20 15:08 . 2012-08-20 15:08 -------- d-----w- c:\users\administrator\AppData\Local\temp

2012-08-17 16:13 . 2012-08-17 16:13 596992 ----a-w- C:\OTL.exe

2012-08-17 13:17 . 2012-08-17 13:17 -------- d-----w- c:\program files (x86)\ERUNT

2012-08-16 15:07 . 2012-08-16 18:48 -------- d-----w- c:\users\twestfall.SPINNEYBECK\AppData\Local\NPE

2012-08-16 15:07 . 2012-08-16 15:07 -------- d-----w- c:\programdata\Norton

2012-08-16 14:56 . 2012-08-16 14:56 -------- d-----w- c:\program files\Enigma Software Group

2012-08-16 14:56 . 2012-08-16 18:50 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-16 14:56 . 2012-08-16 14:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-16 14:04 . 2012-08-16 14:06 -------- d-----w- c:\programdata\HitmanPro

2012-08-16 13:46 . 2012-08-16 13:46 -------- d-----w- c:\users\twestfall.SPINNEYBECK\AppData\Local\Threat Expert

2012-08-16 13:33 . 2012-08-16 13:50 -------- d-----w- c:\program files (x86)\PC Tools

2012-08-16 13:23 . 2012-08-16 13:50 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-08-16 13:23 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-08-16 13:23 . 2012-08-16 13:47 -------- d-----w- c:\programdata\PC Tools

2012-08-16 13:23 . 2012-08-16 13:23 -------- d-----w- c:\users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

2012-08-15 20:37 . 2012-08-16 14:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-08-15 20:37 . 2012-08-16 14:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-15 17:18 . 2012-08-15 17:18 -------- d-----w- c:\users\UpdatusUser835

2012-08-15 03:04 . 2012-08-15 03:04 9232584 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-08-14 23:03 . 2012-08-14 23:03 -------- d-----w- c:\programdata\ThinSoft

2012-08-13 18:05 . 2012-08-13 18:15 -------- d-----w- c:\users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-07-22 06:21 . 2012-07-22 06:21 67584 ----a-w- c:\windows\system32\Rdpssw32.exe

2012-07-22 06:21 . 2012-07-22 06:21 46664 ----a-w- c:\windows\system32\BeTwinScreenSaver.exe

2012-07-22 06:21 . 2012-07-22 06:21 35640 ----a-w- c:\windows\system32\drivers\BeTwinMF.sys

2012-07-22 06:21 . 2012-07-22 06:21 35512 ----a-w- c:\windows\system32\drivers\BeTwinKF.sys

2012-07-22 06:21 . 2012-07-22 06:21 24120 ----a-w- c:\windows\system32\drivers\BeTwinVF.sys

2012-07-22 06:21 . 2012-07-22 06:21 22600 ----a-w- c:\windows\system32\drivers\BeTwinSystemVS.sys

2012-07-22 06:21 . 2012-07-22 06:21 249856 ----a-w- c:\windows\system32\Slsapi.dll

2012-07-22 06:21 . 2012-07-22 06:21 214080 ----a-w- c:\windows\system32\BeTwinProxyVS.dll

2012-07-22 06:21 . 2012-07-22 06:21 16696 ----a-w- c:\windows\system32\BeTwinDD.dll

2012-07-22 06:21 . 2012-07-22 06:21 151552 ----a-w- c:\windows\system32\SlsApiEx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 03:04 . 2012-04-09 15:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 03:04 . 2011-05-26 14:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2012-03-19 21:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 18:29 . 2012-06-09 18:29 45056 ----a-r- c:\users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Installer\{BFBFB7CD-505E-4087-A5A5-730709546D40}\ARPPRODUCTICON.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[-] 2010-11-20 . 6F741C830A9333B3877B43B72AC7C70E . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Gadwin PrintScreen 3.5"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 1101824]

"GoToAssist Express Expert"="c:\program files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" [2012-04-30 609144]

"UniPrint"="c:\program files (x86)\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" [2012-07-30 39816]

"GoToAssist Remote Support Expert"="c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe" [2012-08-16 610960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"OfficeSubscriptionAgent"="c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"CaddieSyncConduit"="c:\program files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2012-02-08 2371960]

.

c:\users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RemindMe.lnk - c:\program files (x86)\Remind-Me\RemindMe.exe [2010-7-6 672624]

SalesLogix Desktop Manager.lnk - c:\users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe [2011-6-8 605264]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2469048608-313815808-2957949631-1667\Scripts\Logon\0\0]

"Script"=\\DC1\SYSVOL\spinneybeck.com\scripts\drive_mappings.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2469048608-313815808-2957949631-1667\Scripts\Logon\1\0]

