Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer will not download ANYTHING!


  • Please log in to reply

#1
Lauriek1970

Lauriek1970

    Member

  • Member
  • PipPip
  • 82 posts
My office computer will not download anything. I am running Windows 7 pro with Internet Explorer 9. I am not sure that I have any type of malware but I just cannot figure out what to do next. I cannot download or run any file from the internet. I cannot update my antivirus program, Norton 360. I also cannot download office software from a disc. When I try to run or save anything it simply says, " <file> couldn't be downloaded." I cannot run Google Chrome. Google Chrome says, "unable to access the network This may be because your firewall or antivirus software wrongly thinks Google Chrome is an intruder on your computer and it is blocking it from connecting to the internet." I created a new administrator account and I can download some things from that account but I still cannot access Google Chrome. I downloaded Norton power eraser on the new administrator account I ran it, it detected no threats. I downloaded Microsoft scanner on the new administrator account, ran it and it also did not find anything. I recently read that a conficker worm could be hiding in system restore, so I tried to turn it off. From the System Protection screen, the tab that I want to click does not appear. There should be five tabs on that screen, there are only four. I am not that computer saavy, I am lost and I do not know what to do next. Today is Friday and I leave here inn 2 1/2 hours but I would love to come in on Monday to some help. Please, someone help me?? I'm a very nice person. ;)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Hopefully you can download and run OTL

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

If OTL.exe won't run then try:

OTL.com: http://oldtimer.geekstogo.com/OTL.com
or
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I tried both of those,"couldn't be downloaded" :(
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the next line:

"C:\Program Files\Internet Explorer\iexplore" -extoff http://oldtimer.geekstogo.com/OTL.com


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Internet Explorer should open with add-ons disabled.

It should come up and ask you if you want to Run or SAVE OTL.com
Tell it SAVE.


If that doesn't work then copy the next 3 lines

mkdir %userprofile%\Temp2
set temp=%userprofile%\Temp2
set tmp=%userprofile%\Temp2

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter.

If that doesn't help then try: In IE: Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.




If that doesn't work then:
Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.

If it doesn't work in that mode you can try resetting IE to the default:

http://windows.micro...rnet-explorer-9



Sometimes it is necessary to uninstall IE9. When you do that it reverts to IE8. IF it still won't download then I would uninstall the anti-virus and make sure Windows Defender is not running.
  • 0

#5
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
ok, thank you. I will try all of that
  • 0

#6
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Yay, thanks to you I did it. Here it is. I hope it's not too horrible.

OTL logfile created on: 9/3/2013 9:41:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Servpro\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.51% Memory free
3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 89.20 Gb Free Space | 66.41% Space Free | Partition Type: NTFS
Drive D: | 271.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 6.98 Gb Free Space | 93.63% Space Free | Partition Type: FAT32

Computer Name: MARYS-PC | User Name: Servpro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 09:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Servpro\Desktop\OTL.com
PRC - [2013/08/20 12:30:09 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/04/09 16:02:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/03/13 06:26:52 | 003,845,464 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2013/03/13 06:26:50 | 002,511,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2013/03/13 06:26:46 | 002,613,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/21 17:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2011/09/07 10:59:00 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Mary's\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/09/14 14:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/11/12 09:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/08/26 15:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/08/14 11:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/07/27 11:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/11 20:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 17:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/07 15:50:23 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2012/06/14 03:33:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:33:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 03:42:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:38:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:38:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:38:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:38:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/11/01 15:15:10 | 000,177,616 | ---- | M] () -- C:\Program Files\SelectRebates\SRebates.dll
MOD - [2010/02/11 13:04:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/02/11 13:04:45 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/07/27 11:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 11:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/11/12 12:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 12:30:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/21 17:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2011/09/07 10:59:00 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Mary's\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/25 17:09:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/11 17:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 11:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - [2013/07/30 03:15:46 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130730.003\navex15.sys -- (NAVEX15)
DRV - [2013/07/30 03:15:46 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130730.003\naveng.sys -- (NAVENG)
DRV - [2013/07/19 17:13:40 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130730.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/03/13 06:15:48 | 000,028,416 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\monblanking.sys -- (monblanking)
DRV - [2012/07/31 17:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 17:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/21 17:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011/09/21 17:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/09/21 17:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011/09/21 17:40:13 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symndisv.sys -- (SYMNDISV)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/24 12:43:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/24 12:43:42 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2010/02/24 12:43:42 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2010/02/24 12:43:42 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/24 12:43:42 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2010/02/24 12:43:42 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/09/04 10:35:00 | 002,747,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/27 11:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/06/20 05:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 10:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/06/20 10:12:00 | 000,215,040 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0805CFF4-599A-4BF8-8FE9-608B2D364D7F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}


IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sso.serv...MTcyLjEuMS4xMjI
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sso.serv...MTcyLjEuMS4xMjI
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..\SearchScopes\{484988BA-DC92-43A9-9D82-08C3AA2FBA4E}: "URL" = http://websearch.ask...C9-BA0EAEE00520
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS369
IE - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 10:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/09 16:03:26 | 000,000,000 | ---D | M]

[2012/09/26 10:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe ()
O4 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580040910-3867713631-2828622594-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [Del4193634] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580040910-3867713631-2828622594-1003..\RunOnce: [Del4193634] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-580040910-3867713631-2828622594-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EADCC00-63D2-4599-9C98-1BB5A1240CC5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE20CC82-747C-4D7F-8B76-7BCE8C73CFAA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-580040910-3867713631-2828622594-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/03/28 07:50:44 | 000,000,000 | ---D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2007/10/09 08:30:04 | 000,000,078 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{79508d84-1757-11df-ab73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79508d84-1757-11df-ab73-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun\ShelExec.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMPCHelper -
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tvnserver -
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/03 09:25:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Servpro\Desktop\OTL.com
[2013/09/03 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Temp2
[2013/08/30 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\DSite
[2013/08/30 10:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/08/30 10:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/30 10:23:54 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Nico Mak Computing
[2013/08/30 10:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Registry Optimizer
[2013/08/30 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Advanced System Protector
[2013/08/30 10:20:52 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Systweak
[2013/08/30 10:20:51 | 000,017,584 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\System32\roboot.exe
[2013/08/30 10:20:32 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Programs
[2013/08/30 09:47:51 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Symantec
[2013/08/29 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SERVPRO Office Automation Software
[2013/08/29 15:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sagekey Software
[2013/08/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\ManagER
[2013/08/29 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\CyberLink
[2013/08/29 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\window paintings
[2013/08/29 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Water Loss Jobs
[2013/08/29 15:19:19 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\CrashDumps
[2013/08/29 15:18:31 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Intuit
[2013/08/29 15:18:13 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Quick Books
[2013/08/29 15:18:05 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Pending Jobs
[2013/08/29 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\New Job Masters
[2013/08/29 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Monthly Safety Meetings
[2013/08/29 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Masters, logs, office info
[2013/08/29 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\LAURA DOCS
[2013/08/29 15:17:27 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Kiewet
[2013/08/29 15:17:20 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Fire Loss Jobs
[2013/08/29 15:17:15 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\fire class
[2013/08/29 15:17:10 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Facebook share photos
[2013/08/29 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Equipment & Chemical List
[2013/08/29 15:16:57 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Employment Security Dept
[2013/08/29 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Employee photos
[2013/08/29 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Emergency Ready Program
[2013/08/29 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\dynamic strategies
[2013/08/29 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Drywall
[2013/08/29 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Documents for Laura
[2013/08/29 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Customer and Billing masters
[2013/08/29 15:16:15 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Desktop\Computer
[2013/08/29 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\City of ocean Shores
[2013/08/29 15:15:53 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\CE class Aug 7
[2013/08/29 15:15:44 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Carpet & Misc Jobs
[2013/08/29 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Servpro\Desktop\Aberdeen Art Walk
[2013/08/29 15:15:32 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Adobe
[2013/08/29 15:03:42 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\Servpro\Desktop\NPE.exe
[2013/08/29 15:02:40 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\NPE
[2013/08/29 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Adobe
[2013/08/29 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Google
[2013/08/29 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\RealNetworks
[2013/08/29 14:54:53 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Real
[2013/08/29 14:54:53 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\ControlCenter4
[2013/08/29 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Wave Systems Corp
[2013/08/29 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Wave Systems Corp
[2013/08/29 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Google
[2013/08/29 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Broadcom
[2013/08/29 14:54:41 | 000,000,000 | R--D | C] -- C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/29 14:54:40 | 000,000,000 | R--D | C] -- C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/29 14:54:40 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Searches
[2013/08/29 14:54:40 | 000,000,000 | -H-D | C] -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/29 14:54:30 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Identities
[2013/08/29 14:54:27 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Contacts
[2013/08/29 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\VirtualStore
[2013/08/29 14:54:11 | 000,000,000 | --SD | C] -- C:\Users\Servpro\AppData\Roaming\Microsoft
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Videos
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Saved Games
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Pictures
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Music
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Links
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Favorites
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Downloads
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Documents
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\Desktop
[2013/08/29 14:54:11 | 000,000,000 | R--D | C] -- C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\AppData\Local\Temporary Internet Files
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Templates
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Start Menu
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\SendTo
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Recent
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\PrintHood
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\NetHood
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Documents\My Videos
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Documents\My Pictures
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Documents\My Music
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\My Documents
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Local Settings
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\AppData\Local\History
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Cookies
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\Application Data
[2013/08/29 14:54:11 | 000,000,000 | -HSD | C] -- C:\Users\Servpro\AppData\Local\Application Data
[2013/08/29 14:54:11 | 000,000,000 | -H-D | C] -- C:\Users\Servpro\AppData
[2013/08/29 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Temp
[2013/08/29 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Microsoft Help
[2013/08/29 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Local\Microsoft
[2013/08/29 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Media Center Programs
[2013/08/29 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\Servpro\AppData\Roaming\Macromedia
[2012/09/06 14:15:16 | 000,693,648 | ---- | C] (MindSpark) -- C:\Program Files\12Uninstall My Scrap Nook.dll

========== Files - Modified Within 30 Days ==========

[2013/09/03 09:30:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/03 09:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Servpro\Desktop\OTL.com
[2013/09/03 09:02:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/09/03 08:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 08:30:10 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 08:30:10 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 08:23:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 08:22:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 08:22:50 | 1582,022,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/30 11:02:03 | 000,001,130 | ---- | M] () -- C:\Users\Servpro\Desktop\Continue Zip Opener Installation.lnk
[2013/08/30 10:27:32 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/30 10:06:17 | 000,007,605 | ---- | M] () -- C:\Users\Servpro\AppData\Local\Resmon.ResmonCfg
[2013/08/30 09:53:00 | 000,000,000 | ---- | M] () -- C:\Users\Servpro\AppData\Local\WavXMapDrive.bat
[2013/08/29 15:35:06 | 000,002,038 | ---- | M] () -- C:\Users\Servpro\Desktop\Servpro stuff.lnk
[2013/08/29 15:03:45 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Servpro\Desktop\NPE.exe
[2013/08/29 14:59:39 | 000,002,227 | ---- | M] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/29 14:59:39 | 000,002,203 | ---- | M] () -- C:\Users\Servpro\Desktop\Google Chrome.lnk
[2013/08/29 14:55:04 | 000,001,409 | ---- | M] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/26 07:08:56 | 000,000,476 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/08/20 12:30:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/20 12:30:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/14 12:06:27 | 000,631,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 12:06:27 | 000,109,326 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 11:24:43 | 000,042,652 | ---- | M] () -- C:\Users\Servpro\Desktop\SERVPRO%20Eployment%20Application%20-%2031808%20-%2001-10.pdf

========== Files Created - No Company Name ==========

[2013/08/30 11:02:21 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/08/30 11:02:03 | 000,001,130 | ---- | C] () -- C:\Users\Servpro\Desktop\Continue Zip Opener Installation.lnk
[2013/08/30 10:27:32 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/30 10:06:17 | 000,007,605 | ---- | C] () -- C:\Users\Servpro\AppData\Local\Resmon.ResmonCfg
[2013/08/29 15:23:20 | 000,002,038 | ---- | C] () -- C:\Users\Servpro\Desktop\Servpro stuff.lnk
[2013/08/29 15:22:51 | 020,178,598 | ---- | C] () -- C:\Users\Servpro\Desktop\ERPSamples.zip
[2013/08/29 14:55:04 | 000,001,409 | ---- | C] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/29 14:54:52 | 000,000,000 | ---- | C] () -- C:\Users\Servpro\AppData\Local\WavXMapDrive.bat
[2013/08/29 14:54:45 | 000,001,415 | ---- | C] () -- C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/29 14:54:44 | 000,002,227 | ---- | C] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/29 14:54:44 | 000,002,203 | ---- | C] () -- C:\Users\Servpro\Desktop\Google Chrome.lnk
[2013/08/29 14:54:11 | 000,000,290 | ---- | C] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/29 14:54:11 | 000,000,272 | ---- | C] () -- C:\Users\Servpro\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/14 11:24:43 | 000,042,652 | ---- | C] () -- C:\Users\Servpro\Desktop\SERVPRO%20Eployment%20Application%20-%2031808%20-%2001-10.pdf
[2013/07/23 14:55:30 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/07/23 14:55:30 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/07/23 14:54:17 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/07/23 14:50:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/07/23 14:50:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/09/06 14:15:16 | 000,174,016 | ---- | C] () -- C:\Program Files\12res.dll
[2012/05/07 10:33:25 | 000,000,476 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/07 10:33:25 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9440cn.dat
[2012/05/07 10:33:25 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/05/07 10:33:15 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2012/05/07 10:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/05/07 10:33:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/05/07 10:33:04 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/05/07 10:33:02 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 01:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3160318AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: SanDisk Cruzer USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 134.00GB
Starting Offset: 15770583040
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 16384
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/08/29 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Adobe
[2013/08/30 10:20:57 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Advanced System Protector
[2013/08/29 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Broadcom
[2013/08/29 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\ControlCenter4
[2013/08/29 15:24:18 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\CyberLink
[2013/08/30 11:02:21 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\DSite
[2013/08/29 14:58:56 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Google
[2013/08/29 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Identities
[2010/03/01 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Macromedia
[2009/07/14 00:49:10 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Media Center Programs
[2013/08/30 11:29:34 | 000,000,000 | --SD | M] -- C:\Users\Servpro\AppData\Roaming\Microsoft
[2013/08/30 10:25:08 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Nico Mak Computing
[2013/08/29 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Real
[2013/08/29 14:55:10 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\RealNetworks
[2013/08/30 10:22:59 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Systweak
[2013/08/29 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Servpro\AppData\Roaming\Wave Systems Corp

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 18:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 18:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2010/02/11 14:48:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/11 14:49:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/11 14:49:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/02/11 14:48:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\SoftwareDistribution\Download\ccb2ff3ce5106b48b42ea8885492f1e8\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 09:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\SoftwareDistribution\Download\ccb2ff3ce5106b48b42ea8885492f1e8\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 05:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 05:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 1411-2897
Directory of C:\
07/13/2009 09:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 09:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 09:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 09:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 09:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 09:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 09:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 09:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 09:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 09:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 09:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 09:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 09:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 09:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 09:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 09:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 09:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 09:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 09:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 09:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 09:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 09:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 09:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 09:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 09:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 09:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 09:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 09:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 09:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 09:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 09:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
07/13/2011 08:49 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
07/13/2011 08:49 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2011 08:49 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
07/13/2011 08:49 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
07/13/2011 08:49 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2011 08:49 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2011 08:49 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2011 08:49 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2011 08:49 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2011 08:49 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
07/13/2011 08:49 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
07/13/2011 08:49 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
07/13/2011 08:49 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
07/13/2011 08:49 AM <JUNCTION> My Music [C:\Users\Guest\Music]
07/13/2011 08:49 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
07/13/2011 08:49 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mary's
02/19/2010 05:16 PM <JUNCTION> Application Data [C:\Users\Mary's\AppData\Roaming]
02/19/2010 05:16 PM <JUNCTION> Cookies [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Cookies]
02/19/2010 05:16 PM <JUNCTION> Local Settings [C:\Users\Mary's\AppData\Local]
02/19/2010 05:16 PM <JUNCTION> My Documents [C:\Users\Mary's\Documents]
02/19/2010 05:16 PM <JUNCTION> NetHood [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/19/2010 05:16 PM <JUNCTION> PrintHood [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/19/2010 05:16 PM <JUNCTION> Recent [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Recent]
02/19/2010 05:16 PM <JUNCTION> SendTo [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\SendTo]
02/19/2010 05:16 PM <JUNCTION> Start Menu [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Start Menu]
02/19/2010 05:16 PM <JUNCTION> Templates [C:\Users\Mary's\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mary's\AppData\Local
02/19/2010 05:16 PM <JUNCTION> Application Data [C:\Users\Mary's\AppData\Local]
02/19/2010 05:16 PM <JUNCTION> History [C:\Users\Mary's\AppData\Local\Microsoft\Windows\History]
02/19/2010 05:16 PM <JUNCTION> Temporary Internet Files [C:\Users\Mary's\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mary's\AppData\LocalLow
01/13/2011 02:21 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Mary's\Documents
02/19/2010 05:16 PM <JUNCTION> My Music [C:\Users\Mary's\Music]
02/19/2010 05:16 PM <JUNCTION> My Pictures [C:\Users\Mary's\Pictures]
02/19/2010 05:16 PM <JUNCTION> My Videos [C:\Users\Mary's\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 09:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 09:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 09:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Servpro
08/29/2013 02:54 PM <JUNCTION> Application Data [C:\Users\Servpro\AppData\Roaming]
08/29/2013 02:54 PM <JUNCTION> Cookies [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Cookies]
08/29/2013 02:54 PM <JUNCTION> Local Settings [C:\Users\Servpro\AppData\Local]
08/29/2013 02:54 PM <JUNCTION> My Documents [C:\Users\Servpro\Documents]
08/29/2013 02:54 PM <JUNCTION> NetHood [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/29/2013 02:54 PM <JUNCTION> PrintHood [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/29/2013 02:54 PM <JUNCTION> Recent [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Recent]
08/29/2013 02:54 PM <JUNCTION> SendTo [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\SendTo]
08/29/2013 02:54 PM <JUNCTION> Start Menu [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Start Menu]
08/29/2013 02:54 PM <JUNCTION> Templates [C:\Users\Servpro\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Servpro\AppData\Local
08/29/2013 02:54 PM <JUNCTION> Application Data [C:\Users\Servpro\AppData\Local]
08/29/2013 02:54 PM <JUNCTION> History [C:\Users\Servpro\AppData\Local\Microsoft\Windows\History]
08/29/2013 02:54 PM <JUNCTION> Temporary Internet Files [C:\Users\Servpro\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Servpro\Documents
08/29/2013 02:54 PM <JUNCTION> My Music [C:\Users\Servpro\Music]
08/29/2013 02:54 PM <JUNCTION> My Pictures [C:\Users\Servpro\Pictures]
08/29/2013 02:54 PM <JUNCTION> My Videos [C:\Users\Servpro\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
02/11/2010 01:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/11/2010 01:05 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2010 01:05 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02/11/2010 01:05 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/11/2010 01:05 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/11/2010 01:05 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
89 Dir(s) 96,044,863,488 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/08/24 10:49:56 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/29 04:02:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 05:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 19:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 19:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Which step helped?

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#8
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
The first suggestion that you made in your second post worked. So, how should I download this?
  • 0

#9
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I'm trying to copy the command that worked for OTL with the new website and I'm not having any luck at all. I'm obviously typing it wrong
  • 0

#10
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ok, I got the command to work. I downloaded the adw cleaner. When I try to instal, Google Chrome pops up and says, "unable to access network"
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Since the first suggestion worked there is something in your add-ons in IE so if you start it with

"C:\Program Files\Internet Explorer\iexplore" -extoff

and then click on the Manage Add-Ons button which shows up at the bottom right for about 30 seconds, it should take you to a page where you can disable each add-on individually. I would click on each add-on and Disable. Close when done. Restart IE. After that you should be able to close IE and reopen it and download normally.

Why Chrome is getting involved is not clear. Perhaps adwCleaner checks for updates and Chrome is the default browser. Try making IE the default browser. In IE, click on the gear or Tools and then on Internet Options then on Programs. Then click on Make Default and OK. Close IE. Try adwcleaner again. If it still calls up Chrome then let's try fixing Chrome. http://www.googlechr...e-settings.html

Also try running:


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. If it reboots and does not give you a log then run it a second time. If after running you get an error about a registry value then just reboot once more to clear the error.

A file will be created (usually stored at => C:\Combofix\Combofix.txt). I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#12
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I downloaded adwcleaner to my desktop. The icon is not there. I can't even find it when I search files. I will try the second one. thanks
  • 0

#13
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ok, I can get these to download by disabling add-ons. However,after saving to desktop, there is no icon for me to right click and run as admin. What am I missing?
  • 0

#14
Lauriek1970

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Well, here's what I got, but I didn't run as administrator. I don't know how much that matters. I'm feeling dumb, super happy for your help


# AdwCleaner v3.002 - Report created 03/09/2013 at 13:19:56
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Servpro - MARYS-PC
# Running from : C:\Users\Servpro\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\system32\roboot.exe
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\Tasks\DSite.job
Folder Found C:\Program Files\SelectRebates
Folder Found C:\Program Files\WinZip Registry Optimizer
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Mary's\AppData\Local\PackageAware
Folder Found C:\Users\Mary's\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Mary's\AppData\Roaming\Babylon
Folder Found C:\Users\Servpro\AppData\Roaming\Advanced System Protector
Folder Found C:\Users\Servpro\AppData\Roaming\DSite
Folder Found C:\Users\Servpro\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_earthview_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_earthview_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKLM\Software\systweak
Product Found : Google Update Helper
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16446


-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Mary's\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Servpro\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4433 octets] - [03/09/2013 13:09:36]
AdwCleaner[R1].txt - [4576 octets] - [03/09/2013 13:19:56]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [4636 octets] ##########
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Once you have run a scan you need to hit the Clean button.

Sometimes if you right click on the Start ball and then select Open Windows Explorer, then once it opens, click on desktop in the left pane near the top and then look in the right pane you may see the file.

You probably need to right click and Run As Admin unless you first turn off UAC:



Open User Account Control Settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.

To turn off UAC, move the slider to the Never notify position, and then click OK. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. You will need to restart your computer for UAC to be turned off.

Once UAC is off it shouldn't matter if you double click or right click and Run As Admin.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP