Solved Sbscrexe.exe rootkit

Status
Not open for further replies.
S

severedgein

Posts: 54   +0
Hey, got a scare-ware pop-up while trying to visit a site. Now this process is running in the background and everything I find on google says it's going to reboot my server after an hour, at which point it'll probably seriously infect my system, so any urgent help would be appreciated.

ran MBAM and GMER, DDS will not run because I'm using Server 2003.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.04

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
administrator :: SERVER [administrator]

6/8/2012 9:47:40 AM
mbam-log-2012-06-08 (09-47-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216794
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-08 09:57:52
Windows 5.2.3790 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\MegaIDE1Port1Path0Target4Lun0 LSI_____ rev.1.0_
Running: fgbw86xo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uftdypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\sbscrexe.exe (*** hidden *** ) [AUTO] SBCore <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
 
In the mean time I've used Microsoft Sysinternals Process Explorer to suspend the process in the hopes that it doesn't reboot.

update: which seems to have worked, if the reboot was going to happen.

Edit: also, I never clicked on any button from the pop-up. I just went straight to task manager and killed IE.
 
Hey, you're not suppose to make a thread Active! That's a job for either Broni or I to do when we pick up a thread. Aren't you glad I checked nyway!!?!

As to your problem: Please be advised that we are volunteers amd are handling multiple threads at the same time. Your request for :urgent help" eans that I will work with you s I can.
==========================================
Now that you have requested my help, please stop using rndom programs on your own. Only run what I request.
=========================================
sbscrexe.exe file information

The process SBS-Lizenzierungsdienst or SBS Licensing Service belongs to the software Betriebssystem Microsoft Windows or Microsoft Windows Operating System by Microsoft (www.microsoft.com).
--------------------------------------
I believe this is a type of home security which may have com ein through a Blackberry. The problem is that is may not work well if you have small business, or 'enterprise' security.
=====================================================
You are running the server in a business environment, correct? Do you have an IT available for the office?
====================================================

You can try this> I don't know if it will work> See if you can get DDS to run using one of the following:
DDS won't run {.scr)

Please download the corresponding file for your operating system:

XP

Vista

Windows 7

Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
===========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Yes, it's business server running Small Business Server 2003 edition. DDS keeps giving me this error, despite the reg edits:

dds.JPG

edit: sorry for the "active" and "urgent" help request. The threads I found about this program pointed my nose towards a malware that was exploiting this Microsoft program to auto-restart the computer without my approval in an hour and I didn't want to just kill the process and make things worse.
 
See if you can run the following- I have to have something to work with:

  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
=======================================================
I am concerned about what effect your problem might have on the other systems using the server.
 
OTL logfile created on: 6/11/2012 12:50:50 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.27% Memory free
5.84 Gb Paging File | 2.96 Gb Available in Paging File | 50.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.11 Gb Total Space | 12.50 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive D: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
Drive P: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX13.856\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
PRC - D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\monitoring\b414b2d0\3ba7056a\s2qqhkdm.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - \\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll ()
MOD - c:\windows\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll ()
MOD - c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll ()
MOD - c:\windows\assembly\gac\system.directoryservices\1.0.5000.0__b03f5f7f11d50a3a\system.directoryservices.dll ()
MOD - c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll ()
MOD - c:\windows\assembly\gac\system.web.regularexpressions\1.0.5000.0__b03f5f7f11d50a3a\system.web.regularexpressions.dll ()
MOD - c:\windows\assembly\gac\microsoft.jscript\7.0.5000.0__b03f5f7f11d50a3a\microsoft.jscript.dll ()
MOD - c:\windows\assembly\gac\system.web.ui.mobilecontrols.adapters\1.1.0.0__b03f5f7f11d50a3a\system.web.ui.mobilecontrols.adapters.dll ()
MOD - c:\windows\assembly\gac\system.configuration.install\1.0.5000.0__b03f5f7f11d50a3a\system.configuration.install.dll ()
MOD - c:\windows\assembly\gac\microsoft.vsa\7.0.5000.0__b03f5f7f11d50a3a\microsoft.vsa.dll ()
MOD - c:\windows\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - c:\windows\assembly\gac\microsoft.visualc\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualc.dll ()
MOD - \\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WinHttpAutoProxySvc) -- winhttp.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
SRV - (MSSQL$LYTECMD) SQL Server (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$LYTECMD) SQL Server Agent (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MSExchangeIS) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (RESvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (POP3Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (NntpSvc) Network News Transfer Protocol (NNTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IMAP4Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (MSPOP3Connector) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
SRV - (MSExchangeSA) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
SRV - (MSExchangeMGMT) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
SRV - (MSExchangeMTA) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
SRV - (MSExchangeSRS) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
SRV - (MSSEARCH) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
SRV - (MSExchangeES) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (uftdypob) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uftdypob.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (LicenseInfo) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (RsFx0151) -- C:\WINDOWS\system32\drivers\RsFx0151.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (hugoio) -- C:\Program Files\I-Menu\hugoio.sys ()
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (sacdrv) -- C:\WINDOWS\System32\drivers\sacdrv.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\dfs.sys (Microsoft Corporation)
DRV - (MegaIDE) -- C:\WINDOWS\system32\drivers\MegaIDE.sys (LSI Logic Corporation.)
DRV - (EXIFS) -- C:\WINDOWS\system32\drivers\exifs.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}
IE - HKCU\..\SearchScopes\{FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:32:16 | 000,000,000 | ---D | M]

[2011/05/16 09:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/06/04 10:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions
[2011/08/30 09:10:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions\netvideohunter@netvideohunter.com
[2012/03/20 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/16 08:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/08 09:53:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/30 17:41:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 09:58:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/10 11:44:33 | 000,437,835 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: bethesdahealthcare.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} https://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab (Soarian Frame Tools for Internet Explorer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://diapp2.bethesdahealthcare.com/m0k0/html/download/IkmControlDownloader.cab (IkmControlDownloader Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSBOYNTON.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A21CF31-3F8F-4A08-AE14-CB76E689FF25}: NameServer = 192.168.1.254
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/30 11:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias.dll (Microsoft Corporation)
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 12:49:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/08 10:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens
[2012/06/08 09:58:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/06/07 09:42:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$950099Uinstall_KB968930$
[2012/06/07 09:39:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$ExchUninstallKB888619$
[2012/06/03 01:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/05/22 08:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ancient Mesopotamia
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 12:56:43 | 000,032,118 | ---- | M] () -- C:\ads_err.adt
[2012/06/11 12:56:11 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/11 12:51:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 12:50:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/11 12:45:54 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
[2012/06/11 12:00:19 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
[2012/06/11 06:01:12 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Performance Report.job
[2012/06/11 05:12:26 | 000,003,107 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/06/10 19:03:14 | 000,000,505 | ---- | M] () -- C:\WINDOWS\tasks\Lytec 2011 Nightly Back Up.job
[2012/06/08 15:11:14 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2012/06/08 15:08:10 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyPrint.lnk
[2012/06/08 10:18:56 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2012/06/08 09:58:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/06/08 09:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 09:00:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/08 06:12:21 | 001,106,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/08 06:12:21 | 000,311,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/08 06:07:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/07 09:42:32 | 000,004,798 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/04 16:51:49 | 000,000,022 | ---- | M] () -- C:\WINDOWS\pspvc_path.ini
[2012/06/04 15:15:23 | 024,268,588 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
[2012/06/04 14:30:37 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Navinet.url
[2012/06/04 09:12:50 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Payerpath - The Best Route for Healthcare Transactions.url
[2012/05/24 10:58:21 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Payerpath - The Best Route for Healthcare Transactions.url
[2012/05/18 13:10:55 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 14:54:27 | 000,235,070 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
[2012/05/15 06:08:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 09:01:08 | 001,314,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 09:28:22 | 000,735,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/06/05 03:00:42 | 000,004,798 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/04 15:15:23 | 024,268,588 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
[2012/05/17 14:54:27 | 000,235,070 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
[2012/05/14 09:01:05 | 001,314,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
[2012/03/27 09:23:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
[2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
[2011/09/23 16:38:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\hugoio.sys
[2011/07/15 09:33:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
[2011/05/16 09:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/13 16:30:24 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 15:32:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 18:55:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/30 12:10:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/04/30 11:47:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/04/30 11:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2011/04/30 11:37:38 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2011/04/30 11:30:42 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2011/04/30 11:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 11:00:12 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 10:59:54 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/30 10:59:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/30 10:59:14 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/30 10:59:14 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/30 10:59:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/30 06:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 06:49:35 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