"Script"=\\DC1\SYSVOL\spinneybeck.com\scripts\drive_mappings.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RDPSSW32;RDPSSW32;c:\windows\System32\RDPSSW32.EXE [2012-07-22 67584]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 BeTwinProxy;BeTwin Terminal Services Proxy;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-01-28 27336]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-01-28 69120]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-11-02 161256]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-25 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SALESLOGIX;SQL Server Agent (SALESLOGIX);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SALESLOGIX\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\Drivers\BeTwinSystemVS.sys [2012-07-22 22600]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-03-12 134456]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 2060192]

S2 MSSQL$SALESLOGIX;SQL Server (SALESLOGIX);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SALESLOGIX\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 osubsvc;Microsoft Office 2010 Subscription Agent;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 493384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-25 174184]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UniPrint"="c:\program files (x86)\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

BeTwinProxy

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: sagenorthamerica.com

Trusted Zone: sharepoint.com\spinneybeck1

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: Interfaces\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

DPF: toolboxOI - hxxp://it.toolbox.com/home/toolboxOI.CAB

DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} - hxxps://www.rightnetworks.com/tsweb/uniprintclient408.cab

DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://msft2.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-RDPClip - c:\windows\system32\rdpclip.exe

Toolbar-Locked - (no file)

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

AddRemove-imapbuilder_webunion_is1 - c:\program files (x86)\iMapBuilder\unins000.exe

AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,11,2a,a5,1d,8f,58,4c,b6,ef,c3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,11,2a,a5,1d,8f,58,4c,b6,ef,c3,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\SalesLogix\SLXSystem.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

c:\program files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

c:\program files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files (x86)\Microsoft Lync\UcMapi.exe

.

**************************************************************************

.

Completion time: 2012-08-20 11:28:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 15:28

.

Pre-Run: 361,615,687,680 bytes free

Post-Run: 362,981,122,048 bytes free

.

- - End Of File - - F5A95094476F57992177F9634D0880E6

Link to post
Share on other sites

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

Thank you for being so persistant. I'm shocked at your tenacity.

OTL logfile created on: 8/20/2012 1:29:38 PM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\twestfall.SPINNEYBECK\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.10% Memory free

7.98 Gb Paging File | 6.36 Gb Available in Paging File | 79.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 335.23 Gb Free Space | 71.99% Space Free | Partition Type: NTFS

Drive F: | 249.90 Gb Total Space | 45.27 Gb Free Space | 18.11% Space Free | Partition Type: NTFS

Drive M: | 249.90 Gb Total Space | 45.27 Gb Free Space | 18.11% Space Free | Partition Type: NTFS

Drive N: | 49.90 Gb Total Space | 11.72 Gb Free Space | 23.50% Space Free | Partition Type: NTFS

Drive O: | 249.90 Gb Total Space | 45.27 Gb Free Space | 18.11% Space Free | Partition Type: NTFS

Drive P: | 49.90 Gb Total Space | 11.72 Gb Free Space | 23.50% Space Free | Partition Type: NTFS

Computer Name: MISTWW72 | User Name: twestfall | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe

PRC - [2012/07/30 11:15:51 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe

PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/05/16 16:02:34 | 012,098,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe

PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

PRC - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/08 18:23:28 | 002,371,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

PRC - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe

PRC - [2011/06/08 07:54:00 | 000,605,264 | ---- | M] (Sage Software, Inc.) -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe

PRC - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

PRC - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2010/09/14 16:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2010/07/06 12:51:26 | 000,672,624 | ---- | M] (Beiley Software Inc.) -- C:\Program Files (x86)\Remind-Me\RemindMe.exe

PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2006/07/08 04:57:52 | 001,101,824 | ---- | M] (Gadwin Systems, Inc.) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 22:30:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/27 22:05:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/10 09:20:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 09:20:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/02/08 18:23:28 | 000,163,704 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll

MOD - [2012/02/08 18:18:28 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll

MOD - [2012/02/08 18:18:16 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/09/23 10:52:52 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll

MOD - [2010/09/13 01:12:38 | 000,744,448 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll

MOD - [2010/09/12 22:16:14 | 002,173,952 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll

MOD - [2010/09/12 21:30:18 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll

MOD - [2010/09/12 20:55:26 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll

MOD - [2010/09/12 20:51:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll

MOD - [2009/06/22 22:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll

MOD - [2009/01/10 14:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/22 02:21:32 | 000,214,080 | ---- | M] (ThinSoft Pte Ltd.) [On_Demand | Stopped] -- C:\Windows\SysNative\BeTwinProxyVS.dll -- (BeTwinProxy)

SRV:64bit: - [2012/07/22 02:21:32 | 000,067,584 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Rdpssw32.exe -- (RDPSSW32)

SRV:64bit: - [2011/02/04 22:36:56 | 002,360,048 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/08/14 23:04:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe -- (SalesLogix System)

SRV - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)

SRV - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/07/22 02:21:32 | 000,022,600 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys -- (BeTwinSystem)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 08:25:30 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/05/25 03:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/04 22:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)

DRV:64bit: - [2011/01/27 20:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2011/01/27 20:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 76 C0 8E 8E 7C CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/08/20 11:12:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)

O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Gadwin PrintScreen 3.5] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - Startup: C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)

O4 - Startup: C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SalesLogix Desktop Manager.lnk = C:\Users\twestfall.SPINNEYBECK\AppData\Local\Sage\SlxDesktopManager.exe (Sage Software, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Value error. File not found

O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: sagenorthamerica.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sharepoint.com ([spinneybeck1] https in Trusted sites)

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} https://www.rightnetworks.com/tsweb/uniprintclient408.cab (UniPrintCab Control)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} https://msft2.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab (Reg Error: Key error.)

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://208.5.237.2/SNX/CSHELL/extender.cab (SlimClient Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: toolboxOI http://it.toolbox.com/home/toolboxOI.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 11:12:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/08/20 10:53:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/20 10:53:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/20 10:53:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/20 10:53:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/20 10:26:33 | 004,735,237 | R--- | C] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\ComboFix.exe

[2012/08/17 12:15:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 09:27:29 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\RK_Quarantine

[2012/08/17 09:21:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/08/17 09:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/08/17 09:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/08/16 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\backups

[2012/08/16 15:53:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\NPE

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/08/16 10:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/08/16 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/08/16 10:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/08/16 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Threat Expert

[2012/08/16 09:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2012/08/16 09:23:57 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2012/08/16 09:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/08/16 09:23:39 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/08/14 23:04:08 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/08/14 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ThinSoft

[2012/08/13 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

[2012/07/22 02:21:31 | 000,046,664 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinScreenSaver.exe

[2012/07/22 02:21:31 | 000,035,640 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinMF.sys

[2012/07/22 02:21:31 | 000,035,512 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinKF.sys

[2012/07/22 02:21:31 | 000,024,120 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinVF.sys

[2012/07/22 02:21:31 | 000,022,600 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys

[2012/07/22 02:21:30 | 000,249,856 | ---- | C] (Acudata) -- C:\Windows\SysNative\Slsapi.dll

[2012/07/22 02:21:30 | 000,214,080 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinProxyVS.dll

[2012/07/22 02:21:30 | 000,151,552 | ---- | C] (Acudata Limited) -- C:\Windows\SysNative\SlsApiEx.dll

[2012/07/22 02:21:30 | 000,016,696 | ---- | C] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinDD.dll

[2011/09/12 16:16:53 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\twestfall.SPINNEYBECK\gotomypc_626.exe

[106 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 13:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 12:01:52 | 3183,042,560 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SW_DVD5_Win_Pro_7w_SP1_64BIT_English_-2_MLF_X17-59279.ISO

[2012/08/20 11:47:21 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 11:47:21 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 11:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/20 11:39:24 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/20 11:12:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/20 10:26:37 | 004,735,237 | R--- | M] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\ComboFix.exe

[2012/08/17 12:16:56 | 000,881,521 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 09:26:08 | 001,558,528 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:21:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:17:36 | 000,000,924 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 16:58:02 | 000,197,596 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/08/16 16:05:00 | 000,002,423 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting Quick Connect.lnk

[2012/08/16 16:05:00 | 000,001,365 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/08/16 12:33:34 | 000,002,006 | -H-- | M] () -- C:\Users\twestfall.SPINNEYBECK\Documents\Default.rdp

[2012/08/16 12:09:51 | 000,001,456 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToAssist Expert.lnk

[2012/08/16 09:24:31 | 001,943,895 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/15 16:15:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/14 23:04:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/14 23:04:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/14 23:04:08 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/08/13 15:10:42 | 000,980,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/13 15:10:42 | 000,802,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/13 15:10:42 | 000,175,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/13 13:23:00 | 000,093,983 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 16:14:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 15:38:30 | 000,375,964 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/08/09 18:04:58 | 000,519,300 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Quotation Updates.sxb

[2012/08/01 18:59:05 | 002,376,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/25 17:48:59 | 000,129,917 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Account Details.sxb

[2012/07/22 02:21:32 | 000,249,856 | ---- | M] (Acudata) -- C:\Windows\SysNative\Slsapi.dll

[2012/07/22 02:21:32 | 000,214,080 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinProxyVS.dll

[2012/07/22 02:21:32 | 000,151,552 | ---- | M] (Acudata Limited) -- C:\Windows\SysNative\SlsApiEx.dll

[2012/07/22 02:21:32 | 000,067,584 | ---- | M] () -- C:\Windows\SysNative\Rdpssw32.exe

[2012/07/22 02:21:32 | 000,046,664 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinScreenSaver.exe

[2012/07/22 02:21:32 | 000,035,640 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinMF.sys

[2012/07/22 02:21:32 | 000,035,512 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinKF.sys

[2012/07/22 02:21:32 | 000,024,120 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinVF.sys

[2012/07/22 02:21:32 | 000,022,600 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys

[2012/07/22 02:21:32 | 000,016,696 | ---- | M] (ThinSoft Pte Ltd.) -- C:\Windows\SysNative\BeTwinDD.dll

[106 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 12:08:07 | 3183,042,560 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SW_DVD5_Win_Pro_7w_SP1_64BIT_English_-2_MLF_X17-59279.ISO

[2012/08/20 10:53:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/20 10:53:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/20 10:53:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/20 10:53:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/20 10:53:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/17 12:17:10 | 000,881,521 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 09:26:03 | 001,558,528 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:17:36 | 000,000,924 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 09:24:01 | 001,943,895 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/13 13:22:59 | 000,093,983 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 15:38:29 | 000,375,964 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/07/30 11:15:07 | 000,001,365 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/07/25 17:48:58 | 000,129,917 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Account Details.sxb

[2012/07/22 02:21:31 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\Rdpssw32.exe

[2012/06/21 13:13:43 | 000,004,134 | ---- | C] () -- C:\ProgramData\xmohfmvs.ugv

[2012/06/05 12:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\CSDiff.INI

[2012/06/05 11:06:15 | 000,154,576 | ---- | C] () -- C:\Windows\SysWow64\dbclient.dll

[2012/03/05 16:26:46 | 000,000,711 | ---- | C] () -- C:\Windows\GATOR32.INI

[2012/03/05 11:41:53 | 000,000,300 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/10/28 10:49:58 | 000,005,632 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/15 12:48:02 | 000,197,596 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/09/12 10:54:17 | 000,001,832 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\SLC_twestfall.prx

[2011/06/02 10:15:42 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2011/05/27 11:14:18 | 000,000,600 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\PUTTY.RND

[2011/05/26 10:22:04 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

[2011/05/26 10:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011/05/25 17:27:48 | 000,002,504 | RHS- | C] () -- C:\Users\twestfall.SPINNEYBECK\ntuser.pol

[2011/05/25 17:26:07 | 000,013,302 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/25 16:14:25 | 001,002,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/25 14:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== Custom Scans ==========

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\SuggestionsURLFallback: http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\FaviconURLFallback: http://www.bing.com/favicon.ico

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\SuggestionsURLFallback: http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\FaviconURLFallback: http://www.bing.com/favicon.ico

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\SuggestionsURLFallback: http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\FaviconURLFallback: http://www.bing.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Don't make changes to the system without checking with me first. You did a download of windows today, What's up with that ?

I'd like for you to run the following and then do a antvirus scan of the system.

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Step 3

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-i586.exe to install the newest version.
    ( jre-7u6-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Step 4

Turn OFF your Mcafee antivirus

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

First - I downloaded a copy of WIndows for completely seperate PC.

Here's the file from OTL that you requested.

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

recycler not found in F:\

recycler not found in M:\

recycler not found in N:\

recycler not found in O:\

recycler not found in P:\

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: twestfall

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 13022498 bytes

User: twestfall.SPINNEYBECK

->Temp folder emptied: 2115812 bytes

->Temporary Internet Files folder emptied: 143497559 bytes

->Java cache emptied: 404917 bytes

->Apple Safari cache emptied: 50387968 bytes

->Flash cache emptied: 8825536 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: UpdatusUser835

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1714622 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 53946368 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4282857 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 266.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: twestfall

User: twestfall.SPINNEYBECK

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Flash cache emptied: 0 bytes

User: UpdatusUser835

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08212012_084252

Files\Folders moved on Reboot...

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\wbxtra_08202012_113954.wbt moved successfully.

PendingFileRenameOperations files...

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Windows\temp\wbxtra_08202012_113954.wbt not found!

Registry entries deleted on Reboot...

I ran all the other tasks you requested including the Dr.Web scan which resulted in Done - no viruses found. Since no viruses were found I guess there was no log to save. It scanned over 700,000 files and took 1/2 the day to run so I know it ran complete.

I restarted the system and the problem lives on...

Link to post
Share on other sites

ok.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites

Same thing. Found no threats and the problem still exists.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1f0a8b21d56da74b827850f902b71634

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-21 10:51:16

# local_time=2012-08-21 06:51:16 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 38243237 97129088 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=339114

# found=0

# cleaned=0

# scan_time=3838

Link to post
Share on other sites

Do the following:

Web if Trust

Get & use Web of Trust WOT add-on for your browser(s)

http://www.mywot.com/en/download

http://www.mywot.com/en/faq/add-on

Stinger

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 2

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

IF the browser redirects happen again, you must provide really complete details, including

1) which browser is used

2) which search engine you use & how you get there (URL typed or click on a link/shortcuet)

3) what did you search for

4) what choices displayed

5) Did you check the validity or the safety of the website you are hunting ?

Link to post
Share on other sites

Here's the Stinger results

McAfee® Labs Stinger™ Version 10.2.0.754 built on Aug 27 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Aug 27 2012.

Ready to scan for 4884 viruses, trojans and variants.

Scan initiated on Mon Aug 27 12:14:21 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 22504

I also ran the MS Safety Scanner Results and received the following:

Exploit:Java/CVE-2012-1723.EG

Exploit:Java/CVE-2012-1723.EH

Exploit:Java/CVE-2012-1723.EI

Exploit:Java/CVE-2012-1723.EJ

Exploit:Java/CVE-2012-1723.EK

Each said it was removed. But, yes, you guessed it the problem still exists.

I am using Internet Explorer Version 8.

I am using Google as my search engine. And I am getting there via the URL, it is my default web page.

I searched for SalesLogix (which is a CRM package).

The choices displayed were exacly what I would see on a machine that does not have this problem.

I had different results when choosing a result.

See the attached images.

post-116707-0-54721600-1346161222.jpg

post-116707-0-29527200-1346161237.jpg

post-116707-0-68281300-1346161255.jpg

Link to post
Share on other sites

Do this in Internet Explorer.

Start Internet Explorer.

On the Tools menu, click Internet Options.

On the Advanced tab, click Reset.

In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Can you type in directly the url for saleslogix and press enter & get there ok? Please advise.

Next, a new run of OTL

Locate the OTL.exe on your Desktop

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt

Link to post
Share on other sites

Yes I can type the url for saleslogix and press enter to get there. In fact, other than the redirects, the browser seems to function completely normally.

Here's the OTL.TXT

OTL logfile created on: 8/29/2012 8:49:24 AM - Run 3

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\twestfall.SPINNEYBECK\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 46.96% Memory free

7.98 Gb Paging File | 5.79 Gb Available in Paging File | 72.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 342.45 Gb Free Space | 73.54% Space Free | Partition Type: NTFS

Drive F: | 249.90 Gb Total Space | 40.75 Gb Free Space | 16.31% Space Free | Partition Type: NTFS

Drive M: | 249.90 Gb Total Space | 40.75 Gb Free Space | 16.31% Space Free | Partition Type: NTFS

Drive N: | 49.90 Gb Total Space | 11.53 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Drive O: | 249.90 Gb Total Space | 40.75 Gb Free Space | 16.31% Space Free | Partition Type: NTFS

Drive P: | 49.90 Gb Total Space | 11.53 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Drive Z: | 465.66 Gb Total Space | 342.45 Gb Free Space | 73.54% Space Free | Partition Type: NTFS

Computer Name: MISTWW72 | User Name: twestfall | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/27 08:39:51 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\977\g2mstart.exe

PRC - [2012/08/27 08:39:51 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\977\g2mlauncher.exe

PRC - [2012/08/27 08:39:51 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\977\g2mcomm.exe

PRC - [2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_user_expert.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe

PRC - [2012/08/16 12:09:48 | 000,610,960 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_comm_expert.exe

PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/05/16 16:02:34 | 012,098,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe

PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

PRC - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/08 18:23:28 | 002,371,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

PRC - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe

PRC - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

PRC - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2010/09/14 16:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2010/07/06 13:49:38 | 001,821,616 | ---- | M] (UniPrint, a division of GFI Business Solutions Inc.) -- C:\Program Files (x86)\UniPrint\Client\UniPrint.exe

PRC - [2010/07/06 12:51:26 | 000,672,624 | ---- | M] (Beiley Software Inc.) -- C:\Program Files (x86)\Remind-Me\RemindMe.exe

PRC - [2009/07/13 21:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe

PRC - [2009/07/13 21:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe

PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2006/07/08 04:57:52 | 001,101,824 | ---- | M] (Gadwin Systems, Inc.) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 22:30:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/27 22:05:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/10 09:20:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 09:20:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 09:20:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 09:20:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/02/08 18:23:28 | 000,163,704 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll

MOD - [2012/02/08 18:18:28 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll

MOD - [2012/02/08 18:18:16 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/09/23 10:52:52 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll

MOD - [2010/09/13 01:12:38 | 000,744,448 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll

MOD - [2010/09/12 22:16:14 | 002,173,952 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll

MOD - [2010/09/12 21:30:18 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll

MOD - [2010/09/12 20:55:26 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll

MOD - [2010/09/12 20:51:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll

MOD - [2009/06/22 22:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll

MOD - [2009/01/10 14:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/22 02:21:32 | 000,214,080 | ---- | M] (ThinSoft Pte Ltd.) [On_Demand | Stopped] -- C:\Windows\SysNative\BeTwinProxyVS.dll -- (BeTwinProxy)

SRV:64bit: - [2012/07/22 02:21:32 | 000,067,584 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Rdpssw32.exe -- (RDPSSW32)

SRV:64bit: - [2011/02/04 22:36:56 | 002,360,048 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/08/21 08:58:29 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/12 16:31:15 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2012/01/04 07:54:00 | 000,385,024 | ---- | M] (Sage Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\SalesLogix\SLXSystem.exe -- (SalesLogix System)

SRV - [2011/06/02 10:09:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/05/25 03:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)

SRV - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/07/22 02:21:32 | 000,022,600 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BeTwinSystemVS.sys -- (BeTwinSystem)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 08:25:30 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/05/25 03:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/04 22:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)

DRV:64bit: - [2011/01/27 20:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2011/01/27 20:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/08/21 09:55:35 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()

O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)

O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Gadwin PrintScreen 3.5] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\430\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\977\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [uniPrint] C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - Startup: C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: sagenorthamerica.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sharepoint.com ([spinneybeck1] https in Trusted sites)

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} https://www.rightnetworks.com/tsweb/uniprintclient408.cab (UniPrintCab Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} https://msft2.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab (Reg Error: Key error.)

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://208.5.237.2/SNX/CSHELL/extender.cab (SlimClient Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: toolboxOI http://it.toolbox.com/home/toolboxOI.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spinneybeck.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DCF708D-9BE6-4372-ABDF-9B935B3C268E}: NameServer = 192.168.3.30,192.168.3.9

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 09:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage SalesLogix

[2012/08/28 09:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sage

[2012/08/28 09:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SalesLogix

[2012/08/28 09:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SalesLogix

[2012/08/28 09:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sage

[2012/08/27 12:14:26 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/08/27 12:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/08/27 12:04:23 | 009,924,712 | ---- | C] (McAfee Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\stinger.exe

[2012/08/27 12:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\WOT

[2012/08/27 12:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT

[2012/08/21 17:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/21 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\DoctorWeb

[2012/08/21 09:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/08/21 08:42:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/20 11:12:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/08/20 10:53:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/20 10:53:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/20 10:53:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/20 10:53:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/20 10:26:33 | 004,735,237 | R--- | C] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\ComboFix.exe

[2012/08/17 12:15:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 09:27:29 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\RK_Quarantine

[2012/08/17 09:21:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/08/17 09:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/08/17 09:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/08/16 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\Desktop\backups

[2012/08/16 15:53:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\NPE

[2012/08/16 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/08/16 10:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/08/16 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/08/16 10:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/08/16 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\Threat Expert

[2012/08/16 09:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2012/08/16 09:23:57 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2012/08/16 09:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/16 09:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/08/16 09:23:39 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/08/15 16:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/08/14 19:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ThinSoft

[2012/08/13 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

[2011/09/12 16:16:53 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\twestfall.SPINNEYBECK\gotomypc_626.exe

[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 08:51:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/28 11:02:36 | 000,004,494 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddSamp.xml

[2012/08/28 11:02:31 | 000,004,496 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddOrders.xml

[2012/08/28 11:02:26 | 000,003,868 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddClub.xml

[2012/08/28 11:02:18 | 000,003,894 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_Verify_Quote_Totals.xml

[2012/08/28 11:02:13 | 000,004,486 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_Fix_IDs.xml

[2012/08/28 11:02:09 | 000,004,226 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\slx_addTaxRates.xml

[2012/08/28 11:02:05 | 000,003,890 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddSysComments.xml

[2012/08/28 11:02:00 | 000,003,876 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddShip.xml

[2012/08/28 11:01:56 | 000,004,494 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddSamp.xml

[2012/08/28 11:01:50 | 000,003,838 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddQuotes.xml

[2012/08/28 11:00:35 | 000,004,164 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddOrds.xml

[2012/08/28 11:00:25 | 000,004,194 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddHolds.xml

[2012/08/28 10:52:35 | 000,001,998 | -H-- | M] () -- C:\Users\twestfall.SPINNEYBECK\Documents\Default.rdp

[2012/08/28 09:11:25 | 000,017,486 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services

[2012/08/28 08:50:52 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/28 08:50:52 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/28 08:42:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/28 08:42:28 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/27 13:38:13 | 000,103,272 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\GoToAssistDownloadHelper.exe

[2012/08/27 12:23:15 | 000,000,055 | RH-- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\stinger.opt

[2012/08/27 12:14:26 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/08/27 12:04:31 | 009,924,712 | ---- | M] (McAfee Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\stinger.exe

[2012/08/27 12:02:21 | 002,023,424 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WOT-latest-all-x64.msi

[2012/08/27 08:39:57 | 000,002,423 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting Quick Connect.lnk

[2012/08/27 08:39:57 | 000,001,365 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/08/21 09:55:35 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/21 09:32:06 | 091,982,296 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\drweb-cureit.exe

[2012/08/20 12:01:52 | 3183,042,560 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SW_DVD5_Win_Pro_7w_SP1_64BIT_English_-2_MLF_X17-59279.ISO

[2012/08/20 10:26:37 | 004,735,237 | R--- | M] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\ComboFix.exe

[2012/08/17 12:16:56 | 000,881,521 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 12:14:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\twestfall.SPINNEYBECK\Desktop\OTL.exe

[2012/08/17 12:13:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2012/08/17 09:26:08 | 001,558,528 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:21:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\twestfall.SPINNEYBECK\Desktop\dds.scr

[2012/08/17 09:17:36 | 000,000,924 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 16:58:02 | 000,197,596 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/08/16 12:09:51 | 000,001,456 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToAssist Expert.lnk

[2012/08/16 09:24:31 | 001,943,895 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/15 16:15:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\twestfall.SPINNEYBECK\Desktop\HijackThis.exe

[2012/08/13 15:10:42 | 000,980,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/13 15:10:42 | 000,802,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/13 15:10:42 | 000,175,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/13 13:23:00 | 000,093,983 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 16:14:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 15:38:30 | 000,375,964 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/08/09 18:04:58 | 000,519,300 | ---- | M] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Quotation Updates.sxb

[2012/08/01 18:59:05 | 002,376,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 11:02:36 | 000,004,494 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddSamp.xml

[2012/08/28 11:02:31 | 000,004,496 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddOrders.xml

[2012/08/28 11:02:26 | 000,003,868 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WEB_AddClub.xml

[2012/08/28 11:02:18 | 000,003,894 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_Verify_Quote_Totals.xml

[2012/08/28 11:02:13 | 000,004,486 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_Fix_IDs.xml

[2012/08/28 11:02:09 | 000,004,226 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\slx_addTaxRates.xml

[2012/08/28 11:02:05 | 000,003,890 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddSysComments.xml

[2012/08/28 11:02:00 | 000,003,876 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddShip.xml

[2012/08/28 11:01:56 | 000,004,494 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddSamp.xml

[2012/08/28 11:01:50 | 000,003,838 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddQuotes.xml

[2012/08/28 11:00:35 | 000,004,164 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddOrds.xml

[2012/08/28 11:00:25 | 000,004,194 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SLX_AddHolds.xml

[2012/08/27 13:38:13 | 000,103,272 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\GoToAssistDownloadHelper.exe

[2012/08/27 12:23:15 | 000,000,055 | RH-- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\stinger.opt

[2012/08/27 12:02:18 | 002,023,424 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\WOT-latest-all-x64.msi

[2012/08/21 09:31:29 | 091,982,296 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\drweb-cureit.exe

[2012/08/21 08:58:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 12:08:07 | 3183,042,560 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SW_DVD5_Win_Pro_7w_SP1_64BIT_English_-2_MLF_X17-59279.ISO

[2012/08/20 10:53:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/20 10:53:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/20 10:53:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/20 10:53:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/20 10:53:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/17 12:17:10 | 000,881,521 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\SecurityCheck.exe

[2012/08/17 09:26:03 | 001,558,528 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\RogueKiller.exe

[2012/08/17 09:17:36 | 000,000,924 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\NTREGOPT.lnk

[2012/08/17 09:17:36 | 000,000,905 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\ERUNT.lnk

[2012/08/16 09:24:01 | 001,943,895 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/08/13 13:22:59 | 000,093,983 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\Send to SBT - Must have Address.sxb

[2012/08/10 15:38:29 | 000,375,964 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\FilzFelt Catalogs.sxb

[2012/07/30 11:15:07 | 000,001,365 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\Desktop\GoToMeeting.lnk

[2012/06/21 13:13:43 | 000,004,134 | ---- | C] () -- C:\ProgramData\xmohfmvs.ugv

[2012/06/05 12:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\CSDiff.INI

[2012/06/05 11:06:15 | 000,154,576 | ---- | C] () -- C:\Windows\SysWow64\dbclient.dll

[2012/03/05 16:26:46 | 000,000,711 | ---- | C] () -- C:\Windows\GATOR32.INI

[2012/03/05 11:41:53 | 000,000,300 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/10/28 10:49:58 | 000,005,632 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/15 12:48:02 | 000,197,596 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/09/12 10:54:17 | 000,001,832 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\SLC_twestfall.prx

[2011/06/02 10:15:42 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2011/05/27 11:14:18 | 000,000,600 | ---- | C] () -- C:\Users\twestfall.SPINNEYBECK\AppData\Local\PUTTY.RND

[2011/05/26 10:22:04 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

[2011/05/26 10:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011/05/25 17:27:48 | 000,002,504 | RHS- | C] () -- C:\Users\twestfall.SPINNEYBECK\ntuser.pol

[2011/05/25 17:26:07 | 000,013,302 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/25 16:14:25 | 001,002,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/25 14:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/08/13 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\GetRightToGo

[2011/05/26 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\iMapBuilder

[2012/05/10 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\Remind-Me

[2012/07/18 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\SalesLogix

[2012/05/10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\SendBlaster2

[2012/08/16 09:23:39 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\TestApp

[2012/01/09 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\UniPrint

[2012/02/01 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\twestfall.SPINNEYBECK\AppData\Roaming\webex

[2009/07/14 01:08:49 | 000,026,950 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Turn OFF your McAfee Virusscan so that it does not interfere.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :otl
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found
    :files
    C:\Windows\SysNative\drivers\etc\hosts
    recycler /alldrives
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Start Internet Explorer.

On the Tools menu, click Internet Options.

On the Advanced tab, click Reset.

In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Re-enable your McAfee.

How are things now ?

Link to post
Share on other sites

Things are still not working.

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

========== FILES ==========

C:\Windows\SysNative\drivers\etc\hosts moved successfully.

recycler not found in C:\

recycler not found in F:\

recycler not found in M:\

recycler not found in N:\

recycler not found in O:\

recycler not found in P:\

recycler not found in Z:\

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: administrator

->Temp folder emptied: 1179082 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Administrator.mistww72

->Temp folder emptied: 1180617 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: twestfall

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: twestfall.SPINNEYBECK

->Temp folder emptied: 155208640 bytes

->Temporary Internet Files folder emptied: 26866073 bytes

->Java cache emptied: 0 bytes

->Apple Safari cache emptied: 8585216 bytes

->Flash cache emptied: 1719 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser835

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 7124992 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 84556276 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 431153 bytes

Total Files Cleaned = 272.00 mb

[EMPTYFLASH]

User: administrator

->Flash cache emptied: 0 bytes

User: Administrator.mistww72

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: twestfall

User: twestfall.SPINNEYBECK

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Flash cache emptied: 0 bytes

User: UpdatusUser835

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08292012_104323

Files\Folders moved on Reboot...

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\citrixlogs\gotomeeting\977\G2MOutlookAddin.log moved successfully.

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\ExchangePerflog_8484fa31e5cb6a75a1e09b2c.dat moved successfully.

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0E22A1C7-A911-4AE3-A90A-E3B74DB3DA2D}.tmp not found!

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21527EAD-AB0F-41D1-A005-FC8AECAD5117}.tmp not found!

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{223E1306-5424-40E0-81F5-ED9078E5588C}.tmp not found!

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{410B4294-4144-4046-8BD3-A6E465DD52FC}.tmp not found!

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6B3E4A93-09A1-45D0-966B-5072FC53C5AE}.tmp not found!

File\Folder C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\J5ZWVBL3\Contract 157320.pdf not found!

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9ZP051N\rss[1].xml moved successfully.

C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGXYYLB8\rss[2].xml moved successfully.

C:\Windows\temp\msdtadmin\_9FCED668-C256-45A3-BC88-10963C1D7020_\inuse moved successfully.

C:\Windows\temp\wbxtra_08282012_084256.wbt moved successfully.

PendingFileRenameOperations files...

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\citrixlogs\gotomeeting\977\G2MOutlookAddin.log not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\ExchangePerflog_8484fa31e5cb6a75a1e09b2c.dat not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0E22A1C7-A911-4AE3-A90A-E3B74DB3DA2D}.tmp not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21527EAD-AB0F-41D1-A005-FC8AECAD5117}.tmp not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{223E1306-5424-40E0-81F5-ED9078E5588C}.tmp not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{410B4294-4144-4046-8BD3-A6E465DD52FC}.tmp not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6B3E4A93-09A1-45D0-966B-5072FC53C5AE}.tmp not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\J5ZWVBL3\Contract 157320.pdf not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9ZP051N\rss[1].xml not found!

File C:\Users\twestfall.SPINNEYBECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGXYYLB8\rss[2].xml not found!

File C:\Windows\temp\msdtadmin\_9FCED668-C256-45A3-BC88-10963C1D7020_\inuse not found!

File C:\Windows\temp\wbxtra_08282012_084256.wbt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Provide detail on what

Things are still not working.

Are you still doing "searches" on things known or unknown?

You realize that if you get to a search engine normally, that afterwards any "result" displayed is not necessarily safe or legitimate ??

Be advised that you had tried several tools on your own prior to getting here. And that I have had you use other tools as well.

That is to say, you may be looking at having to wipe the system and reload Windows & all your apps fresh.

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

I do realize that. I have done these same scan on another system (laptop) that I have and they work fine on that.

And, if you weren't trying so hard I would have likely already reinstalled Windows, although I really didn't want to have to do that.

CKScanner - Additional Security Risks - These are not necessarily bad

c:\itunes\music\hootie & the blowfish\cracked rear view\01 hannah jane.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\03 let her cry.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\05 running from an angel.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\06 i'm goin' home.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\07 drowning.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\08 time.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\09 look away.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\10 not even the trees.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\11 goodbye.m4a

c:\itunes\music\hootie & the blowfish\cracked rear view\12 cracked rear view.m4a

scanner sequence 3.GE.11.QSAPRR

----- EOF -----

Farbar Service Scanner Version: 06-08-2012

Ran by twestfall (administrator) on 29-08-2012 at 11:39:42

Running from "C:\Users\twestfall.SPINNEYBECK\Desktop"

Microsoft Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

ATTENTION!=====> F:\Windows\System32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\dhcpcore.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\wuaueng.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> F:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.

**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.