Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

porn/sexy.exe malware on Terminal Server

Started by jedichrome , Sep 17 2013 08:58 AM

Please log in to reply

#1
jedichrome

Posted 17 September 2013 - 08:58 AM

New Member

Member
3 posts

A couple of users managed to click on a bad attachment and have seemingly infected their terminal server. On a workstation I would normally run ComboFix.exe to clear this up but since this is Server 2008 that is not an option.

I have been attempting to clean up the system manually and using MalwareBytes but it does not seem to be working. I am desperate for a resolution.

OTL logfile created on: 9/17/2013 10:28:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\it4tools
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

24.00 Gb Total Physical Memory | 19.72 Gb Available Physical Memory | 82.18% Memory free
47.99 Gb Paging File | 43.46 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350.00 Gb Total Space | 272.22 Gb Free Space | 77.78% Space Free | Partition Type: NTFS

Computer Name: SDTERMSRV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 10:26:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\it4tools\OTL.exe
PRC - [2013/09/17 09:17:57 | 000,122,880 | RHS- | M] () -- C:\Users\Linda\yoiin.exe
PRC - [2013/05/30 18:33:32 | 003,232,152 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
PRC - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
PRC - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
PRC - [2013/04/29 03:37:01 | 000,471,040 | ---- | M] (Everylisten Corp.) -- C:\Users\Linda\AppData\Roaming\Zuke\ikqee.exe
PRC - [2013/03/29 13:45:02 | 002,937,384 | ---- | M] (AOL Inc.) -- C:\Users\cynthia\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/03/22 01:44:16 | 006,167,552 | ---- | M] () -- C:\Program Files (x86)\Activant\Prophet 21 12.1\pxxi.exe
PRC - [2013/03/07 17:54:54 | 001,085,440 | ---- | M] (Kaseya International Limited) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\AgentMon.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/02 23:37:50 | 000,093,488 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZRCCTL.EXE
PRC - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZWatchDog.exe
PRC - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZMSMACTL.EXE
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZScheduler.exe
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZapsc.exe
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZappr.exe
PRC - [2012/11/02 23:37:50 | 000,081,200 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZRemoteSupport.exe
PRC - [2012/11/02 23:37:48 | 000,146,736 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\DMPHelpDesk.exe
PRC - [2012/10/31 16:37:52 | 000,577,536 | ---- | M] (Kaseya International Limited) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\KaUsrTsk.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/08/15 22:37:42 | 000,083,024 | ---- | M] ( ) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\extensions\Lua.exe
PRC - [2012/07/06 21:32:00 | 000,171,312 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\rtHlpDk.exe
PRC - [2012/07/06 21:31:52 | 000,171,312 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\rtdrHlpDk.exe
PRC - [2012/07/06 19:53:06 | 000,142,640 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\RMHLPDSK.exe
PRC - [2012/07/06 19:49:40 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZServerPlus.exe
PRC - [2012/03/15 21:33:26 | 013,529,440 | ---- | M] (FileMaker, Inc.) -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\FileMaker Pro.exe
PRC - [2011/08/18 14:37:42 | 001,696,496 | ---- | M] (RealVNC Ltd) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2002/11/04 20:29:14 | 000,024,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Control\jfservic.exe
PRC - [2002/11/04 20:28:44 | 000,143,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Bin\JfServer.exe
PRC - [2002/11/04 20:28:22 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Bin\PipeMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/15 21:34:12 | 000,106,336 | ---- | M] () -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\zlib1.dll
MOD - [2012/03/15 21:34:02 | 000,047,456 | ---- | M] () -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\XalanMessages_1_11.dll
MOD - [2012/03/15 21:34:00 | 000,738,656 | ---- | M] () -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\ViewSystem.dll
MOD - [2012/03/15 21:33:48 | 000,477,024 | ---- | M] () -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\SkiaDLL.dll
MOD - [2012/03/15 21:33:34 | 000,491,360 | ---- | M] () -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\libetpan.dll
MOD - [2011/11/07 16:21:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\libkacm.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:24:34 | 000,694,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lserver.dll -- (TermServLicensing)
SRV:64bit: - [2009/07/13 21:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 21:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2013/09/13 20:40:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 19:44:20 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 19:44:16 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2013/03/07 17:54:54 | 001,085,440 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\AgentMon.exe -- (KAAXSMCR74234068025903)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/11/02 23:37:50 | 000,093,488 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZRCCTL.EXE -- (SAAZRCCTL)
SRV - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZWatchDog.exe -- (SAAZWatchDog)
SRV - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZMSMACTL.EXE -- (SAAZMSMACTL)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZScheduler.exe -- (SAAZScheduler)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZapsc.exe -- (SAAZapsc)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZappr.exe -- (SAAZappr)
SRV - [2012/11/02 23:37:50 | 000,081,200 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZRemoteSupport.exe -- (SAAZRemoteSupport)
SRV - [2012/09/25 12:47:28 | 000,086,888 | ---- | M] (Citrix) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\XenTools\Installer\InstallWizard.Exe -- (XenPVInstall)
SRV - [2012/07/09 15:46:54 | 000,015,360 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\XenTools\XenGuestAgent.Exe -- (XenSvc)