========== LOP Check ==========

[2012/02/23 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/05/02 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2011/10/14 11:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix
[2011/12/23 10:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2011/11/30 10:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RM_1711
[2012/06/08 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SendClaim
[2012/03/27 09:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2012/04/05 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/05/02 14:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/11/21 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lytec
[2011/11/21 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson
[2011/11/30 10:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson Corporation
[2011/07/15 09:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
[2011/08/10 10:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simego
[2012/02/27 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/01 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 12:45:54 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
[2012/06/10 19:03:14 | 000,000,505 | ---- | M] () -- C:\WINDOWS\Tasks\Lytec 2011 Nightly Back Up.job
[2012/06/11 12:56:00 | 000,032,484 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2012/06/11 12:00:19 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
[2012/06/11 06:01:12 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Performance Report.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/02/17 10:03:48 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\msizap.exe

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2005/03/24 22:31:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/02/17 10:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\explorer.exe
[2007/02/17 10:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: USERINIT.EXE >
[2005/03/24 22:31:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2007/02/17 10:04:03 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007/02/17 10:04:03 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005/03/24 22:31:08 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007/02/17 10:04:05 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007/02/17 10:04:05 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
 
OTL Extras logfile created on: 6/11/2012 12:50:50 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.27% Memory free
5.84 Gb Paging File | 2.96 Gb Available in Paging File | 50.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.11 Gb Total Space | 12.50 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive D: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
Drive P: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Simego\SQL Admin Studio\Simego.SQLTools.Explorer.exe" = C:\Program Files\Simego\SQL Admin Studio\Simego.SQLTools.Explorer.exe:*:Enabled:SQL Admin Studio -- (Simego)
"C:\Program Files\Lytec 2011\Lytec.exe" = C:\Program Files\Lytec 2011\Lytec.exe:*:Enabled:Lytec -- (McKesson)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 SP1 Management Studio
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 SP1 Management Studio
"{130109DD-4BD1-492A-922D-B7B500263F86}" = .NET Framework Machine Code Access Security Policy
"{13998462-EECC-40F7-B501-52A38AA0627F}" = Medicare Remit EasyPrint
"{18026153-83A4-40E0-96B6-41E441607518}" = Eraser 6.0.9.2343
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{299120B9-CD21-43F6-87A5-95BD0673EE45}" = SQL Admin Studio
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LYTEC_SQL)
"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{ED01C034-09A6-4C4F-A7B5-A1B5ADBA4542}" = Lytec 2011 Professional
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{fe8eca37-6afb-42a2-9f6a-c767aca48b38}" = Revenue Management
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"CaptureCAM-PLAYER" = CaptureCAM-PLAYER
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-06-26
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Defraggler" = Defraggler
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"I-Menu_is1" = I-Menu 2.2
"Lytec Professional 2007" = Lytec Professional 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"PSPVC" = PSPVC :: PSP Video Converter v3.91
"Recuva" = Recuva
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2012 5:37:59 PM | Computer Name = SERVER | Source = Windows SharePoint Services 2.0 | ID = 1000
Description = #50070: Unable to connect to the database STS_Config on SERVER\SharePoint.
Check the database connection information and make sure that the database server
is running.

Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


For
more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeDSAccess | ID = 264246
Description = Process MAD.EXE (PID=2888). All Domain Controller Servers in use are
not responding: server.PSBOYNTON.local For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeDSAccess | ID = 264248
Description = Process INETINFO.EXE (PID=1476). All the DS Servers in domain are
not responding. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:08 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


For
more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:09 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


For
more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:09 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8250
Description = The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
specified component could not be found in the configuration information. The service
could not be initialized. Make sure that the operating system was installed properly.


For
more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:18 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
distinguished name ''. Directory returned error:[0x51] Server Down. For more information,
click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:00:18 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8250
Description = The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
specified component could not be found in the configuration information. The service
could not be initialized. Make sure that the operating system was installed properly.


For
more information, click http://www.microsoft.com/contentredirect.asp.

Error - 6/8/2012 6:08:59 AM | Computer Name = SERVER | Source = Windows SharePoint Services 2.0 | ID = 1000
Description = #50070: Unable to connect to the database STS_Config on SERVER\SharePoint.
Check the database connection information and make sure that the database server
is running.

[ DNS Server Events ]
Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.PSBOYNTON.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone PSBOYNTON.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.PSBOYNTON.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone PSBOYNTON.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

[ File Replication Service Events ]
Error - 12/19/2011 6:15:25 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 12/19/2011 6:15:25 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 12/27/2011 6:35:54 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 12/27/2011 6:35:54 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 2/15/2012 6:13:57 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 2/15/2012 6:13:57 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 3/21/2012 5:18:49 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 3/21/2012 5:18:49 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 4/27/2012 5:23:58 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 4/27/2012 5:23:58 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

[ System Events ]
Error - 6/11/2012 12:54:06 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:54:40 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:55:10 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:55:41 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:56:11 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:56:41 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:57:12 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:57:42 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:58:12 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.

Error - 6/11/2012 12:58:43 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SBCore service.


< End of report >
 
Okay, I will do a 'mini' fix for you.

You system is filled with what appears to be work-related software which I normally don't touch. You also have a subnet, intranet and network. You have entries for 'remote management'- and you have specific port assignments:
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

You're using MREP software> way too much business involvement for an open board such as this. So I'm removing the one entry that I know shouldn't be on the system:
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code: 
    :OTL
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-------------------------------
Because of the business/server involvement, if you want this problem handled safely, your boss needs to get an IT in to look at the system.
 
Cleanup log:


All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 57633049 bytes
->Temporary Internet Files folder emptied: 216407885 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 332562071 bytes
->Flash cache emptied: 18593 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 105475 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: ws3
->Temp folder emptied: 377889 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2525375 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56599 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39426574 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 470743508 bytes

Total Files Cleaned = 1,068.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: ws3
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: ws3

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
System Restore Service not available.

OTL by OldTimer - Version 3.2.48.0 log created on 06122012_084051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OTL logfile created on: 6/12/2012 8:53:01 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.67% Memory free
5.84 Gb Paging File | 4.46 Gb Available in Paging File | 76.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.11 Gb Total Space | 13.23 Gb Free Space | 35.66% Space Free | Partition Type: NTFS
Drive D: | 115.56 Gb Total Space | 48.01 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
Drive P: | 115.56 Gb Total Space | 48.01 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
PRC - D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WinHttpAutoProxySvc) -- winhttp.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
SRV - (MSSQL$LYTECMD) SQL Server (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$LYTECMD) SQL Server Agent (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MSExchangeIS) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (RESvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (POP3Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (NntpSvc) Network News Transfer Protocol (NNTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IMAP4Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (MSPOP3Connector) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
SRV - (MSExchangeSA) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
SRV - (MSExchangeMGMT) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
SRV - (MSExchangeMTA) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
SRV - (MSExchangeSRS) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
SRV - (MSSEARCH) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
SRV - (MSExchangeES) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (LicenseInfo) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (RsFx0151) -- C:\WINDOWS\system32\drivers\RsFx0151.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (hugoio) -- C:\Program Files\I-Menu\hugoio.sys ()
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (sacdrv) -- C:\WINDOWS\System32\drivers\sacdrv.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\dfs.sys (Microsoft Corporation)
DRV - (MegaIDE) -- C:\WINDOWS\system32\drivers\MegaIDE.sys (LSI Logic Corporation.)
DRV - (EXIFS) -- C:\WINDOWS\system32\drivers\exifs.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}
IE - HKCU\..\SearchScopes\{FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:32:16 | 000,000,000 | ---D | M]

[2011/05/16 09:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/06/04 10:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions
[2011/08/30 09:10:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions\netvideohunter@netvideohunter.com
[2012/03/20 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/16 08:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/08 09:53:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/30 17:41:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 09:58:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/12 08:41:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O15 - HKCU\..Trusted Domains: bethesdahealthcare.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} https://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab (Soarian Frame Tools for Internet Explorer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://diapp2.bethesdahealthcare.com/m0k0/html/download/IkmControlDownloader.cab (IkmControlDownloader Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSBOYNTON.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A21CF31-3F8F-4A08-AE14-CB76E689FF25}: NameServer = 192.168.1.254
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/30 11:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 08:40:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/11 12:49:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/08 10:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens
[2012/06/08 09:58:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/06/07 09:42:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$950099Uinstall_KB968930$
[2012/06/07 09:39:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$ExchUninstallKB888619$
[2012/06/03 01:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/05/22 08:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ancient Mesopotamia

========== Files - Modified Within 30 Days ==========

[2012/06/12 08:52:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/12 08:51:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/12 08:51:02 | 001,106,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 08:51:02 | 000,311,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 08:49:34 | 000,003,107 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/06/12 08:46:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/12 08:41:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/12 07:46:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
[2012/06/12 07:00:02 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
[2012/06/12 06:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Performance Report.job
[2012/06/11 19:02:56 | 000,000,505 | ---- | M] () -- C:\WINDOWS\tasks\Lytec 2011 Nightly Back Up.job
[2012/06/11 13:13:22 | 000,032,409 | ---- | M] () -- C:\ads_err.adt
[2012/06/11 13:06:00 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2012/06/11 12:50:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/08 15:08:10 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyPrint.lnk
[2012/06/08 10:18:56 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2012/06/08 09:58:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/06/08 09:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 09:42:32 | 000,004,798 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/04 16:51:49 | 000,000,022 | ---- | M] () -- C:\WINDOWS\pspvc_path.ini
[2012/06/04 15:15:23 | 024,268,588 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
[2012/06/04 14:30:37 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Navinet.url
[2012/06/04 09:12:50 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Payerpath - The Best Route for Healthcare Transactions.url
[2012/05/24 10:58:21 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Payerpath - The Best Route for Healthcare Transactions.url
[2012/05/18 13:10:55 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 14:54:27 | 000,235,070 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
[2012/05/15 06:08:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 09:01:08 | 001,314,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf

========== Files Created - No Company Name ==========

[2012/06/07 09:28:22 | 000,735,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/06/05 03:00:42 | 000,004,798 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/04 15:15:23 | 024,268,588 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
[2012/05/17 14:54:27 | 000,235,070 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
[2012/05/14 09:01:05 | 001,314,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
[2012/03/27 09:23:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
[2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
[2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
[2011/09/23 16:38:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\hugoio.sys
[2011/07/15 09:33:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
[2011/05/16 09:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/13 16:30:24 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 15:32:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 18:55:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/30 12:10:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/04/30 11:47:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/04/30 11:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2011/04/30 11:37:38 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2011/04/30 11:30:42 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2011/04/30 11:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 11:00:12 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 10:59:54 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/30 10:59:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/30 10:59:14 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/30 10:59:14 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/30 10:59:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/04/30 06:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 06:49:35 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

========== LOP Check ==========

[2012/02/23 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/05/02 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2011/10/14 11:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix
[2011/12/23 10:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2011/11/30 10:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RM_1711
[2012/06/08 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SendClaim
[2012/03/27 09:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2012/04/05 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/05/02 14:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/11/21 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lytec
[2011/11/21 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson
[2011/11/30 10:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson Corporation
[2011/07/15 09:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
[2011/08/10 10:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simego
[2012/02/27 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/01 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/12 07:46:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
[2012/06/11 19:02:56 | 000,000,505 | ---- | M] () -- C:\WINDOWS\Tasks\Lytec 2011 Nightly Back Up.job
[2012/06/12 08:42:29 | 000,032,484 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2012/06/12 07:00:02 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
[2012/06/12 06:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Performance Report.job

========== Purity Check ==========



< End of report >
 
It looks like you've added addirtional entries to the Trusted Zone. I note that Broni had you remove same in the thread he helped you with. What you need to understand is tht nothing needs to be in the Trusted Zone. Security setting are lower in that zone and therefore any domain in it is a vulnerability to the system.
O15 - HKCU\..Trusted Domains: bethesdahealthcare.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
Click to expand...
=============================================
OTM shows Total Files Cleaned = 1,068.00 mb. This is a huge amount of files. You need to set u[ better maintenance on the system,
============================================
As I explained previously, I am not willing to delve into the numerous health care, provider related programs and processes you're running. A public, unsecure, open free internet forum is not the place to handle these files. I have remove a processe from the system. I don't know if it was the cause of the problem, but it's gone now.

The process you are questioning is from SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation) which now appears to be displaying correctly,
============================================
Can you do an online virus scan? I doubt it, but if you can, please run the following:

To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
======================================
 
You are obviously working in a medical related environment. And because of that, I am reluctant to remove processes. But I would like to mention, that considering the type of work you are doing, have you considered that it's just plaindangerous to have file sharing with uTorrent on the same system?

C:\Documents and Settings\Administrator\Application Data\uTorrent

P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe.
I suggest that you uninstall utorrent and any other file sharing program on the system for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
=====================================================
The ADS were removed- that was the most likely source of malware. If you can, run the following rootkit scan:

[*] Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
[*]Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
[*] Double click on TDSSKiller.exe. to run the scan
[*] When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
[*] Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
[*] After clicking Next, the utility applies selected actions and outputs the result.
[*] A reboot is required after disinfection.[/list]
====================================
I will review this log, then instruct you to remove the tools we used.
 
13:30:18.0039 3124 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
13:30:18.0367 3124 ============================================================
13:30:18.0367 3124 Current date / time: 2012/06/15 13:30:18.0367
13:30:18.0367 3124 SystemInfo:
13:30:18.0367 3124
13:30:18.0367 3124 OS Version: 5.2.3790 ServicePack: 2.0
13:30:18.0367 3124 Product type: Domain controller
13:30:18.0367 3124 ComputerName: SERVER
13:30:18.0367 3124 UserName: administrator
13:30:18.0367 3124 Windows directory: C:\WINDOWS
13:30:18.0367 3124 System windows directory: C:\WINDOWS
13:30:18.0367 3124 Processor architecture: Intel x86
13:30:18.0367 3124 Number of processors: 1
13:30:18.0383 3124 Page size: 0x1000
13:30:18.0383 3124 Boot type: Normal boot
13:30:18.0383 3124 ============================================================
13:30:19.0196 3124 Drive \Device\Harddisk0\DR0 - Size: 0x262B000000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:30:19.0196 3124 Drive \Device\Harddisk1\DR3 - Size: 0x1FB200000 (7.92 Gb), SectorSize: 0x200, Cylinders: 0x40A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:30:19.0196 3124 ============================================================
13:30:19.0196 3124 \Device\Harddisk0\DR0:
13:30:19.0196 3124 MBR partitions:
13:30:19.0196 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A36BAD
13:30:19.0196 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4A36C2B, BlocksNum 0xE71D26E
13:30:19.0196 3124 \Device\Harddisk1\DR3:
13:30:19.0196 3124 MBR partitions:
13:30:19.0196 3124 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x18, BlocksNum 0xFD8FE8
13:30:19.0196 3124 ============================================================
13:30:19.0227 3124 D: <-> \Device\Harddisk0\DR0\Partition1
13:30:19.0242 3124 C: <-> \Device\Harddisk0\DR0\Partition0
13:30:19.0242 3124 ============================================================
13:30:19.0242 3124 Initialize success
13:30:19.0242 3124 ============================================================
13:30:31.0055 1976 ============================================================
13:30:31.0055 1976 Scan started
13:30:31.0055 1976 Mode: Manual;
13:30:31.0055 1976 ============================================================
13:30:31.0930 1976 Abiosdsk - ok
13:30:31.0977 1976 ACPI (a0a850bac6f8a88ad0fc964c6bea170d) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:30:31.0992 1976 ACPI - ok
13:30:32.0008 1976 ACPIEC (043c89cc533ff546d835cb998b95b198) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:30:32.0008 1976 ACPIEC - ok
13:30:32.0039 1976 adpu160m - ok
13:30:32.0055 1976 adpu320 - ok
13:30:32.0117 1976 AeLookupSvc (d01968edebf1dc11e4c93517c98cdf7c) C:\WINDOWS\System32\aelupsvc.dll
13:30:32.0117 1976 AeLookupSvc - ok
13:30:32.0133 1976 afcnt - ok
13:30:32.0196 1976 AFD (317e75d96065ac6af5ef8857ce2e399b) C:\WINDOWS\System32\drivers\afd.sys
13:30:32.0196 1976 AFD - ok
13:30:32.0211 1976 aic78u2 - ok
13:30:32.0258 1976 aic78xx - ok
13:30:32.0289 1976 Alerter (055318e373b45ad6c3f518732809ef4e) C:\WINDOWS\system32\alrsvc.dll
13:30:32.0289 1976 Alerter - ok
13:30:32.0336 1976 ALG (8e89cb0283d7ded092d76ae53d123c40) C:\WINDOWS\System32\alg.exe
13:30:32.0336 1976 ALG - ok
13:30:32.0367 1976 AliIde - ok
13:30:32.0414 1976 AmdIde (d175d3c400a412b9cb2095e452afbbb0) C:\WINDOWS\system32\drivers\AmdIde.sys
13:30:32.0414 1976 AmdIde - ok
13:30:32.0461 1976 AppMgmt (8a5ad4cfe2d84371abadfcf9e21954f6) C:\WINDOWS\System32\appmgmts.dll
13:30:32.0477 1976 AppMgmt - ok
13:30:32.0508 1976 arc (a9c7273645a06a01ac2ca070d7d7ec87) C:\WINDOWS\system32\drivers\arc.sys
13:30:32.0508 1976 arc - ok
13:30:32.0680 1976 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:30:32.0696 1976 aspnet_state - ok
13:30:32.0727 1976 AsyncMac (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:30:32.0727 1976 AsyncMac - ok
13:30:32.0758 1976 atapi (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:30:32.0758 1976 atapi - ok
13:30:32.0774 1976 Atdisk - ok
13:30:32.0899 1976 ati2mtag (fb61579b321953e2dfc92a1cc12be2c6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:30:32.0930 1976 ati2mtag - ok
13:30:32.0977 1976 Atmarpc (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:30:32.0977 1976 Atmarpc - ok
13:30:33.0008 1976 AudioSrv (754a448d5b87cbede41a0f0e0b237b03) C:\WINDOWS\System32\audiosrv.dll
13:30:33.0008 1976 AudioSrv - ok
13:30:33.0039 1976 audstub (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:30:33.0039 1976 audstub - ok
13:30:33.0086 1976 Beep (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys
13:30:33.0086 1976 Beep - ok
13:30:33.0133 1976 BITS (9d7a318b2c7ae51e9d5374f8eede856c) C:\WINDOWS\system32\qmgr.dll
13:30:33.0196 1976 BITS - ok
13:30:33.0227 1976 Browser (f750a96d7478d435f5ac9ece6698f81e) C:\WINDOWS\System32\browser.dll
13:30:33.0227 1976 Browser - ok
13:30:33.0242 1976 cbidf2k (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:30:33.0258 1976 cbidf2k - ok
13:30:33.0258 1976 cd20xrnt - ok
13:30:33.0305 1976 Cdfs (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys
13:30:33.0305 1976 Cdfs - ok
13:30:33.0336 1976 Cdrom (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:30:33.0336 1976 Cdrom - ok
13:30:33.0352 1976 Changer - ok
13:30:33.0399 1976 CiSvc (934ee973e9ee6ac414e9a0f07ab73d6e) C:\WINDOWS\system32\cisvc.exe
13:30:33.0399 1976 CiSvc - ok
13:30:33.0430 1976 ClipSrv (e53196ba56081f154e2d7a9e50a1d33f) C:\WINDOWS\system32\clipsrv.exe
13:30:33.0430 1976 ClipSrv - ok
13:30:33.0508 1976 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:30:33.0539 1976 clr_optimization_v2.0.50727_32 - ok
13:30:33.0602 1976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:30:33.0680 1976 clr_optimization_v4.0.30319_32 - ok
13:30:33.0727 1976 ClusDisk (54308cdf97622fae1620bb1ec39ef014) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
13:30:33.0727 1976 ClusDisk - ok
13:30:33.0742 1976 CmdIde - ok
13:30:33.0758 1976 COMSysApp - ok
13:30:33.0821 1976 Cpqarray - ok
13:30:33.0852 1976 cpqarry2 - ok
13:30:33.0883 1976 cpqcissm - ok
13:30:33.0899 1976 cpqfcalm - ok
13:30:33.0977 1976 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
13:30:33.0977 1976 cpudrv - ok
13:30:34.0008 1976 crcdisk (0ee27d9dbb208c13314f3c60f66aed26) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
13:30:34.0008 1976 crcdisk - ok
13:30:34.0039 1976 CryptSvc (feb85da744dd3f41a427cf6d2bc04fe4) C:\WINDOWS\System32\cryptsvc.dll
13:30:34.0039 1976 CryptSvc - ok
13:30:34.0071 1976 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
13:30:34.0071 1976 ctxusbm - ok
13:30:34.0086 1976 dac2w2k - ok
13:30:34.0117 1976 dac960nt - ok
13:30:34.0196 1976 DcomLaunch (305a8757d66b5d416b47c497c27a01fe) C:\WINDOWS\system32\rpcss.dll
13:30:34.0196 1976 DcomLaunch - ok
13:30:34.0211 1976 dellcerc - ok
13:30:34.0258 1976 Dfs (6217aa084ef7e052f3b5d7c3f67f68af) C:\WINDOWS\system32\Dfssvc.exe
13:30:34.0258 1976 Dfs - ok
13:30:34.0289 1976 DfsDriver (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys
13:30:34.0289 1976 DfsDriver - ok
13:30:34.0321 1976 Dhcp (1201df9a11fbb0f69ebd22e503d3bc87) C:\WINDOWS\System32\dhcpcsvc.dll
13:30:34.0321 1976 Dhcp - ok
13:30:34.0352 1976 DHCPServer (e0be3e7f71415351f90af4ce21ed9dd7) C:\WINDOWS\system32\tcpsvcs.exe
13:30:34.0367 1976 DHCPServer - ok
13:30:34.0399 1976 Disk (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys
13:30:34.0399 1976 Disk - ok
13:30:34.0414 1976 dmadmin - ok
13:30:34.0492 1976 dmboot (89fa376d83042f6f1aed505106a5719d) C:\WINDOWS\system32\drivers\dmboot.sys
13:30:34.0492 1976 dmboot - ok
13:30:34.0524 1976 dmio (15081421ee62dc1c95abb387d9081571) C:\WINDOWS\system32\drivers\dmio.sys
13:30:34.0524 1976 dmio - ok
13:30:34.0555 1976 dmload (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys
13:30:34.0555 1976 dmload - ok
13:30:34.0586 1976 dmserver (78a11666307820af94b5712d53decc55) C:\WINDOWS\System32\dmserver.dll
13:30:34.0586 1976 dmserver - ok
13:30:34.0649 1976 DNS (a2023ccdf44afdb476ad310a42444dec) C:\WINDOWS\System32\dns.exe
13:30:34.0664 1976 DNS - ok
13:30:34.0680 1976 Dnscache (e927f3b46f85d934c8f420fe08593d1b) C:\WINDOWS\System32\dnsrslvr.dll
13:30:34.0680 1976 Dnscache - ok
13:30:34.0696 1976 dpti2o - ok
13:30:35.0024 1976 e1express (d0e8dd3f56bd8488995f67b80ff51461) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:30:35.0039 1976 e1express - ok
13:30:35.0055 1976 elxstor - ok
13:30:35.0117 1976 ERSvc (6f09ae902663735b6bd24198d25f453a) C:\WINDOWS\System32\ersvc.dll
13:30:35.0149 1976 ERSvc - ok
13:30:35.0305 1976 Eventlog (cf500580cdd83b145646a4dcfce1cf3c) C:\WINDOWS\system32\services.exe
13:30:35.0321 1976 Eventlog - ok
13:30:35.0383 1976 EventSystem (c17c56e91045e14df45d62dd89aed50c) C:\WINDOWS\system32\es.dll
13:30:35.0383 1976 EventSystem - ok
13:30:35.0446 1976 EXIFS (bcaeb10ce8d82f98924f8a4a000e6554) C:\WINDOWS\system32\drivers\exifs.sys
13:30:35.0477 1976 EXIFS - ok
13:30:35.0555 1976 Fastfat (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys
13:30:35.0555 1976 Fastfat - ok
13:30:35.0617 1976 Fax (178d2cb203673f906d488c98ba01f245) C:\WINDOWS\system32\fxssvc.exe
13:30:35.0649 1976 Fax - ok
13:30:35.0696 1976 Fdc (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:30:35.0696 1976 Fdc - ok
13:30:35.0774 1976 Fips (b485ac2edc466c538bdff32bc3f2e506) C:\WINDOWS\system32\drivers\Fips.sys
13:30:35.0774 1976 Fips - ok
13:30:35.0821 1976 Flpydisk (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:30:35.0821 1976 Flpydisk - ok
13:30:35.0914 1976 FltMgr (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\drivers\fltmgr.sys
13:30:35.0946 1976 FltMgr - ok
13:30:36.0086 1976 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:30:36.0086 1976 FontCache3.0.0.0 - ok
13:30:36.0133 1976 Fs_Rec (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:30:36.0133 1976 Fs_Rec - ok
13:30:36.0227 1976 Ftdisk (4c533b70afa917416aec57fcbeecb57d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:30:36.0258 1976 Ftdisk - ok
13:30:36.0289 1976 Gpc (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:30:36.0289 1976 Gpc - ok
13:30:36.0446 1976 helpsvc (40ca39dba80372ed8ec34c4bece68495) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:30:36.0446 1976 helpsvc - ok
13:30:36.0461 1976 HidServ - ok
13:30:36.0492 1976 hidusb (90a325e14f9b95f17712707b1a7181b5) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:30:36.0492 1976 hidusb - ok
13:30:36.0539 1976 hpcisss (8a445379d6e73731a6a37318dbb0c880) C:\WINDOWS\system32\drivers\hpcisss.sys
13:30:36.0539 1976 hpcisss - ok
13:30:36.0571 1976 hpn - ok
13:30:36.0586 1976 hpt3xx - ok
13:30:36.0680 1976 HTTP (7a5d176c4b43f0a47da4051c96c56439) C:\WINDOWS\system32\Drivers\HTTP.sys
13:30:36.0680 1976 HTTP - ok
13:30:36.0727 1976 HTTPFilter (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:36.0727 1976 HTTPFilter - ok
13:30:36.0789 1976 hugoio (7deccb2612255f4b538976ad25da0d29) C:\Program Files\I-Menu\hugoio.sys
13:30:36.0789 1976 hugoio - ok
13:30:36.0805 1976 i2omgmt - ok
13:30:36.0836 1976 i2omp - ok
13:30:36.0883 1976 i8042prt (68e8ff9eeaf8b37a66cac2c57835ffbd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:30:36.0899 1976 i8042prt - ok
13:30:36.0961 1976 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:30:36.0992 1976 idsvc - ok
13:30:37.0008 1976 iirsp - ok
13:30:37.0071 1976 IISADMIN (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:37.0071 1976 IISADMIN - ok
13:30:37.0086 1976 IMAP4Svc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:37.0086 1976 IMAP4Svc - ok
13:30:37.0117 1976 imapi (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:30:37.0149 1976 imapi - ok
13:30:37.0196 1976 ImapiService (5da3013244229422c9cbd91a16a477c4) C:\WINDOWS\system32\imapi.exe
13:30:37.0227 1976 ImapiService - ok
13:30:37.0289 1976 IntelIde - ok
13:30:37.0336 1976 intelppm (7d7575b971b3a0fe26fac6f5d58f5180) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:30:37.0336 1976 intelppm - ok
13:30:37.0414 1976 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:30:37.0414 1976 IntuitUpdateService - ok
13:30:37.0446 1976 Ip6Fw (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\drivers\ip6fw.sys
13:30:37.0461 1976 Ip6Fw - ok
13:30:37.0477 1976 IpFilterDriver (5a41f207b7c39ee4918f7496a4f19b14) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:30:37.0492 1976 IpFilterDriver - ok
13:30:37.0508 1976 IpInIp - ok
13:30:37.0555 1976 IpNat (890e7a14a63aec2ea9257a79a88be784) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:30:37.0555 1976 IpNat - ok
13:30:37.0617 1976 IPSec (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:30:37.0617 1976 IPSec - ok
13:30:37.0633 1976 ipsraidn - ok
13:30:37.0711 1976 IRENUM (11407ee682a2d5b0248de8af0f1a6996) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:30:37.0711 1976 IRENUM - ok
13:30:37.0758 1976 isapnp (b71ba04a3b5d4404225ccdbf1969078f) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:30:37.0758 1976 isapnp - ok
13:30:37.0821 1976 IsmServ (1b1a2084540cc1f2e9a297a263d69d23) C:\WINDOWS\System32\ismserv.exe
13:30:37.0821 1976 IsmServ - ok
13:30:37.0899 1976 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
13:30:37.0914 1976 JavaQuickStarterService - ok
13:30:37.0961 1976 Kbdclass (e5097a07e14f36abc21fa18d88f93655) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:30:37.0961 1976 Kbdclass - ok
13:30:37.0992 1976 kdc (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\System32\lsass.exe
13:30:37.0992 1976 kdc - ok
13:30:38.0039 1976 KSecDD (2e47d8ffe0965d166f962a45302c7edd) C:\WINDOWS\system32\drivers\KSecDD.sys
13:30:38.0039 1976 KSecDD - ok
13:30:38.0086 1976 lanmanserver (dfc5b13f931461acc025d76d39afec0d) C:\WINDOWS\System32\srvsvc.dll
13:30:38.0086 1976 lanmanserver - ok
13:30:38.0133 1976 lanmanworkstation (5e8a9c4673b194dd1181b3f003d4f996) C:\WINDOWS\System32\wkssvc.dll
13:30:38.0133 1976 lanmanworkstation - ok
13:30:38.0211 1976 LicenseService (647945b72994e7b4a07f6da10f1dcd79) C:\WINDOWS\System32\llssrv.exe
13:30:38.0227 1976 LicenseService - ok
13:30:38.0274 1976 LmHosts (1916d44188853a53db93aecc6e6197d0) C:\WINDOWS\System32\lmhsvc.dll
13:30:38.0289 1976 LmHosts - ok
13:30:38.0352 1976 LMIInfo - ok
13:30:38.0446 1976 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
13:30:38.0461 1976 lmimirr - ok
13:30:38.0477 1976 LMIRfsClientNP - ok
13:30:38.0539 1976 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
13:30:38.0539 1976 LMIRfsDriver - ok
13:30:38.0555 1976 lp6nds35 - ok
13:30:38.0633 1976 MegaIDE (3eddb807e7de20510dd7ffd4a36aba26) C:\WINDOWS\system32\drivers\MegaIDE.sys
13:30:38.0649 1976 MegaIDE - ok
13:30:38.0680 1976 Messenger (7ce5ba9dd4beafa48dd099564046c6de) C:\WINDOWS\System32\msgsvc.dll
13:30:38.0680 1976 Messenger - ok
13:30:38.0711 1976 mnmdd (c35bb38904d843c0465858195b30dab7) C:\WINDOWS\system32\drivers\mnmdd.sys
13:30:38.0711 1976 mnmdd - ok
13:30:38.0743 1976 mnmsrvc (e2d859fa2e90fd1f12ca0806df8a4b3e) C:\WINDOWS\system32\mnmsrvc.exe
13:30:38.0758 1976 mnmsrvc - ok
13:30:38.0774 1976 Modem (81ec1c6d3798b36a92a6d7a355ba2c62) C:\WINDOWS\system32\drivers\Modem.sys
13:30:38.0774 1976 Modem - ok
13:30:38.0805 1976 Mouclass (aa50da5ab638ce0bab5f7d5d633110c2) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:30:38.0805 1976 Mouclass - ok
13:30:38.0836 1976 mouhid (6824b20127716121b53a2ec2bd6739b7) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:30:38.0836 1976 mouhid - ok
13:30:38.0899 1976 MountMgr (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys
13:30:38.0899 1976 MountMgr - ok
13:30:38.0946 1976 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:30:38.0946 1976 MozillaMaintenance - ok
13:30:38.0961 1976 mraid35x - ok
13:30:39.0024 1976 MRxDAV (ab6db63a1791f8e86b085291686464fd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:30:39.0024 1976 MRxDAV - ok
13:30:39.0102 1976 MRxSmb (16936142fa1d989cf63fd22c8b9d4a6d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:30:39.0133 1976 MRxSmb - ok
13:30:39.0164 1976 MSDTC (2eaa1763a77be385b9a71a843c7f159e) C:\WINDOWS\system32\msdtc.exe
13:30:39.0164 1976 MSDTC - ok
13:30:39.0305 1976 MSExchangeES (b3a81fdbcbe84136ab5abdc7b802683d) C:\Program Files\Exchsrvr\bin\events.exe
13:30:39.0321 1976 MSExchangeES - ok
13:30:39.0743 1976 MSExchangeIS (44fc186cfdab789de709b008aef40830) C:\Program Files\Exchsrvr\bin\store.exe
13:30:39.0852 1976 MSExchangeIS - ok
13:30:40.0211 1976 MSExchangeMGMT (5a3170fca8186ef7030f93a4322951ab) C:\Program Files\Exchsrvr\bin\exmgmt.exe
13:30:40.0289 1976 MSExchangeMGMT - ok
13:30:40.0618 1976 MSExchangeMTA (5e0769d165cd7e044103fad0692b010c) C:\Program Files\Exchsrvr\bin\emsmta.exe
13:30:40.0743 1976 MSExchangeMTA - ok
13:30:41.0336 1976 MSExchangeSA (f46b1976f4714d5fd4f2ecbeb888633b) C:\Program Files\Exchsrvr\bin\mad.exe
13:30:41.0555 1976 MSExchangeSA - ok
13:30:41.0633 1976 MSExchangeSRS (e16d42d2550f0def215900a4596e3166) C:\Program Files\Exchsrvr\bin\srsmain.exe
13:30:41.0649 1976 MSExchangeSRS - ok
13:30:41.0789 1976 Msfs (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys
13:30:41.0789 1976 Msfs - ok
13:30:41.0805 1976 MSIServer - ok
13:30:41.0883 1976 MSPOP3Connector (a26a5ad2b6ebd2d5b98bd5c27e644ce3) C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
13:30:41.0883 1976 MSPOP3Connector - ok
13:30:41.0977 1976 MSSEARCH (5c7157451da94116443b96c4d59d059c) C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
13:30:41.0977 1976 MSSEARCH - ok
13:30:42.0039 1976 mssmbios (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:30:42.0039 1976 mssmbios - ok
13:30:42.0149 1976 MSSQL$LYTECMD - ok
13:30:42.0993 1976 MSSQL$LYTEC_SQL (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$LYTEC_SQL\Binn\sqlservr.exe
13:30:43.0274 1976 MSSQL$LYTEC_SQL - ok
13:30:43.0977 1976 MSSQL$SBSMONITORING (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
13:30:44.0164 1976 MSSQL$SBSMONITORING - ok
13:30:44.0868 1976 MSSQL$SHAREPOINT (05f3cc005d244d39af3944948b5f32f0) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
13:30:45.0055 1976 MSSQL$SHAREPOINT - ok
13:30:45.0102 1976 MSSQLServerADHelper (1d1b22613eab9287af902398867bc93c) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
13:30:45.0102 1976 MSSQLServerADHelper - ok
13:30:45.0164 1976 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:30:45.0164 1976 MSSQLServerADHelper100 - ok
13:30:45.0305 1976 Mup (834560abee4eae62620f4026263aa051) C:\WINDOWS\system32\drivers\Mup.sys
13:30:45.0305 1976 Mup - ok
13:30:45.0352 1976 NDIS (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys
13:30:45.0368 1976 NDIS - ok
13:30:45.0399 1976 NdisTapi (888b08f81b7d8428a37439d15c27f419) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:30:45.0399 1976 NdisTapi - ok
13:30:45.0430 1976 Ndisuio (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:30:45.0430 1976 Ndisuio - ok
13:30:45.0493 1976 NdisWan (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:30:45.0493 1976 NdisWan - ok
13:30:45.0524 1976 NDProxy (5298ed90bbe5c5eeedc363eed2888a25) C:\WINDOWS\system32\drivers\NDProxy.sys
13:30:45.0524 1976 NDProxy - ok
13:30:45.0555 1976 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
13:30:45.0555 1976 Net Driver HPZ12 - ok
13:30:45.0586 1976 NetBIOS (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:30:45.0586 1976 NetBIOS - ok
13:30:45.0680 1976 NetBT (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:30:45.0680 1976 NetBT - ok
13:30:45.0727 1976 NetDDE (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
13:30:45.0727 1976 NetDDE - ok
13:30:45.0743 1976 NetDDEdsdm (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
13:30:45.0743 1976 NetDDEdsdm - ok
13:30:45.0789 1976 Netlogon (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:45.0789 1976 Netlogon - ok
13:30:45.0821 1976 Netman (12bcfb57162ad17cea545e362cd886a8) C:\WINDOWS\System32\netman.dll
13:30:45.0836 1976 Netman - ok
13:30:45.0930 1976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:30:45.0946 1976 NetTcpPortSharing - ok
13:30:45.0961 1976 nfrd960 - ok
13:30:46.0024 1976 Nla (9c0bf64484e9d297cb3e96dc22765a82) C:\WINDOWS\System32\mswsock.dll
13:30:46.0024 1976 Nla - ok
13:30:46.0071 1976 NntpSvc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:46.0071 1976 NntpSvc - ok
13:30:46.0102 1976 Npfs (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys
13:30:46.0102 1976 Npfs - ok
13:30:46.0196 1976 NtFrs (981756f0532439aa3a1a4ae9da9f930e) C:\WINDOWS\system32\ntfrs.exe
13:30:46.0211 1976 NtFrs - ok
13:30:46.0289 1976 Ntfs (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys
13:30:46.0305 1976 Ntfs - ok
13:30:46.0336 1976 NtLmSsp (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:46.0336 1976 NtLmSsp - ok
13:30:46.0399 1976 NtmsSvc (fea5225ef80d5930b86d7a6570bcbbdf) C:\WINDOWS\system32\ntmssvc.dll
13:30:46.0414 1976 NtmsSvc - ok
13:30:46.0430 1976 Null (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys
13:30:46.0430 1976 Null - ok
13:30:46.0508 1976 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:30:46.0524 1976 ose - ok
13:30:46.0539 1976 Parport (ee3333b36deb86a0d472f037172da10a) C:\WINDOWS\system32\drivers\Parport.sys
13:30:46.0555 1976 Parport - ok
13:30:46.0571 1976 PartMgr (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys
13:30:46.0571 1976 PartMgr - ok
13:30:46.0649 1976 PCI (8217000e5c53ce823b3111f339e47c41) C:\WINDOWS\system32\DRIVERS\pci.sys
13:30:46.0649 1976 PCI - ok
13:30:46.0696 1976 PCIIde (7e3fb50aa22d4ed883c6abdd40e9c60b) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:30:46.0696 1976 PCIIde - ok
13:30:46.0727 1976 Pcmcia (fc9f4c9c73e9698357c836be4628a299) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:30:46.0727 1976 Pcmcia - ok
13:30:46.0743 1976 PDCOMP - ok
13:30:46.0774 1976 PDFRAME - ok
13:30:46.0805 1976 PDRELI - ok
13:30:46.0821 1976 PDRFRAME - ok
13:30:46.0852 1976 perc2 - ok
13:30:46.0883 1976 perc2hib - ok
13:30:46.0993 1976 PlugPlay (cf500580cdd83b145646a4dcfce1cf3c) C:\WINDOWS\system32\services.exe
13:30:46.0993 1976 PlugPlay - ok
13:30:47.0024 1976 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
13:30:47.0024 1976 Pml Driver HPZ12 - ok
13:30:47.0039 1976 PolicyAgent (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:47.0039 1976 PolicyAgent - ok
13:30:47.0102 1976 POP3Svc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:47.0102 1976 POP3Svc - ok
13:30:47.0133 1976 PptpMiniport (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:30:47.0133 1976 PptpMiniport - ok
13:30:47.0149 1976 ProtectedStorage (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:47.0164 1976 ProtectedStorage - ok
13:30:47.0196 1976 Ptilink (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:30:47.0196 1976 Ptilink - ok
13:30:47.0211 1976 ql1080 - ok
13:30:47.0243 1976 Ql10wnt - ok
13:30:47.0274 1976 ql12160 - ok
13:30:47.0305 1976 ql1240 - ok
13:30:47.0336 1976 ql1280 - ok
13:30:47.0368 1976 ql2100 - ok
13:30:47.0399 1976 ql2200 - ok
13:30:47.0430 1976 ql2300 - ok
13:30:47.0461 1976 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
13:30:47.0461 1976 radpms - ok
13:30:47.0477 1976 RasAcd (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:30:47.0477 1976 RasAcd - ok
13:30:47.0524 1976 RasAuto (ed67fa5dc9ce0bfc5ccce4296c684a57) C:\WINDOWS\System32\rasauto.dll
13:30:47.0524 1976 RasAuto - ok
13:30:47.0555 1976 Rasl2tp (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:30:47.0555 1976 Rasl2tp - ok
13:30:47.0664 1976 RasMan (02bc610cc90ca5415eb2c9409e77d583) C:\WINDOWS\System32\rasmans.dll
13:30:47.0664 1976 RasMan - ok
13:30:47.0696 1976 RasPppoe (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:30:47.0696 1976 RasPppoe - ok
13:30:47.0727 1976 Raspti (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:30:47.0727 1976 Raspti - ok
13:30:47.0774 1976 Rdbss (4496b15c44ccb703fbc54f2cf5b67f15) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:30:47.0774 1976 Rdbss - ok
13:30:47.0805 1976 RDPCDD (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:30:47.0821 1976 RDPCDD - ok
13:30:47.0883 1976 rdpdr (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:30:47.0883 1976 rdpdr - ok
13:30:47.0930 1976 RDPWD (4e2e9b17a618433d68697a3c6d8ddd6e) C:\WINDOWS\system32\drivers\RDPWD.sys
13:30:47.0930 1976 RDPWD - ok
13:30:47.0961 1976 RDSessMgr (81f1cf0ed96e58a391ff83f792c87f3e) C:\WINDOWS\system32\sessmgr.exe
13:30:47.0977 1976 RDSessMgr - ok
13:30:48.0008 1976 redbook (c6f8751f3263603935866e71629cfae4) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:30:48.0008 1976 redbook - ok
13:30:48.0039 1976 RemoteAccess (d8f172c1ca72666d8193e226da7225f4) C:\WINDOWS\System32\mprdim.dll
13:30:48.0039 1976 RemoteAccess - ok
13:30:48.0071 1976 RemoteRegistry (55efa91d1c0de44c22d2d83413b06510) C:\WINDOWS\system32\regsvc.dll
13:30:48.0071 1976 RemoteRegistry - ok
13:30:48.0118 1976 RESvc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:48.0118 1976 RESvc - ok
13:30:48.0149 1976 RpcLocator (a83414d7a45555274e99793aa22d54ab) C:\WINDOWS\system32\locator.exe
13:30:48.0149 1976 RpcLocator - ok
13:30:48.0211 1976 RpcSs (305a8757d66b5d416b47c497c27a01fe) C:\WINDOWS\system32\rpcss.dll
13:30:48.0211 1976 RpcSs - ok
13:30:48.0258 1976 RsFx0151 (66a54bf20084400a7dd5e3b69e008799) C:\WINDOWS\system32\DRIVERS\RsFx0151.sys
13:30:48.0258 1976 RsFx0151 - ok
13:30:48.0305 1976 RSoPProv (3357c6edd71e73110c83f54e35ecde4d) C:\WINDOWS\system32\RSoPProv.exe
13:30:48.0305 1976 RSoPProv - ok
13:30:48.0336 1976 sacdrv (34d79729d6e4d1289e08322405045085) C:\WINDOWS\system32\drivers\sacdrv.sys
13:30:48.0352 1976 sacdrv - ok
13:30:48.0368 1976 sacsvr (77919394900dec12c8e65cb35d6272fe) C:\WINDOWS\system32\sacsvr.dll
13:30:48.0368 1976 sacsvr - ok
13:30:48.0399 1976 SamSs (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
13:30:48.0399 1976 SamSs - ok
13:30:48.0430 1976 SBCore (d73cbd3de79ab61de6a23fa1a6ee8062) C:\WINDOWS\System32\sbscrexe.exe
13:30:48.0430 1976 SBCore - ok
13:30:48.0461 1976 SCardSvr (edf6b1852a55581ecc6ba18b4e2c6e8e) C:\WINDOWS\System32\SCardSvr.exe
13:30:48.0461 1976 SCardSvr - ok
13:30:48.0508 1976 Schedule (7e60f04ae424401a14d153ca6e851a85) C:\WINDOWS\system32\schedsvc.dll
13:30:48.0508 1976 Schedule - ok
13:30:48.0618 1976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:30:48.0618 1976 Secdrv - ok
13:30:48.0664 1976 seclogon (03911d9a5d15a80301e767f787c0b015) C:\WINDOWS\System32\seclogon.dll
13:30:48.0680 1976 seclogon - ok
13:30:48.0711 1976 SENS (97b6172283112af7451e4abe83dd6f24) C:\WINDOWS\system32\sens.dll
13:30:48.0727 1976 SENS - ok
13:30:48.0758 1976 serenum (b261d4597bf9a2723b7020207260c72a) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:30:48.0758 1976 serenum - ok
13:30:48.0789 1976 Serial (95768fde08dd34089aa90dccb5537704) C:\WINDOWS\system32\DRIVERS\serial.sys
13:30:48.0789 1976 Serial - ok
13:30:48.0930 1976 Sfloppy (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:30:48.0930 1976 Sfloppy - ok
13:30:48.0977 1976 SharedAccess (27c6b8c2afed21c10429a56db95735f6) C:\WINDOWS\system32\ipnathlp.dll
13:30:48.0993 1976 SharedAccess - ok
13:30:49.0024 1976 ShellHWDetection (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
13:30:49.0024 1976 ShellHWDetection - ok
13:30:49.0039 1976 Simbad - ok
13:30:49.0086 1976 SMTPSVC (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:30:49.0086 1976 SMTPSVC - ok
13:30:49.0133 1976 Spooler (30b32e3127d9bbaa1e32394134718070) C:\WINDOWS\system32\spoolsv.exe
13:30:49.0133 1976 Spooler - ok
13:30:49.0227 1976 SPTimer (7cf73f624438d102f3e3e560d188a75c) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE
13:30:49.0227 1976 SPTimer - ok
13:30:49.0274 1976 SQLAgent$LYTECMD (230c6aa1091190d2fdb40766cbd3dbbd) D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE
13:30:49.0305 1976 SQLAgent$LYTECMD - ok
13:30:49.0368 1976 SQLAgent$LYTEC_SQL (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$LYTEC_SQL\Binn\sqlagent.EXE
13:30:49.0383 1976 SQLAgent$LYTEC_SQL - ok
13:30:49.0446 1976 SQLAgent$SBSMONITORING (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
13:30:49.0461 1976 SQLAgent$SBSMONITORING - ok
13:30:49.0524 1976 SQLAgent$SHAREPOINT (cfa2e4f377ecfb4be7a2242a35ff8086) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE
13:30:49.0539 1976 SQLAgent$SHAREPOINT - ok
13:30:49.0649 1976 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:30:49.0649 1976 SQLBrowser - ok
13:30:49.0727 1976 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:30:49.0727 1976 SQLWriter - ok
13:30:49.0883 1976 Srv (e8b1a07774a9e4fec3105cbad49bf289) C:\WINDOWS\system32\DRIVERS\srv.sys
13:30:49.0883 1976 Srv - ok
13:30:49.0930 1976 stisvc (0df3c24094f68a5e5fa77a681e438a46) C:\WINDOWS\system32\wiaservc.dll
13:30:49.0946 1976 stisvc - ok
13:30:49.0977 1976 swenum (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:30:49.0977 1976 swenum - ok
13:30:50.0008 1976 swprv (0ba2f4d23d62f7475a70d1988142d6bd) C:\WINDOWS\System32\swprv.dll
13:30:50.0024 1976 swprv - ok
13:30:50.0039 1976 symc810 - ok
13:30:50.0071 1976 symc8xx - ok
13:30:50.0102 1976 symmpi - ok
13:30:50.0133 1976 sym_hi - ok
13:30:50.0149 1976 sym_u3 - ok
13:30:50.0211 1976 SysmonLog (cc8610d2ffaff19d5c9cf8ce9ffad71a) C:\WINDOWS\system32\smlogsvc.exe
13:30:50.0211 1976 SysmonLog - ok
13:30:50.0258 1976 TapiSrv (ce1fcaf92f06bb8549c9e1b8605b90cc) C:\WINDOWS\System32\tapisrv.dll
13:30:50.0274 1976 TapiSrv - ok
13:30:50.0321 1976 Tcpip (238dc2b879d1b37b91f8d5d44f3815d3) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:30:50.0321 1976 Tcpip - ok
13:30:50.0352 1976 TDPIPE (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:30:50.0352 1976 TDPIPE - ok
13:30:50.0383 1976 TDTCP (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys
13:30:50.0383 1976 TDTCP - ok
13:30:50.0414 1976 TermDD (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:30:50.0414 1976 TermDD - ok
13:30:50.0461 1976 TermService (5f0bd29cbd95465a3aa3ca319bc591a9) C:\WINDOWS\System32\termsrv.dll
13:30:50.0461 1976 TermService - ok
13:30:50.0493 1976 Themes (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
13:30:50.0493 1976 Themes - ok
13:30:50.0524 1976 TlntSvr (fe7ff05a90c1a24855b1cdc066b959e0) C:\WINDOWS\system32\tlntsvr.exe
13:30:50.0524 1976 TlntSvr - ok
13:30:50.0539 1976 TosIde - ok
13:30:50.0586 1976 TrkSvr (2ee42aced5fd4e1988116edeced90e93) C:\WINDOWS\system32\trksvr.dll
13:30:50.0633 1976 TrkSvr - ok
13:30:50.0696 1976 TrkWks (671fc35e995ffdbced00202771c6d169) C:\WINDOWS\system32\trkwks.dll
13:30:50.0711 1976 TrkWks - ok
13:30:50.0758 1976 Tssdis (43992245309838eacd05506b474985e5) C:\WINDOWS\System32\tssdis.exe
13:30:50.0758 1976 Tssdis - ok
13:30:50.0821 1976 Udfs (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys
13:30:50.0821 1976 Udfs - ok
13:30:50.0836 1976 ultra - ok
13:30:50.0883 1976 UMWdf (997fe835c85d0fb0501df6664d6fd072) C:\WINDOWS\system32\wdfmgr.exe
13:30:50.0883 1976 UMWdf - ok
13:30:50.0930 1976 Update (b0e133858e63940755b496761834f334) C:\WINDOWS\system32\DRIVERS\update.sys
13:30:50.0930 1976 Update - ok
13:30:50.0961 1976 UPS (92c3a632e963a8224fe62aa37c9508f6) C:\WINDOWS\System32\ups.exe
13:30:50.0961 1976 UPS - ok
13:30:51.0008 1976 usbccgp (185959a7fccfd38aa71a274ae6252b88) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:30:51.0008 1976 usbccgp - ok
13:30:51.0039 1976 usbehci (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:30:51.0039 1976 usbehci - ok
13:30:51.0133 1976 usbhub (17859937740bc0d422fe71a588d6ddf7) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:30:51.0149 1976 usbhub - ok
13:30:51.0180 1976 usbprint (0e08d118964cb2727c84ad7441cfa7a2) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:30:51.0180 1976 usbprint - ok
13:30:51.0211 1976 USBSTOR (d0740ff9f7e819486e88096826b4dc37) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:30:51.0211 1976 USBSTOR - ok
13:30:51.0274 1976 usbuhci (cbd3053337bb475f442a892edf671312) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:30:51.0274 1976 usbuhci - ok
13:30:51.0305 1976 vds (5ce9331dc4c9e3b1fa4aaef1b212701f) C:\WINDOWS\System32\vds.exe
13:30:51.0321 1976 vds - ok
13:30:51.0352 1976 vga (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
13:30:51.0352 1976 vga - ok
13:30:51.0368 1976 VgaSave (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys
13:30:51.0368 1976 VgaSave - ok
13:30:51.0399 1976 ViaIde - ok
13:30:51.0430 1976 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\WINDOWS\system32\Drivers\vmwvusb.sys
13:30:51.0430 1976 vmwvusb - ok
13:30:51.0461 1976 VolSnap (45ae67c387a640ec6e228f30d421f088) C:\WINDOWS\system32\DRIVERS\volsnap.sys
13:30:51.0461 1976 VolSnap - ok
13:30:51.0555 1976 VSS (74a6820792e5bca5ee4d0cc4595c6916) C:\WINDOWS\System32\vssvc.exe
13:30:51.0571 1976 VSS - ok
13:30:51.0743 1976 W32Time (42cdae64da5beabb51c0c0f613658545) C:\WINDOWS\system32\w32time.dll
13:30:51.0743 1976 W32Time - ok
13:30:51.0805 1976 W3SVC (db0e023ee673896ad1780acad3bab393) C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:30:51.0821 1976 W3SVC - ok
13:30:51.0852 1976 Wanarp (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:30:51.0852 1976 Wanarp - ok
13:30:51.0914 1976 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:30:51.0946 1976 Wdf01000 - ok
13:30:51.0961 1976 WDICA - ok
13:30:52.0008 1976 WebClient (6f66e66ab1c25c0bd363f2252db04360) C:\WINDOWS\System32\webclnt.dll
13:30:52.0008 1976 WebClient - ok
13:30:52.0055 1976 WinHttpAutoProxySvc - ok
13:30:52.0133 1976 winmgmt (f8d5b9c1a26c933b9ea7740bab35bcf5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:30:52.0133 1976 winmgmt - ok
13:30:52.0211 1976 WinRM (ce2d930b9b80f16ea0bf7c177b5f4f2d) C:\WINDOWS\system32\WsmSvc.dll
13:30:52.0243 1976 WinRM - ok
13:30:52.0305 1976 WINS (d8bfec6ef6a5a02f637deb6e3e36f11e) C:\WINDOWS\System32\wins.exe
13:30:52.0305 1976 WINS - ok
13:30:52.0399 1976 WLBS (d346e2f289f23e557ddfb9132d1dab35) C:\WINDOWS\system32\DRIVERS\wlbs.sys
13:30:52.0399 1976 WLBS - ok
13:30:52.0430 1976 WmdmPmSN (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\system32\mspmsnsv.dll
13:30:52.0430 1976 WmdmPmSN - ok
13:30:52.0508 1976 Wmi (2085b957fb56927a8f3768de740612c4) C:\WINDOWS\System32\advapi32.dll
13:30:52.0524 1976 Wmi - ok
13:30:52.0649 1976 WmiApSrv (796d30c693f7b8a717499a9abeb3af39) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:30:52.0664 1976 WmiApSrv - ok
13:30:52.0696 1976 WpdUsb (1afced07ab83bbc2ac138a66b4f0c5df) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:30:52.0696 1976 WpdUsb - ok
13:30:52.0883 1976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:30:52.0930 1976 WPFFontCache_v0400 - ok
13:30:53.0055 1976 wsnm (3cf81f104137457a7f32c274709635be) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
13:30:53.0071 1976 wsnm - ok
13:30:53.0164 1976 wsnm_usbctrl (930762671268b7754ffadccbf1d1bb95) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
13:30:53.0180 1976 wsnm_usbctrl - ok
13:30:53.0274 1976 wuauserv (996cec79b1662044e8462e130a65739e) C:\WINDOWS\system32\wuauserv.dll
13:30:53.0305 1976 wuauserv - ok
13:30:53.0352 1976 WZCSVC (e21b2d0a0d4ab1d2441fe9fcc961c392) C:\WINDOWS\System32\wzcsvc.dll
13:30:53.0368 1976 WZCSVC - ok
13:30:53.0399 1976 xmlprov (c5b83f9a09a3ebfe8a931472f6da4e38) C:\WINDOWS\System32\xmlprov.dll
13:30:53.0414 1976 xmlprov - ok
13:30:53.0446 1976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:30:53.0961 1976 \Device\Harddisk0\DR0 - ok
13:30:53.0977 1976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
13:30:56.0946 1976 \Device\Harddisk1\DR3 - ok
13:30:56.0977 1976 Boot (0x1200) (7a7e32a54d0d480732dc8957125c66be) \Device\Harddisk0\DR0\Partition0
13:30:56.0977 1976 \Device\Harddisk0\DR0\Partition0 - ok
13:30:57.0008 1976 Boot (0x1200) (ed25009284b5087b4aff0a73204796b5) \Device\Harddisk0\DR0\Partition1
13:30:57.0008 1976 \Device\Harddisk0\DR0\Partition1 - ok
13:30:57.0024 1976 Boot (0x1200) (5e776b6ee8176cfcee522be362365d58) \Device\Harddisk1\DR3\Partition0
13:30:57.0024 1976 \Device\Harddisk1\DR3\Partition0 - ok
13:30:57.0039 1976 ============================================================
13:30:57.0039 1976 Scan finished
13:30:57.0039 1976 ============================================================
13:30:57.0086 3456 Detected object count: 0
13:30:57.0086 3456 Actual detected object count: 0
 
Okay. That's as far as I'm willing to go with this system.

Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni

Latest posts

Back