SRV - [2012/07/06 19:49:40 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZServerPlus.exe -- (SAAZServerPlus)
SRV - [2011/08/18 14:37:42 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2010/11/20 23:24:58 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002/11/04 20:29:14 | 000,024,576 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Central\Control\jfservic.exe -- (JetFormCentral)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/07 19:44:16 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/05/15 14:23:01 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/01/15 16:17:30 | 000,086,968 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/01/15 16:17:26 | 000,088,864 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2013/01/07 22:32:50 | 000,035,048 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KAPFA.sys -- (KAPFA)
DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/09/20 17:57:42 | 000,343,952 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xenvif.sys -- (xenvif)
DRV:64bit: - [2012/09/10 20:07:00 | 000,039,608 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xennet.sys -- (xennet)
DRV:64bit: - [2012/09/05 19:48:50 | 000,189,440 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenbus.sys -- (xenbus)
DRV:64bit: - [2012/09/05 19:48:28 | 000,080,272 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenfilt.sys -- (xenfilt)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:22:44 | 000,061,744 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xeniface.sys -- (xeniface)
DRV:64bit: - [2012/08/14 17:24:22 | 000,114,280 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenvbd.sys -- (xenvbd)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/02 00:17:41 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2010/11/20 23:24:00 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:24:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/05/23 19:44:29 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 23:25:11 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoreviewdistribution.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\GFI Software\GFIAgent\SBRC.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [KASHAXSMCR74234068025903] C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [Ikqee] C:\Users\Linda\AppData\Roaming\Zuke\ikqee.exe (Everylisten Corp.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [yoiin] C:\Users\Linda\yoiin.exe ()
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336..\Run: [AIM for Windows] C:\Users\cynthia\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [CryptoLocker] C:\Users\michael\AppData\Roaming\{252C7B1F-0437-1206-003F-060205080B0B}.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Exyxte] C:\Users\michael\AppData\Roaming\Olyfnu\exyxte.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Kyinoj] C:\Users\michael\AppData\Roaming\Ohymh\kyinoj.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [meufog] C:\Users\michael\meufog.exe /r File not found
O4 - Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\rory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1008\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1147\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([bofacapital-certs] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([cashproonline] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..Trusted Domains: sites ([]https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shoreview.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64063ED3-70B6-4652-8867-C495FF0981D1}: NameServer = 10.0.0.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 10:27:40 | 000,000,000 | ---D | C] -- C:\it4tools
[2013/09/16 19:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/16 19:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/16 19:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/16 18:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/09/16 16:24:53 | 000,000,000 | ---D | C] -- C:\Users\administrator.SHOREVIEW\AppData\Roaming\Malwarebytes
[2013/09/16 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 16:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/16 16:24:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/16 16:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/28 09:38:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/08/28 09:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/08/28 09:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/28 09:38:18 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/28 09:38:18 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/28 09:38:18 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/28 09:38:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/28 09:38:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/28 09:38:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/28 09:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2013/09/17 10:15:40 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 10:15:40 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 10:12:23 | 000,823,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/17 10:12:23 | 000,691,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/17 10:12:23 | 000,133,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/17 10:07:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/17 09:40:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/16 19:07:09 | 000,000,186 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190706.reg
[2013/09/16 19:06:21 | 000,004,258 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190618.reg
[2013/09/16 19:06:05 | 000,069,556 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190559.reg
[2013/09/13 20:40:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 20:40:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/28 09:38:02 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/28 09:38:02 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/28 09:38:02 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/28 09:38:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/28 09:38:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/28 09:38:02 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files Created - No Company Name ==========

[2013/09/16 19:07:07 | 000,000,186 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190706.reg
[2013/09/16 19:06:20 | 000,004,258 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190618.reg
[2013/09/16 19:06:03 | 000,069,556 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190559.reg
[2013/05/06 15:02:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/06 15:02:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5250DN.DAT
[2013/05/01 13:32:30 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/01 13:32:30 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/04/03 16:53:20 | 000,000,356 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/03/26 16:03:24 | 000,007,628 | RHS- | C] () -- C:\Users\administrator.SHOREVIEW\ntuser.pol
[2013/03/25 11:22:44 | 000,002,892 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/11 19:17:57 | 000,787,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

This is the 'extras.txt'

OTL Extras logfile created on: 9/17/2013 10:28:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\it4tools
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

24.00 Gb Total Physical Memory | 19.72 Gb Available Physical Memory | 82.18% Memory free
47.99 Gb Paging File | 43.46 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350.00 Gb Total Space | 272.22 Gb Free Space | 77.78% Space Free | Partition Type: NTFS

Computer Name: SDTERMSRV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1159EB7C-987B-451F-B43C-E4E48F8394F9}" = lport=139 | protocol=6 | dir=in | app=system |
"{15D4953D-B007-4516-8CE6-91EB0D603BDF}" = rport=138 | protocol=17 | dir=out | app=system |
"{16EA2C89-7229-493A-99E9-C0A8AE6FE3CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FFB186E-C627-40B3-BEF4-DCABE0EE77FE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2518C397-202F-4BE4-953A-D927ADDF9120}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2ED84608-8F89-4211-B395-C6409CB68A64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{335A8876-431C-42A2-8F43-11C540998F27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{384624ED-47C7-4EB1-B415-BC9BA363A4F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CA8079A-7EA4-4FCA-8025-BC648AB35BDC}" = rport=5358 | protocol=6 | dir=out | app=system |
"{4274DF77-ADCB-4B57-AE51-AE3C85F23BFB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5D0AAB74-884C-4A2F-9488-B5A87483BE85}" = rport=137 | protocol=17 | dir=out | app=system |
"{659C08EA-C9D5-4F45-B81C-2DF3F72D65EB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68D94658-9119-4DD0-A2AD-F776B5456D42}" = lport=137 | protocol=17 | dir=in | app=system |
"{6AF61390-3ED2-4F5D-9805-7CAC4256BA74}" = rport=138 | protocol=17 | dir=out | app=system |
"{71C80E0C-91B1-4712-B55B-56F58A0AECB8}" = lport=138 | protocol=17 | dir=in | app=system |
"{71F4A3D3-BC84-4105-8402-467783E13735}" = rport=139 | protocol=6 | dir=out | app=system |
"{72B0444F-C08E-4258-8FD8-59CF45096799}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77AC85EB-3E45-4EEB-B0A7-0E627E22F25E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7F575C5A-6DCE-415A-8CB3-19DA31633AF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{884B5203-F105-4FA9-B521-609804856DC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0A26CF7-D0CC-4253-8360-D007E9FBBEAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B1A659BB-CC70-42D6-B27C-897093165DFB}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B277251B-8A94-4900-90C6-4C150728AA71}" = lport=139 | protocol=6 | dir=in | app=system |
"{B3E53A07-A5A6-4F12-B6FE-5E1E6A9463B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{B48A2C2B-0182-4226-8BFB-5F3D75E751A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B761A0D2-2029-4D64-84E3-9345E4E489EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B80B00C2-315B-47D1-88AC-2EA0FD5BB533}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8361BCC-AB21-40DD-9E20-670208F7FECD}" = lport=137 | protocol=17 | dir=in | app=system |
"{BCDAB12A-D624-49BC-A5B9-470637190BE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF2A6088-8718-4D36-BC29-48EEF2596572}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C72185CA-1568-4C39-8C6A-064DEA1D5203}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA81EA18-A16C-4449-B6C3-AAF33BD1F645}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCDDEA87-AE9C-4201-B71F-13688C53B541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA039DB2-73BE-4E40-9B82-99533BA68409}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBBAE909-47CA-4146-BC0F-170D1F90F129}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{DC8296E4-EEDD-45F8-B5BE-2C8268FC1336}" = rport=5357 | protocol=6 | dir=out | app=system |
"{DF1FD793-0BBB-45BF-87D5-FD94B8745BF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF7B5A9E-B1A3-462A-98EA-73265FE24CBB}" = lport=138 | protocol=17 | dir=in | app=system |
"{E191FB57-6994-4A4B-8FEA-077D999B0C86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFC0579E-B5E0-48AD-AC0A-04EC18B2685D}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAAD5CBC-8D98-494D-B655-586D540EFA64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FAF5470D-681D-4179-8D01-5C15CD87D9C5}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D0D987A-9D9B-43DD-9CA8-D0097C0ED39F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{139C1A6C-18B4-4781-A844-618BCFF03C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\kaseya\axsmcr74234068025903\liveconnect.exe |
"{226B52E4-2B5F-418B-BE05-50CEC3F4979A}" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe |
"{3600BE14-D2D7-49B0-8904-889BFDEBD7D3}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{38D3EBA6-15F6-4D39-9FFE-73F127004910}" = protocol=58 | dir=in | [email protected],-28545 |
"{5D28C024-F2F6-4C76-932C-F203A8261280}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{5F5411E2-B420-44C4-B7AC-EFBCE632F239}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{60F540A0-3F54-4E4B-8D34-5E077DAC5E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{646B27DA-2891-46BE-8C2F-7091B3D91D5F}" = protocol=1 | dir=in | [email protected],-28543 |
"{67F22C1A-D407-43FC-8834-5AD077319EBA}" = protocol=58 | dir=in | [email protected],-28545 |
"{6BCBF69F-B65D-4CD4-860B-618ED68135E5}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{6CDF724E-74DB-471C-A26F-EC1BE868C00A}" = protocol=1 | dir=out | [email protected],-28544 |
"{7A9DB42F-DDC2-4D58-A343-14853F0C3CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{85ECCBE8-8308-47CF-B439-0239A739E706}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{96F6A8F2-70CC-4205-BFE4-1B3FCCF3A047}" = protocol=58 | dir=out | [email protected],-28546 |
"{B00C70CB-B14E-4A00-AA7E-D88FBA1DF0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B076692F-F177-4E6A-8A75-8ECD8725276C}" = protocol=58 | dir=out | [email protected],-28546 |
"{BF4954D6-4B6A-4882-AF1A-246164015AC4}" = protocol=1 | dir=out | [email protected],-28544 |
"{CA1C0FB4-0498-44AC-84C4-24344AC9E37D}" = protocol=17 | dir=in | app=c:\program files (x86)\kaseya\axsmcr74234068025903\liveconnect.exe |
"{D1EF535D-7AD1-49ED-8647-F187BC0BF06F}" = protocol=6 | dir=out | app=system |
"{E01E0D66-9208-41FB-A2BA-BBFC56DE5BC6}" = protocol=1 | dir=in | [email protected],-28543 |
"{FB14F399-075D-473B-83CE-052DD3FE067F}" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}" = Windows Small Business Server 2011 Standard ClientAgent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A60A2B9C-72E4-417F-8F53-9B1668E093C1}" = Citrix XenServer Windows Guest Agent
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E275348B-096B-4463-BCC5-49A689212219}" = Citrix Xen Windows x64 PV Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"10112DE6EB950396BD5E7119743136177EC3B33D" = Windows Driver Package - Citrix Systems Inc. (xennet) Net (09/10/2012 7.0.0.65)
"5DB0B2B4D8D7C1CEBCBD4D2B2332F878ACAEB5C9" = Windows Driver Package - Citrix Systems Inc. (xenvif) System (09/20/2012 7.0.0.119)
"A0057E6701F54039DEA08E5987CD972A6E26876C" = Windows Driver Package - Citrix Systems, Inc. (xenvbd) SCSIAdapter (08/14/2012 7.0.0.70)
"ADDE32F961D68B41A7141149FDC784146FBE6D62" = Windows Driver Package - Citrix Systems Inc. (xenbus) System (09/05/2012 7.0.0.186)
"CCleaner" = CCleaner
"F76DB011738CF6FFD9AF8FFFE353D057698B9418" = Windows Driver Package - Citrix Systems, Inc. (xeniface) System (08/21/2012 7.0.0.24)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008
"{198945E2-E089-4094-A63D-166DBE8B87DF}" = FileMaker Pro 12
"{198945E2-E089-4094-A63D-166DBE8B87DF}_FileMaker" = FileMaker Pro 12
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{39A086B2-07D6-430B-AE5E-B8AC1CC843A7}" = GFI Business Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A07134C-B9B6-4509-ABBD-CA832D906869}" = Prophet 21 Forms Package
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{BCE9A987-CF46-4A9E-BABA-0D7E01583B29}" = Citrix XenServer Tools Installer
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{EB820BCB-754D-4FB4-976C-7FECD7BB277B}" = Epicor EPayments
"{FFA7FFAB-EEFA-4FA3-BDE9-28A478ED027C}" = Prophet 21
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"InstallShield_{FFA7FFAB-EEFA-4FA3-BDE9-28A478ED027C}" = Activant Prophet 21 12.1
"KAAXSMCR74234068025903" = Kaseya Agent (sdtermsrv.servers.shoreview.managed - monitor.it4inc.com)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.STANDARD" = Microsoft Office Standard 2010
"RealVNC_is1" = VNC Enterprise Edition E4.6.3
"SAAZOD" = ITSupport247-MSMA
"SoftwareUpdUtility" = Download Updater (AOL Inc.)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.7.0.1172

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1082

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.7.0.1172

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Activant Events ]
Error - 5/16/2013 2:34:40 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '?' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "--silent" "XMLBATCHLIST"
"c:\jfsrvr\data\CrystalViewer_PT206209.lst" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '?' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()
Stack
Trace: at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 5/16/2013 2:34:43 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '?' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "--silent" "XMLBATCHLIST"
"c:\jfsrvr\data\CrystalViewer_PT206210.lst" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '?' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()
Stack
Trace: at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 5/16/2013 2:34:46 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '?' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "--silent" "XMLBATCHLIST"
"c:\jfsrvr\data\CrystalViewer_PT206211.lst" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '?' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()
Stack
Trace: at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 5/16/2013 2:34:48 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '?' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "--silent" "XMLBATCHLIST"
"c:\jfsrvr\data\CrystalViewer_PT206212.lst" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '?' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()
Stack
Trace: at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 5/16/2013 2:34:51 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '?' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "--silent" "XMLBATCHLIST"
"c:\jfsrvr\data\CrystalViewer_PT206213.lst" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '?' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()
Stack
Trace: at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21XmlCrystalReport.ApplyRenderingOptions() at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 6/25/2013 11:50:18 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description =

Error - 7/24/2013 5:27:07 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "SQL" "22436"
"SQL.Shoreview.com" "Prophet21" "crystal" "crystal" "0" "" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions() Stack Trace:
at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 7/24/2013 5:29:02 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer '' is not a valid installed printer. Application information:
P21CrystalIntegration Product Name: P21CrystalIntegration Version: 12.1.0.0 File Version:
12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet 21 12.1 Company
Name: Epicor Software Corporation Copyright: ©2008 Epicor Software Corporation -
All rights reserved Trademark: Epicor, Prophet 21, and the Epicor Logo are registered
trademarks of Epicor Software Corporation. Command-line arguments: "SQL" "22438"
"SQL.Shoreview.com" "Prophet21" "crystal" "crystal" "0" "" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer '' is not a valid installed printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions() Stack Trace:
at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 7/24/2013 5:30:21 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description = An exception occurred in P21CrystalIntegration (Activant.Prophet21.CrystalReports):
The specified printer 'Brother HL-2240D series (redirected 5)' is not a valid installed
printer. Application information: P21CrystalIntegration Product Name: P21CrystalIntegration
Version:
12.1.0.0 File Version: 12.2.5.0 Installed Directory: C:\Program Files (x86)\Activant\Prophet
21 12.1 Company Name: Epicor Software Corporation Copyright: ©2008 Epicor Software
Corporation - All rights reserved Trademark: Epicor, Prophet 21, and the Epicor
Logo are registered trademarks of Epicor Software Corporation. Command-line arguments:
"SQL"
"22439" "SQL.Shoreview.com" "Prophet21" "crystal" "crystal" "0" "Brother HL-2240D
series (redirected 5)" Exception details: Activant.Prophet21.CrystalReports.P21CrystalReportException:
The specified printer 'Brother HL-2240D series (redirected 5)' is not a valid installed
printer. at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions() Stack Trace:
at Activant.Prophet21.CrystalReports.CrystalFormsPrinting.PrintImmediate(ReportDocument
reportDocument, String printerName, Int16 copies, Boolean collate, Int32 papersourceRawKind)

at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ProcessRenderingOption(P21CrystalReportRenderingOption
renderingOption) at Activant.Prophet21.CrystalReports.P21CrystalReportClass.ApplyRenderingOptions()

at P21CrystalViewer.P21CrystalReportHandler.ApplyRenderingOptions()

Error - 8/2/2013 4:12:20 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Prophet 21 Crystal Reports Integration | ID = 0
Description =

[ Application Events ]
Error - 6/21/2013 7:02:01 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/21/2013 8:01:25 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/22/2013 8:24:32 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Microsoft-Windows-Folder Redirection | ID = 502
Description = Failed to apply policy and redirect folder "Documents" to "\\shoreviewdc\users$\Beth".

Redirection options=0x80009231. The following error occurred: "Can not create folder
"\\shoreviewdc\users$\Beth"". Error details: "This security ID may not be assigned
as the owner of this object. ".

Error - 6/23/2013 5:26:02 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/23/2013 5:26:35 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/23/2013 8:03:37 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Microsoft-Windows-Folder Redirection | ID = 502
Description = Failed to apply policy and redirect folder "Documents" to "\\shoreviewdc\users$\Beth".

Redirection options=0x80009231. The following error occurred: "Can not create folder
"\\shoreviewdc\users$\Beth"". Error details: "This security ID may not be assigned
as the owner of this object. ".

Error - 6/24/2013 8:58:24 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/24/2013 9:38:54 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Microsoft-Windows-Folder Redirection | ID = 502
Description = Failed to apply policy and redirect folder "Documents" to "\\shoreviewdc\users$\Beth".

Redirection options=0x80009231. The following error occurred: "Can not create folder
"\\shoreviewdc\users$\Beth"". Error details: "This security ID may not be assigned
as the owner of this object. ".

Error - 6/24/2013 1:26:14 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 6/25/2013 9:20:06 AM | Computer Name = SDTERMSRV.shoreview.com | Source = Microsoft-Windows-Folder Redirection | ID = 502
Description = Failed to apply policy and redirect folder "Documents" to "\\shoreviewdc\users$\beth".

Redirection options=0x80009231. The following error occurred: "Can not create folder
"\\shoreviewdc\users$\beth"". Error details: "This security ID may not be assigned
as the owner of this object. ".

[ System Events ]
Error - 7/17/2013 1:05:48 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1111
Description = Driver Jump Desktop Printer required for printer Jump Desktop Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/17/2013 1:14:18 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1103
Description = An internal communication error occurred. Redirected printing will
no longer function for a single user session. Check the status of the Remote Desktop
Device Redirector in the System folder of Device Manager.

Error - 7/17/2013 1:14:18 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1103
Description = An internal communication error occurred. Redirected printing will
no longer function for a single user session. Check the status of the Remote Desktop
Device Redirector in the System folder of Device Manager.

Error - 7/17/2013 2:09:33 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1111
Description = Driver Jump Desktop Printer required for printer Jump Desktop Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/17/2013 4:19:49 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/17/2013 4:19:49 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/17/2013 4:19:50 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/17/2013 4:19:50 PM | Computer Name = SDTERMSRV.shoreview.com | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/17/2013 4:24:09 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1111
Description = Driver Jump Desktop Printer required for printer Jump Desktop Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/17/2013 9:38:20 PM | Computer Name = SDTERMSRV.shoreview.com | Source = UmrdpService | ID = 1111
Description = Driver Jump Desktop Printer required for printer Jump Desktop Printer
is unknown. Contact the administrator to install the driver before you log in again.

< End of report >

#2
Phel

Posted 17 September 2013 - 09:05 AM

Trusted Helper

Malware Removal
1,386 posts

Hello, jedichrome and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
Finally, enjoy the fight!

Please, wait for a while, I'm analyzing your logs now. I will post my next instructions to you soon.

#3
Phel

Posted 17 September 2013 - 10:43 AM

Trusted Helper

Malware Removal
1,386 posts

Hello,

I see that your computer was infected by CryptoLocker. Have you already removed it? Are you able to access your personal files now?

Please, follow these steps. Be extremly cautious and feel free to ask before doing anything, if you have any doubts:

Step 1. OTL fix.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
PRC - [2013/09/17 09:17:57 | 000,122,880 | RHS- | M] () -- C:\Users\Linda\yoiin.exe
PRC - [2013/04/29 03:37:01 | 000,471,040 | ---- | M] (Everylisten Corp.) -- C:\Users\Linda\AppData\Roaming\Zuke\ikqee.exe
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [Ikqee] C:\Users\Linda\AppData\Roaming\Zuke\ikqee.exe (Everylisten Corp.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [yoiin] C:\Users\Linda\yoiin.exe ()
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Exyxte] C:\Users\michael\AppData\Roaming\Olyfnu\exyxte.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Kyinoj] C:\Users\michael\AppData\Roaming\Ohymh\kyinoj.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [meufog] C:\Users\michael\meufog.exe /r File not found

:Files
C:\Users\michael\AppData\Roaming\Olyfnu
C:\Users\michael\AppData\Roaming\Ohymh
C:\Users\Linda\AppData\Roaming\Zuke

:Commands
[RESETHOSTS]

Then click the Run Fix button at the top.
Let the program run unhindered.

Restart the server when it will be possible.

Step 2. OTL scan.

Run OTL.
Click on Scan All Users checkbox, which is located near Quick Scan button.
Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
BASESERVICES
```
Then click the Run Scan button at the top.
Let the program run unhindered.
When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.

#4
jedichrome

Posted 17 September 2013 - 02:52 PM

New Member

Topic Starter
Member
3 posts

Thank you for your assistance.

I did notice the Crypto infection as well. What a nightmare that is. We had to restore the files from an offsite backup.
I followed your instructions and here is the updated OTL.TXT:

OTL logfile created on: 9/17/2013 4:22:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\it4tools
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

24.00 Gb Total Physical Memory | 17.22 Gb Available Physical Memory | 71.77% Memory free
47.99 Gb Paging File | 40.84 Gb Available in Paging File | 85.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350.00 Gb Total Space | 271.78 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive I: | 696.75 Gb Total Space | 520.43 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive M: | 550.00 Gb Total Space | 538.59 Gb Free Space | 97.93% Space Free | Partition Type: NTFS
Drive X: | 1000.00 Gb Total Space | 796.25 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive Y: | 1000.00 Gb Total Space | 796.25 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive Z: | 1000.00 Gb Total Space | 796.25 Gb Free Space | 79.63% Space Free | Partition Type: NTFS

Computer Name: SDTERMSRV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 10:26:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\it4tools\OTL.exe
PRC - [2013/08/19 16:23:24 | 000,806,632 | ---- | M] () -- C:\Program Files (x86)\SAAZOD\zCMon\ZConRelation.exe
PRC - [2013/08/02 21:09:24 | 028,057,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\rory\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/30 18:33:32 | 003,232,152 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
PRC - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
PRC - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
PRC - [2013/03/29 13:45:02 | 002,937,384 | ---- | M] (AOL Inc.) -- C:\Users\cynthia\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/03/29 13:45:02 | 002,937,384 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2013/03/22 01:44:16 | 006,167,552 | ---- | M] () -- C:\Program Files (x86)\Activant\Prophet 21 12.1\pxxi.exe
PRC - [2013/03/07 17:54:54 | 001,085,440 | ---- | M] (Kaseya International Limited) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\AgentMon.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/02 23:37:50 | 000,593,200 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zCMon\zPerf.exe
PRC - [2012/11/02 23:37:50 | 000,097,584 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\PROANY.exe
PRC - [2012/11/02 23:37:50 | 000,093,488 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZRCCTL.EXE
PRC - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZWatchDog.exe
PRC - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZMSMACTL.EXE
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZScheduler.exe
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZapsc.exe
PRC - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZappr.exe
PRC - [2012/11/02 23:37:50 | 000,081,200 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZRemoteSupport.exe
PRC - [2012/11/02 23:37:48 | 000,146,736 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\DMPHelpDesk.exe
PRC - [2012/10/31 16:37:52 | 000,577,536 | ---- | M] (Kaseya International Limited) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\KaUsrTsk.exe
PRC - [2012/08/15 22:37:42 | 000,083,024 | ---- | M] ( ) -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\extensions\Lua.exe
PRC - [2012/07/06 21:32:00 | 000,171,312 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\rtHlpDk.exe
PRC - [2012/07/06 21:31:52 | 000,171,312 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\zRealTime\rtdrHlpDk.exe
PRC - [2012/07/06 19:53:06 | 000,142,640 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\RMHLPDSK.exe
PRC - [2012/07/06 19:49:40 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) -- C:\Program Files (x86)\SAAZOD\SAAZServerPlus.exe
PRC - [2012/03/15 21:33:26 | 013,529,440 | ---- | M] (FileMaker, Inc.) -- C:\Program Files (x86)\FileMaker\FileMaker Pro 12\FileMaker Pro.exe
PRC - [2011/08/18 14:37:42 | 001,696,496 | ---- | M] (RealVNC Ltd) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2002/11/04 20:29:14 | 000,024,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Control\jfservic.exe
PRC - [2002/11/04 20:28:44 | 000,143,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Bin\JfServer.exe
PRC - [2002/11/04 20:28:22 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Central\Bin\PipeMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/07 16:21:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\libkacm.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:24:34 | 000,694,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lserver.dll -- (TermServLicensing)
SRV:64bit: - [2009/07/13 21:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 21:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2013/09/13 20:40:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 19:44:20 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 19:44:16 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2013/03/07 17:54:54 | 001,085,440 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\AgentMon.exe -- (KAAXSMCR74234068025903)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/11/02 23:37:50 | 000,093,488 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZRCCTL.EXE -- (SAAZRCCTL)
SRV - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZWatchDog.exe -- (SAAZWatchDog)
SRV - [2012/11/02 23:37:50 | 000,089,392 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZMSMACTL.EXE -- (SAAZMSMACTL)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZScheduler.exe -- (SAAZScheduler)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZapsc.exe -- (SAAZapsc)
SRV - [2012/11/02 23:37:50 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\zRealTime\SAAZappr.exe -- (SAAZappr)
SRV - [2012/11/02 23:37:50 | 000,081,200 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZRemoteSupport.exe -- (SAAZRemoteSupport)
SRV - [2012/09/25 12:47:28 | 000,086,888 | ---- | M] (Citrix) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\XenTools\Installer\InstallWizard.Exe -- (XenPVInstall)
SRV - [2012/07/09 15:46:54 | 000,015,360 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\XenTools\XenGuestAgent.Exe -- (XenSvc)
SRV - [2012/07/06 19:49:40 | 000,085,296 | ---- | M] (Continuum Managed Services LLC.) [Auto | Running] -- C:\Program Files (x86)\SAAZOD\SAAZServerPlus.exe -- (SAAZServerPlus)
SRV - [2011/08/18 14:37:42 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2010/11/20 23:24:58 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002/11/04 20:29:14 | 000,024,576 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Central\Control\jfservic.exe -- (JetFormCentral)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/07 19:44:16 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/05/15 14:23:01 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/01/15 16:17:30 | 000,086,968 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/01/15 16:17:26 | 000,088,864 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2013/01/07 22:32:50 | 000,035,048 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KAPFA.sys -- (KAPFA)
DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/09/20 17:57:42 | 000,343,952 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xenvif.sys -- (xenvif)
DRV:64bit: - [2012/09/10 20:07:00 | 000,039,608 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xennet.sys -- (xennet)
DRV:64bit: - [2012/09/05 19:48:50 | 000,189,440 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenbus.sys -- (xenbus)
DRV:64bit: - [2012/09/05 19:48:28 | 000,080,272 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenfilt.sys -- (xenfilt)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:22:44 | 000,061,744 | ---- | M] (Citrix Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xeniface.sys -- (xeniface)
DRV:64bit: - [2012/08/14 17:24:22 | 000,114,280 | ---- | M] (Citrix Systems Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenvbd.sys -- (xenvbd)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/02 00:17:41 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2010/11/20 23:24:00 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:24:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/05/23 19:44:29 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 23:25:11 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE CE D3 A5 58 52 CE 01 [binary data]
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2013/09/17 16:21:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\GFI Software\GFIAgent\SBRC.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [KASHAXSMCR74234068025903] C:\Program Files (x86)\Kaseya\AXSMCR74234068025903\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [pebqoxxetxuz] C:\Users\Linda\pebqoxxetxuz.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336..\Run: [AIM for Windows] C:\Users\cynthia\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736..\Run: [xebuz] C:\Users\beth\xebuz.exe /z File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [CryptoLocker] C:\Users\michael\AppData\Roaming\{252C7B1F-0437-1206-003F-060205080B0B}.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\administrator.SHOREVIEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_68549431.lnk = File not found
O4 - Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\rory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1006\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1155\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1327\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([bofacapital-certs] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([cashproonline] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1336\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4231\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..Trusted Domains: bankofamerica.com ([bofacapital-certs] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..Trusted Domains: bankofamerica.com ([cashproonline] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-4644\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5715\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797\..Trusted Domains: sites ([]https in Local intranet)
O15 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5801\..Trusted Domains: sites ([]https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shoreview.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64063ED3-70B6-4652-8867-C495FF0981D1}: NameServer = 10.0.0.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 16:21:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/17 12:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/09/17 10:27:40 | 000,000,000 | ---D | C] -- C:\it4tools
[2013/09/16 19:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/16 19:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/16 19:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/16 18:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/09/16 16:24:53 | 000,000,000 | ---D | C] -- C:\Users\administrator.SHOREVIEW\AppData\Roaming\Malwarebytes
[2013/09/16 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 16:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/16 16:24:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/16 16:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/28 09:38:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/08/28 09:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/08/28 09:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/28 09:38:18 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/28 09:38:18 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/28 09:38:18 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/28 09:38:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/28 09:38:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/28 09:38:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/28 09:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2013/09/17 16:21:12 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/09/17 15:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/17 12:48:37 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 12:48:37 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 12:45:39 | 000,823,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/17 12:45:39 | 000,691,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/17 12:45:39 | 000,133,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/17 12:40:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/17 12:06:46 | 000,001,056 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_68549431.lnk
[2013/09/16 19:07:09 | 000,000,186 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190706.reg
[2013/09/16 19:06:21 | 000,004,258 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190618.reg
[2013/09/16 19:06:05 | 000,069,556 | ---- | M] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190559.reg
[2013/09/13 20:40:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 20:40:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/28 09:38:02 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/28 09:38:02 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/28 09:38:02 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/28 09:38:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/28 09:38:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/28 09:38:02 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files Created - No Company Name ==========

[2013/09/17 12:06:46 | 000,001,056 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_68549431.lnk
[2013/09/16 19:07:07 | 000,000,186 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190706.reg
[2013/09/16 19:06:20 | 000,004,258 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190618.reg
[2013/09/16 19:06:03 | 000,069,556 | ---- | C] () -- C:\Users\administrator.SHOREVIEW\Documents\cc_20130916_190559.reg
[2013/05/06 15:02:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/06 15:02:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5250DN.DAT
[2013/05/01 13:32:30 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/01 13:32:30 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/04/03 16:53:20 | 000,000,356 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/03/26 16:03:24 | 000,007,628 | RHS- | C] () -- C:\Users\administrator.SHOREVIEW\ntuser.pol
[2013/03/25 11:22:44 | 000,002,892 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/11 19:17:57 | 000,787,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:24:02 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:06 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:06 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:10 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:24:00 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:06 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:19 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 23:24:00 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:24:02 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:10 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:18 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:30 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:06 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:24:02 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:30 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:30 | 000,679,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:24:02 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:25 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:25:11 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:10 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
No service found with a name of Wlansvc
SRV:64bit: - [2010/11/20 23:24:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< End of report >

#5
Phel

Posted 18 September 2013 - 10:06 AM

Trusted Helper

Malware Removal
1,386 posts

Hello,

How your computer is running now?

Have you disabled Windows Security Center by yourself?

Please, follow these steps:

Step 1. MBRCheck scan.

Download MBRCheck from here to your Desktop.
Double-click MBRCheck.exe on your Desktop to run it.
Wait until scan will be finished (it could take some time, usually less than minute). Please, do not press any keys.
Once you will be promted to press Enter key to exit - do it.
A report called MBRCheck_[date].txt will be genrated on your Desktop. Post it's contents in your next message.

Step 2. OTL fix.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-1010..\Run: [pebqoxxetxuz] C:\Users\Linda\pebqoxxetxuz.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-3736..\Run: [xebuz] C:\Users\beth\xebuz.exe /z File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [CryptoLocker] C:\Users\michael\AppData\Roaming\{252C7B1F-0437-1206-003F-060205080B0B}.exe File not found
O4 - HKU\S-1-5-21-1806702894-2239225744-2997380310-5797..\Run: [Google Update] Reg Error: Value error. File not found

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Restart the server when it will be possible.

Step 3. OTL scan.

Run OTL.
Click on Scan All Users checkbox, which is located near Quick Scan button.
Then click the Run Scan button at the top.
Let the program run unhindered.
When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.

So, please, don't forget to post in your next message: