TechSpot

Sbscrexe.exe rootkit

By severedgein
Jun 8, 2012
  1. Hey, got a scare-ware pop-up while trying to visit a site. Now this process is running in the background and everything I find on google says it's going to reboot my server after an hour, at which point it'll probably seriously infect my system, so any urgent help would be appreciated.

    ran MBAM and GMER, DDS will not run because I'm using Server 2003.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.08.04

    Windows Server 2003 Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    administrator :: SERVER [administrator]

    6/8/2012 9:47:40 AM
    mbam-log-2012-06-08 (09-47-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216794
    Time elapsed: 7 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ----------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-08 09:57:52
    Windows 5.2.3790 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\MegaIDE1Port1Path0Target4Lun0 LSI_____ rev.1.0_
    Running: fgbw86xo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uftdypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\System32\sbscrexe.exe (*** hidden *** ) [AUTO] SBCore <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  2. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    In the mean time I've used Microsoft Sysinternals Process Explorer to suspend the process in the hopes that it doesn't reboot.

    update: which seems to have worked, if the reboot was going to happen.

    Edit: also, I never clicked on any button from the pop-up. I just went straight to task manager and killed IE.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hey, you're not suppose to make a thread Active! That's a job for either Broni or I to do when we pick up a thread. Aren't you glad I checked nyway!!?!

    As to your problem: Please be advised that we are volunteers amd are handling multiple threads at the same time. Your request for :urgent help" eans that I will work with you s I can.
    ==========================================
    Now that you have requested my help, please stop using rndom programs on your own. Only run what I request.
    =========================================
    sbscrexe.exe file information

    The process SBS-Lizenzierungsdienst or SBS Licensing Service belongs to the software Betriebssystem Microsoft Windows or Microsoft Windows Operating System by Microsoft (www.microsoft.com).
    --------------------------------------
    I believe this is a type of home security which may have com ein through a Blackberry. The problem is that is may not work well if you have small business, or 'enterprise' security.
    =====================================================
    You are running the server in a business environment, correct? Do you have an IT available for the office?
    ====================================================

    You can try this> I don't know if it will work> See if you can get DDS to run using one of the following:
    DDS won't run {.scr)

    Please download the corresponding file for your operating system:

    XP

    Vista

    Windows 7

    Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
    ===========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  4. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    Yes, it's business server running Small Business Server 2003 edition. DDS keeps giving me this error, despite the reg edits:

    dds.JPG

    edit: sorry for the "active" and "urgent" help request. The threads I found about this program pointed my nose towards a malware that was exploiting this Microsoft program to auto-restart the computer without my approval in an hour and I didn't want to just kill the process and make things worse.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

     
  6. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    Correct, and no we do not.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    See if you can run the following- I have to have something to work with:

    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    =======================================================
    I am concerned about what effect your problem might have on the other systems using the server.
     
  8. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    OTL logfile created on: 6/11/2012 12:50:50 PM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.27% Memory free
    5.84 Gb Paging File | 2.96 Gb Available in Paging File | 50.69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.11 Gb Total Space | 12.50 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive D: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
    Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
    Drive P: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS

    Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX13.856\procexp.exe (Sysinternals - www.sysinternals.com)
    PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
    PRC - D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
    PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\inetsrv\w3wp.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
    MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
    MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
    MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
    MOD - c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\monitoring\b414b2d0\3ba7056a\s2qqhkdm.dll ()
    MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
    MOD - \\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll ()
    MOD - c:\windows\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll ()
    MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
    MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
    MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
    MOD - c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll ()
    MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
    MOD - c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll ()
    MOD - c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll ()
    MOD - c:\windows\assembly\gac\system.directoryservices\1.0.5000.0__b03f5f7f11d50a3a\system.directoryservices.dll ()
    MOD - c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll ()
    MOD - c:\windows\assembly\gac\system.web.regularexpressions\1.0.5000.0__b03f5f7f11d50a3a\system.web.regularexpressions.dll ()
    MOD - c:\windows\assembly\gac\microsoft.jscript\7.0.5000.0__b03f5f7f11d50a3a\microsoft.jscript.dll ()
    MOD - c:\windows\assembly\gac\system.web.ui.mobilecontrols.adapters\1.1.0.0__b03f5f7f11d50a3a\system.web.ui.mobilecontrols.adapters.dll ()
    MOD - c:\windows\assembly\gac\system.configuration.install\1.0.5000.0__b03f5f7f11d50a3a\system.configuration.install.dll ()
    MOD - c:\windows\assembly\gac\microsoft.vsa\7.0.5000.0__b03f5f7f11d50a3a\microsoft.vsa.dll ()
    MOD - c:\windows\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll ()
    MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
    MOD - c:\windows\assembly\gac\microsoft.visualc\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualc.dll ()
    MOD - \\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (WinHttpAutoProxySvc) -- winhttp.dll File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
    SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
    SRV - (MSSQL$LYTECMD) SQL Server (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (SQLAgent$LYTECMD) SQL Server Agent (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
    SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
    SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (MSExchangeIS) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
    SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
    SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
    SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
    SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
    SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
    SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (RESvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (POP3Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (NntpSvc) Network News Transfer Protocol (NNTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (IMAP4Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
    SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (MSPOP3Connector) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
    SRV - (MSExchangeSA) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    SRV - (MSExchangeMGMT) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    SRV - (MSExchangeMTA) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
    SRV - (MSExchangeSRS) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
    SRV - (MSSEARCH) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
    SRV - (MSExchangeES) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
    SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
    SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (uftdypob) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uftdypob.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
    DRV - (LicenseInfo) -- File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (RsFx0151) -- C:\WINDOWS\system32\drivers\RsFx0151.sys (Microsoft Corporation)
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
    DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
    DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
    DRV - (hugoio) -- C:\Program Files\I-Menu\hugoio.sys ()
    DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
    DRV - (sacdrv) -- C:\WINDOWS\System32\drivers\sacdrv.sys (Microsoft Corporation)
    DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
    DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\dfs.sys (Microsoft Corporation)
    DRV - (MegaIDE) -- C:\WINDOWS\system32\drivers\MegaIDE.sys (LSI Logic Corporation.)
    DRV - (EXIFS) -- C:\WINDOWS\system32\drivers\exifs.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}
    IE - HKCU\..\SearchScopes\{FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 09:53:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:32:16 | 000,000,000 | ---D | M]

    [2011/05/16 09:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012/06/04 10:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions
    [2011/08/30 09:10:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions\netvideohunter@netvideohunter.com
    [2012/03/20 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/16 08:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/06/08 09:53:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/09/30 17:41:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 09:58:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/10/10 11:44:33 | 000,437,835 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15061 more lines...
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O15 - HKCU\..Trusted Domains: bethesdahealthcare.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} https://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab (Soarian Frame Tools for Internet Explorer)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://diapp2.bethesdahealthcare.com/m0k0/html/download/IkmControlDownloader.cab (IkmControlDownloader Control)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSBOYNTON.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A21CF31-3F8F-4A08-AE14-CB76E689FF25}: NameServer = 192.168.1.254
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/30 11:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - C:\WINDOWS\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
    NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    System Restore Service not available.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/11 12:49:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/06/08 10:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens
    [2012/06/08 09:58:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2012/06/07 09:42:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$950099Uinstall_KB968930$
    [2012/06/07 09:39:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$ExchUninstallKB888619$
    [2012/06/03 01:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2012/05/22 08:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ancient Mesopotamia
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/11 12:56:43 | 000,032,118 | ---- | M] () -- C:\ads_err.adt
    [2012/06/11 12:56:11 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/11 12:51:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/11 12:50:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/06/11 12:45:54 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
    [2012/06/11 12:00:19 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
    [2012/06/11 06:01:12 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Performance Report.job
    [2012/06/11 05:12:26 | 000,003,107 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
    [2012/06/10 19:03:14 | 000,000,505 | ---- | M] () -- C:\WINDOWS\tasks\Lytec 2011 Nightly Back Up.job
    [2012/06/08 15:11:14 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
    [2012/06/08 15:08:10 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyPrint.lnk
    [2012/06/08 10:18:56 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
    [2012/06/08 09:58:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/06/08 09:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/08 09:00:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/08 06:12:21 | 001,106,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/08 06:12:21 | 000,311,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/08 06:07:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/07 09:42:32 | 000,004,798 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/04 16:51:49 | 000,000,022 | ---- | M] () -- C:\WINDOWS\pspvc_path.ini
    [2012/06/04 15:15:23 | 024,268,588 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
    [2012/06/04 14:30:37 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Navinet.url
    [2012/06/04 09:12:50 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Payerpath - The Best Route for Healthcare Transactions.url
    [2012/05/24 10:58:21 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Payerpath - The Best Route for Healthcare Transactions.url
    [2012/05/18 13:10:55 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/17 14:54:27 | 000,235,070 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
    [2012/05/15 06:08:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/14 09:01:08 | 001,314,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/07 09:28:22 | 000,735,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2012/06/05 03:00:42 | 000,004,798 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/06/04 15:15:23 | 024,268,588 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
    [2012/05/17 14:54:27 | 000,235,070 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
    [2012/05/14 09:01:05 | 001,314,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
    [2012/03/27 09:23:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
    [2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
    [2011/09/23 16:38:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\hugoio.sys
    [2011/07/15 09:33:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
    [2011/05/16 09:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/05/13 16:30:24 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/02 15:32:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/30 18:55:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/04/30 12:10:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2011/04/30 11:47:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2011/04/30 11:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2011/04/30 11:37:38 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
    [2011/04/30 11:30:42 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
    [2011/04/30 11:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/30 11:00:12 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/30 10:59:54 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2011/04/30 10:59:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2011/04/30 10:59:14 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2011/04/30 10:59:14 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2011/04/30 10:59:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2011/04/30 06:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/30 06:49:35 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

    ========== LOP Check ==========

    [2012/02/23 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
    [2011/05/02 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
    [2011/10/14 11:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix
    [2011/12/23 10:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
    [2011/11/30 10:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RM_1711
    [2012/06/08 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SendClaim
    [2012/03/27 09:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
    [2012/04/05 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2011/05/02 14:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/11/21 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lytec
    [2011/11/21 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson
    [2011/11/30 10:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson Corporation
    [2011/07/15 09:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
    [2011/08/10 10:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simego
    [2012/02/27 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/02/01 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/06/11 12:45:54 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
    [2012/06/10 19:03:14 | 000,000,505 | ---- | M] () -- C:\WINDOWS\Tasks\Lytec 2011 Nightly Back Up.job
    [2012/06/11 12:56:00 | 000,032,484 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
    [2012/06/11 12:00:19 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
    [2012/06/11 06:01:12 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Performance Report.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2007/02/17 10:03:48 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\msizap.exe

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2005/03/24 22:31:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2007/02/17 10:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\explorer.exe
    [2007/02/17 10:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2005/03/24 22:31:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2007/02/17 10:04:03 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2007/02/17 10:04:03 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2005/03/24 22:31:08 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2007/02/17 10:04:05 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2007/02/17 10:04:05 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

    < End of report >
     
  9. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    OTL Extras logfile created on: 6/11/2012 12:50:50 PM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.27% Memory free
    5.84 Gb Paging File | 2.96 Gb Available in Paging File | 50.69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.11 Gb Total Space | 12.50 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
    Drive D: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
    Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
    Drive P: | 115.56 Gb Total Space | 47.96 Gb Free Space | 41.50% Space Free | Partition Type: NTFS

    Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
    "C:\Program Files\Simego\SQL Admin Studio\Simego.SQLTools.Explorer.exe" = C:\Program Files\Simego\SQL Admin Studio\Simego.SQLTools.Explorer.exe:*:Enabled:SQL Admin Studio -- (Simego)
    "C:\Program Files\Lytec 2011\Lytec.exe" = C:\Program Files\Lytec 2011\Lytec.exe:*:Enabled:Lytec -- (McKesson)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 SP1 Management Studio
    "{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
    "{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 SP1 Management Studio
    "{130109DD-4BD1-492A-922D-B7B500263F86}" = .NET Framework Machine Code Access Security Policy
    "{13998462-EECC-40F7-B501-52A38AA0627F}" = Medicare Remit EasyPrint
    "{18026153-83A4-40E0-96B6-41E441607518}" = Eraser 6.0.9.2343
    "{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{299120B9-CD21-43F6-87A5-95BD0673EE45}" = SQL Admin Studio
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
    "{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
    "{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
    "{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
    "{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
    "{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
    "{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
    "{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
    "{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
    "{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
    "{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
    "{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
    "{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
    "{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
    "{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
    "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LYTEC_SQL)
    "{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
    "{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
    "{ED01C034-09A6-4C4F-A7B5-A1B5ADBA4542}" = Lytec 2011 Professional
    "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
    "{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
    "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
    "{fe8eca37-6afb-42a2-9f6a-c767aca48b38}" = Revenue Management
    "5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ATI Display Driver" = ATI Display Driver
    "AviSynth" = AviSynth 2.5
    "CaptureCAM-PLAYER" = CaptureCAM-PLAYER
    "CCleaner" = CCleaner
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-06-26
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Defraggler" = Defraggler
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "I-Menu_is1" = I-Menu 2.2
    "Lytec Professional 2007" = Lytec Professional 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "PSPVC" = PSPVC :: PSP Video Converter v3.91
    "Recuva" = Recuva
    "TurboTax 2010" = TurboTax 2010
    "uTorrent" = ĀµTorrent
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
    "WinRAR archiver" = WinRAR 4.00 (32-bit)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/7/2012 5:37:59 PM | Computer Name = SERVER | Source = Windows SharePoint Services 2.0 | ID = 1000
    Description = #50070: Unable to connect to the database STS_Config on SERVER\SharePoint.
    Check the database connection information and make sure that the database server
    is running.

    Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
    distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeDSAccess | ID = 264246
    Description = Process MAD.EXE (PID=2888). All Domain Controller Servers in use are
    not responding: server.PSBOYNTON.local For more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:02 AM | Computer Name = SERVER | Source = MSExchangeDSAccess | ID = 264248
    Description = Process INETINFO.EXE (PID=1476). All the DS Servers in domain are
    not responding. For more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:08 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
    distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:09 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
    distinguished name ''. Directory returned error:[0x51] Server Down. DC=PSBOYNTON,DC=local


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:09 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8250
    Description = The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
    specified component could not be found in the configuration information. The service
    could not be initialized. Make sure that the operating system was installed properly.


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:18 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory server.PSBOYNTON.local for
    distinguished name ''. Directory returned error:[0x51] Server Down. For more information,
    click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:00:18 AM | Computer Name = SERVER | Source = MSExchangeAL | ID = 8250
    Description = The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
    specified component could not be found in the configuration information. The service
    could not be initialized. Make sure that the operating system was installed properly.


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 6/8/2012 6:08:59 AM | Computer Name = SERVER | Source = Windows SharePoint Services 2.0 | ID = 1000
    Description = #50070: Unable to connect to the database STS_Config on SERVER\SharePoint.
    Check the database connection information and make sure that the database server
    is running.

    [ DNS Server Events ]
    Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4015
    Description = The DNS server has encountered a critical error from the Active Directory.
    Check
    that the Active Directory is functioning properly. The extended error debug information
    (which may be empty) is "". The event data contains the error.

    Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone .. This DNS server is configured to use information obtained from Active
    Directory
    for this zone and is unable to load the zone without it. Check that the Active
    Directory is functioning properly and repeat enumeration of the zone. The extended
    error debug information (which may be empty) is "". The event data contains the
    error.

    Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone _msdcs.PSBOYNTON.local. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 6/4/2012 6:00:21 AM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone PSBOYNTON.local. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat enumeration of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4015
    Description = The DNS server has encountered a critical error from the Active Directory.
    Check
    that the Active Directory is functioning properly. The extended error debug information
    (which may be empty) is "". The event data contains the error.

    Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone .. This DNS server is configured to use information obtained from Active
    Directory
    for this zone and is unable to load the zone without it. Check that the Active
    Directory is functioning properly and repeat enumeration of the zone. The extended
    error debug information (which may be empty) is "". The event data contains the
    error.

    Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone _msdcs.PSBOYNTON.local. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 6/7/2012 5:29:30 PM | Computer Name = SERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone PSBOYNTON.local. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat enumeration of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    [ File Replication Service Events ]
    Error - 12/19/2011 6:15:25 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 12/19/2011 6:15:25 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 12/27/2011 6:35:54 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 12/27/2011 6:35:54 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 2/15/2012 6:13:57 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 2/15/2012 6:13:57 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 3/21/2012 5:18:49 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 3/21/2012 5:18:49 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 4/27/2012 5:23:58 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 4/27/2012 5:23:58 PM | Computer Name = SERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    [ System Events ]
    Error - 6/11/2012 12:54:06 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:54:40 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:55:10 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:55:41 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:56:11 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:56:41 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:57:12 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:57:42 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:58:12 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.

    Error - 6/11/2012 12:58:43 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the SBCore service.


    < End of report >
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I will do a 'mini' fix for you.

    You system is filled with what appears to be work-related software which I normally don't touch. You also have a subnet, intranet and network. You have entries for 'remote management'- and you have specific port assignments:
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    You're using MREP software> way too much business involvement for an open board such as this. So I'm removing the one entry that I know shouldn't be on the system:
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    -------------------------------
    Because of the business/server involvement, if you want this problem handled safely, your boss needs to get an IT in to look at the system.
     
  11. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    Cleanup log:


    All processes killed
    ========== OTL ==========
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 57633049 bytes
    ->Temporary Internet Files folder emptied: 216407885 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 332562071 bytes
    ->Flash cache emptied: 18593 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 105475 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: ws3
    ->Temp folder emptied: 377889 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2525375 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 56599 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39426574 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 470743508 bytes

    Total Files Cleaned = 1,068.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: ws3
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: ws3

    Total Java Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    System Restore Service not available.

    OTL by OldTimer - Version 3.2.48.0 log created on 06122012_084051

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  12. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    OTL logfile created on: 6/12/2012 8:53:01 AM - Run 2
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.67% Memory free
    5.84 Gb Paging File | 4.46 Gb Available in Paging File | 76.41% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.11 Gb Total Space | 13.23 Gb Free Space | 35.66% Space Free | Partition Type: NTFS
    Drive D: | 115.56 Gb Total Space | 48.01 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
    Drive F: | 7.91 Gb Total Space | 5.24 Gb Free Space | 66.29% Space Free | Partition Type: FAT32
    Drive P: | 115.56 Gb Total Space | 48.01 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

    Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
    PRC - D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
    PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (WinHttpAutoProxySvc) -- winhttp.dll File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
    SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
    SRV - (MSSQL$LYTECMD) SQL Server (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (SQLAgent$LYTECMD) SQL Server Agent (LYTECMD) -- D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
    SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
    SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (MSExchangeIS) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
    SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
    SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
    SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
    SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
    SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
    SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (RESvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (POP3Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (NntpSvc) Network News Transfer Protocol (NNTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (IMAP4Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
    SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (MSPOP3Connector) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
    SRV - (MSExchangeSA) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    SRV - (MSExchangeMGMT) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    SRV - (MSExchangeMTA) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
    SRV - (MSExchangeSRS) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
    SRV - (MSSEARCH) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
    SRV - (MSExchangeES) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
    SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
    SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
    DRV - (LicenseInfo) -- File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (RsFx0151) -- C:\WINDOWS\system32\drivers\RsFx0151.sys (Microsoft Corporation)
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
    DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
    DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
    DRV - (hugoio) -- C:\Program Files\I-Menu\hugoio.sys ()
    DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
    DRV - (sacdrv) -- C:\WINDOWS\System32\drivers\sacdrv.sys (Microsoft Corporation)
    DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
    DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\dfs.sys (Microsoft Corporation)
    DRV - (MegaIDE) -- C:\WINDOWS\system32\drivers\MegaIDE.sys (LSI Logic Corporation.)
    DRV - (EXIFS) -- C:\WINDOWS\system32\drivers\exifs.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}
    IE - HKCU\..\SearchScopes\{FBC1770D-5D64-4BA0-9C8C-4CFDA2352BE9}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 09:53:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:32:16 | 000,000,000 | ---D | M]

    [2011/05/16 09:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012/06/04 10:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions
    [2011/08/30 09:10:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqutdr9m.default\extensions\netvideohunter@netvideohunter.com
    [2012/03/20 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/16 08:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/06/08 09:53:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/09/30 17:41:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 09:58:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/12 08:41:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O15 - HKCU\..Trusted Domains: bethesdahealthcare.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {4912ED81-BD9F-485E-86CA-BD62EC957435} https://ecospda.bethesdahealthcare.com/SOARIANWEBPROD2_020551029_M0K0_p_htm_28//sframe/IETools.cab (Soarian Frame Tools for Internet Explorer)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://diapp2.bethesdahealthcare.com/m0k0/html/download/IkmControlDownloader.cab (IkmControlDownloader Control)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSBOYNTON.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A21CF31-3F8F-4A08-AE14-CB76E689FF25}: NameServer = 192.168.1.254
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/30 11:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/12 08:40:51 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/06/11 12:49:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/06/08 10:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens
    [2012/06/08 09:58:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2012/06/07 09:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2012/06/07 09:42:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$950099Uinstall_KB968930$
    [2012/06/07 09:39:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$ExchUninstallKB888619$
    [2012/06/03 01:30:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2012/05/22 08:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ancient Mesopotamia

    ========== Files - Modified Within 30 Days ==========

    [2012/06/12 08:52:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/12 08:51:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/12 08:51:02 | 001,106,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/12 08:51:02 | 000,311,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/12 08:49:34 | 000,003,107 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
    [2012/06/12 08:46:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/12 08:41:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2012/06/12 07:46:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
    [2012/06/12 07:00:02 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
    [2012/06/12 06:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Performance Report.job
    [2012/06/11 19:02:56 | 000,000,505 | ---- | M] () -- C:\WINDOWS\tasks\Lytec 2011 Nightly Back Up.job
    [2012/06/11 13:13:22 | 000,032,409 | ---- | M] () -- C:\ads_err.adt
    [2012/06/11 13:06:00 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
    [2012/06/11 12:50:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/06/08 15:08:10 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyPrint.lnk
    [2012/06/08 10:18:56 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
    [2012/06/08 09:58:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/06/08 09:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/07 09:42:32 | 000,004,798 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/04 16:51:49 | 000,000,022 | ---- | M] () -- C:\WINDOWS\pspvc_path.ini
    [2012/06/04 15:15:23 | 024,268,588 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
    [2012/06/04 14:30:37 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Navinet.url
    [2012/06/04 09:12:50 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Payerpath - The Best Route for Healthcare Transactions.url
    [2012/05/24 10:58:21 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Payerpath - The Best Route for Healthcare Transactions.url
    [2012/05/18 13:10:55 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/17 14:54:27 | 000,235,070 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
    [2012/05/15 06:08:43 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/14 09:01:08 | 001,314,760 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf

    ========== Files Created - No Company Name ==========

    [2012/06/07 09:28:22 | 000,735,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2012/06/05 03:00:42 | 000,004,798 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/06/04 15:15:23 | 024,268,588 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cswdcc28.mp3
    [2012/05/17 14:54:27 | 000,235,070 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HollywoodHillsElementary.pdf
    [2012/05/14 09:01:05 | 001,314,760 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WorldAlzheimerReport.pdf
    [2012/03/27 09:23:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
    [2012/01/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
    [2012/01/06 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
    [2011/09/23 16:38:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\hugoio.sys
    [2011/07/15 09:33:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
    [2011/05/16 09:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/05/13 16:30:24 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/02 15:32:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/30 18:55:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/04/30 12:10:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2011/04/30 11:47:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2011/04/30 11:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2011/04/30 11:37:38 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
    [2011/04/30 11:30:42 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
    [2011/04/30 11:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/30 11:00:12 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/30 10:59:54 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2011/04/30 10:59:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2011/04/30 10:59:14 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2011/04/30 10:59:14 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2011/04/30 10:59:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2011/04/30 06:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/30 06:49:35 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

    ========== LOP Check ==========

    [2012/02/23 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
    [2011/05/02 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
    [2011/10/14 11:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mkvtoolnix
    [2011/12/23 10:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
    [2011/11/30 10:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RM_1711
    [2012/06/08 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SendClaim
    [2012/03/27 09:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
    [2012/04/05 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2011/05/02 14:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/11/21 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lytec
    [2011/11/21 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson
    [2011/11/30 10:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McKesson Corporation
    [2011/07/15 09:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
    [2011/08/10 10:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simego
    [2012/02/27 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/02/01 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/06/12 07:46:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
    [2012/06/11 19:02:56 | 000,000,505 | ---- | M] () -- C:\WINDOWS\Tasks\Lytec 2011 Nightly Back Up.job
    [2012/06/12 08:42:29 | 000,032,484 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
    [2012/06/12 07:00:02 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{7acc819c-7316-11e0-8656-806e6f6e6963}.job
    [2012/06/12 06:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Performance Report.job

    ========== Purity Check ==========



    < End of report >
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It looks like you've added addirtional entries to the Trusted Zone. I note that Broni had you remove same in the thread he helped you with. What you need to understand is tht nothing needs to be in the Trusted Zone. Security setting are lower in that zone and therefore any domain in it is a vulnerability to the system.
    =============================================
    OTM shows Total Files Cleaned = 1,068.00 mb. This is a huge amount of files. You need to set u[ better maintenance on the system,
    ============================================
    As I explained previously, I am not willing to delve into the numerous health care, provider related programs and processes you're running. A public, unsecure, open free internet forum is not the place to handle these files. I have remove a processe from the system. I don't know if it was the cause of the problem, but it's gone now.

    The process you are questioning is from SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation) which now appears to be displaying correctly,
    ============================================
    Can you do an online virus scan? I doubt it, but if you can, please run the following:

    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
     
  14. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    Sorry for the delay. ESET found no threats.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are obviously working in a medical related environment. And because of that, I am reluctant to remove processes. But I would like to mention, that considering the type of work you are doing, have you considered that it's just plaindangerous to have file sharing with uTorrent on the same system?

    C:\Documents and Settings\Administrator\Application Data\uTorrent

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe.
    I suggest that you uninstall utorrent and any other file sharing program on the system for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    =====================================================
    The ADS were removed- that was the most likely source of malware. If you can, run the following rootkit scan:

    [*] Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    [*]Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    [*] Double click on TDSSKiller.exe. to run the scan
    [*] When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    [*] Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    [*] After clicking Next, the utility applies selected actions and outputs the result.
    [*] A reboot is required after disinfection.[/list]
    ====================================
    I will review this log, then instruct you to remove the tools we used.
     
  16. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    13:30:18.0039 3124 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
    13:30:18.0367 3124 ============================================================
    13:30:18.0367 3124 Current date / time: 2012/06/15 13:30:18.0367
    13:30:18.0367 3124 SystemInfo:
    13:30:18.0367 3124
    13:30:18.0367 3124 OS Version: 5.2.3790 ServicePack: 2.0
    13:30:18.0367 3124 Product type: Domain controller
    13:30:18.0367 3124 ComputerName: SERVER
    13:30:18.0367 3124 UserName: administrator
    13:30:18.0367 3124 Windows directory: C:\WINDOWS
    13:30:18.0367 3124 System windows directory: C:\WINDOWS
    13:30:18.0367 3124 Processor architecture: Intel x86
    13:30:18.0367 3124 Number of processors: 1
    13:30:18.0383 3124 Page size: 0x1000
    13:30:18.0383 3124 Boot type: Normal boot
    13:30:18.0383 3124 ============================================================
    13:30:19.0196 3124 Drive \Device\Harddisk0\DR0 - Size: 0x262B000000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    13:30:19.0196 3124 Drive \Device\Harddisk1\DR3 - Size: 0x1FB200000 (7.92 Gb), SectorSize: 0x200, Cylinders: 0x40A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:30:19.0196 3124 ============================================================
    13:30:19.0196 3124 \Device\Harddisk0\DR0:
    13:30:19.0196 3124 MBR partitions:
    13:30:19.0196 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A36BAD
    13:30:19.0196 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4A36C2B, BlocksNum 0xE71D26E
    13:30:19.0196 3124 \Device\Harddisk1\DR3:
    13:30:19.0196 3124 MBR partitions:
    13:30:19.0196 3124 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x18, BlocksNum 0xFD8FE8
    13:30:19.0196 3124 ============================================================
    13:30:19.0227 3124 D: <-> \Device\Harddisk0\DR0\Partition1
    13:30:19.0242 3124 C: <-> \Device\Harddisk0\DR0\Partition0
    13:30:19.0242 3124 ============================================================
    13:30:19.0242 3124 Initialize success
    13:30:19.0242 3124 ============================================================
    13:30:31.0055 1976 ============================================================
    13:30:31.0055 1976 Scan started
    13:30:31.0055 1976 Mode: Manual;
    13:30:31.0055 1976 ============================================================
    13:30:31.0930 1976 Abiosdsk - ok
    13:30:31.0977 1976 ACPI (a0a850bac6f8a88ad0fc964c6bea170d) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:30:31.0992 1976 ACPI - ok
    13:30:32.0008 1976 ACPIEC (043c89cc533ff546d835cb998b95b198) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:30:32.0008 1976 ACPIEC - ok
    13:30:32.0039 1976 adpu160m - ok
    13:30:32.0055 1976 adpu320 - ok
    13:30:32.0117 1976 AeLookupSvc (d01968edebf1dc11e4c93517c98cdf7c) C:\WINDOWS\System32\aelupsvc.dll
    13:30:32.0117 1976 AeLookupSvc - ok
    13:30:32.0133 1976 afcnt - ok
    13:30:32.0196 1976 AFD (317e75d96065ac6af5ef8857ce2e399b) C:\WINDOWS\System32\drivers\afd.sys
    13:30:32.0196 1976 AFD - ok
    13:30:32.0211 1976 aic78u2 - ok
    13:30:32.0258 1976 aic78xx - ok
    13:30:32.0289 1976 Alerter (055318e373b45ad6c3f518732809ef4e) C:\WINDOWS\system32\alrsvc.dll
    13:30:32.0289 1976 Alerter - ok
    13:30:32.0336 1976 ALG (8e89cb0283d7ded092d76ae53d123c40) C:\WINDOWS\System32\alg.exe
    13:30:32.0336 1976 ALG - ok
    13:30:32.0367 1976 AliIde - ok
    13:30:32.0414 1976 AmdIde (d175d3c400a412b9cb2095e452afbbb0) C:\WINDOWS\system32\drivers\AmdIde.sys
    13:30:32.0414 1976 AmdIde - ok
    13:30:32.0461 1976 AppMgmt (8a5ad4cfe2d84371abadfcf9e21954f6) C:\WINDOWS\System32\appmgmts.dll
    13:30:32.0477 1976 AppMgmt - ok
    13:30:32.0508 1976 arc (a9c7273645a06a01ac2ca070d7d7ec87) C:\WINDOWS\system32\drivers\arc.sys
    13:30:32.0508 1976 arc - ok
    13:30:32.0680 1976 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    13:30:32.0696 1976 aspnet_state - ok
    13:30:32.0727 1976 AsyncMac (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:30:32.0727 1976 AsyncMac - ok
    13:30:32.0758 1976 atapi (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:30:32.0758 1976 atapi - ok
    13:30:32.0774 1976 Atdisk - ok
    13:30:32.0899 1976 ati2mtag (fb61579b321953e2dfc92a1cc12be2c6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    13:30:32.0930 1976 ati2mtag - ok
    13:30:32.0977 1976 Atmarpc (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:30:32.0977 1976 Atmarpc - ok
    13:30:33.0008 1976 AudioSrv (754a448d5b87cbede41a0f0e0b237b03) C:\WINDOWS\System32\audiosrv.dll
    13:30:33.0008 1976 AudioSrv - ok
    13:30:33.0039 1976 audstub (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:30:33.0039 1976 audstub - ok
    13:30:33.0086 1976 Beep (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys
    13:30:33.0086 1976 Beep - ok
    13:30:33.0133 1976 BITS (9d7a318b2c7ae51e9d5374f8eede856c) C:\WINDOWS\system32\qmgr.dll
    13:30:33.0196 1976 BITS - ok
    13:30:33.0227 1976 Browser (f750a96d7478d435f5ac9ece6698f81e) C:\WINDOWS\System32\browser.dll
    13:30:33.0227 1976 Browser - ok
    13:30:33.0242 1976 cbidf2k (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:30:33.0258 1976 cbidf2k - ok
    13:30:33.0258 1976 cd20xrnt - ok
    13:30:33.0305 1976 Cdfs (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:30:33.0305 1976 Cdfs - ok
    13:30:33.0336 1976 Cdrom (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:30:33.0336 1976 Cdrom - ok
    13:30:33.0352 1976 Changer - ok
    13:30:33.0399 1976 CiSvc (934ee973e9ee6ac414e9a0f07ab73d6e) C:\WINDOWS\system32\cisvc.exe
    13:30:33.0399 1976 CiSvc - ok
    13:30:33.0430 1976 ClipSrv (e53196ba56081f154e2d7a9e50a1d33f) C:\WINDOWS\system32\clipsrv.exe
    13:30:33.0430 1976 ClipSrv - ok
    13:30:33.0508 1976 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:30:33.0539 1976 clr_optimization_v2.0.50727_32 - ok
    13:30:33.0602 1976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:30:33.0680 1976 clr_optimization_v4.0.30319_32 - ok
    13:30:33.0727 1976 ClusDisk (54308cdf97622fae1620bb1ec39ef014) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
    13:30:33.0727 1976 ClusDisk - ok
    13:30:33.0742 1976 CmdIde - ok
    13:30:33.0758 1976 COMSysApp - ok
    13:30:33.0821 1976 Cpqarray - ok
    13:30:33.0852 1976 cpqarry2 - ok
    13:30:33.0883 1976 cpqcissm - ok
    13:30:33.0899 1976 cpqfcalm - ok
    13:30:33.0977 1976 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    13:30:33.0977 1976 cpudrv - ok
    13:30:34.0008 1976 crcdisk (0ee27d9dbb208c13314f3c60f66aed26) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
    13:30:34.0008 1976 crcdisk - ok
    13:30:34.0039 1976 CryptSvc (feb85da744dd3f41a427cf6d2bc04fe4) C:\WINDOWS\System32\cryptsvc.dll
    13:30:34.0039 1976 CryptSvc - ok
    13:30:34.0071 1976 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
    13:30:34.0071 1976 ctxusbm - ok
    13:30:34.0086 1976 dac2w2k - ok
    13:30:34.0117 1976 dac960nt - ok
    13:30:34.0196 1976 DcomLaunch (305a8757d66b5d416b47c497c27a01fe) C:\WINDOWS\system32\rpcss.dll
    13:30:34.0196 1976 DcomLaunch - ok
    13:30:34.0211 1976 dellcerc - ok
    13:30:34.0258 1976 Dfs (6217aa084ef7e052f3b5d7c3f67f68af) C:\WINDOWS\system32\Dfssvc.exe
    13:30:34.0258 1976 Dfs - ok
    13:30:34.0289 1976 DfsDriver (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys
    13:30:34.0289 1976 DfsDriver - ok
    13:30:34.0321 1976 Dhcp (1201df9a11fbb0f69ebd22e503d3bc87) C:\WINDOWS\System32\dhcpcsvc.dll
    13:30:34.0321 1976 Dhcp - ok
    13:30:34.0352 1976 DHCPServer (e0be3e7f71415351f90af4ce21ed9dd7) C:\WINDOWS\system32\tcpsvcs.exe
    13:30:34.0367 1976 DHCPServer - ok
    13:30:34.0399 1976 Disk (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:30:34.0399 1976 Disk - ok
    13:30:34.0414 1976 dmadmin - ok
    13:30:34.0492 1976 dmboot (89fa376d83042f6f1aed505106a5719d) C:\WINDOWS\system32\drivers\dmboot.sys
    13:30:34.0492 1976 dmboot - ok
    13:30:34.0524 1976 dmio (15081421ee62dc1c95abb387d9081571) C:\WINDOWS\system32\drivers\dmio.sys
    13:30:34.0524 1976 dmio - ok
    13:30:34.0555 1976 dmload (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys
    13:30:34.0555 1976 dmload - ok
    13:30:34.0586 1976 dmserver (78a11666307820af94b5712d53decc55) C:\WINDOWS\System32\dmserver.dll
    13:30:34.0586 1976 dmserver - ok
    13:30:34.0649 1976 DNS (a2023ccdf44afdb476ad310a42444dec) C:\WINDOWS\System32\dns.exe
    13:30:34.0664 1976 DNS - ok
    13:30:34.0680 1976 Dnscache (e927f3b46f85d934c8f420fe08593d1b) C:\WINDOWS\System32\dnsrslvr.dll
    13:30:34.0680 1976 Dnscache - ok
    13:30:34.0696 1976 dpti2o - ok
    13:30:35.0024 1976 e1express (d0e8dd3f56bd8488995f67b80ff51461) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    13:30:35.0039 1976 e1express - ok
    13:30:35.0055 1976 elxstor - ok
    13:30:35.0117 1976 ERSvc (6f09ae902663735b6bd24198d25f453a) C:\WINDOWS\System32\ersvc.dll
    13:30:35.0149 1976 ERSvc - ok
    13:30:35.0305 1976 Eventlog (cf500580cdd83b145646a4dcfce1cf3c) C:\WINDOWS\system32\services.exe
    13:30:35.0321 1976 Eventlog - ok
    13:30:35.0383 1976 EventSystem (c17c56e91045e14df45d62dd89aed50c) C:\WINDOWS\system32\es.dll
    13:30:35.0383 1976 EventSystem - ok
    13:30:35.0446 1976 EXIFS (bcaeb10ce8d82f98924f8a4a000e6554) C:\WINDOWS\system32\drivers\exifs.sys
    13:30:35.0477 1976 EXIFS - ok
    13:30:35.0555 1976 Fastfat (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:30:35.0555 1976 Fastfat - ok
    13:30:35.0617 1976 Fax (178d2cb203673f906d488c98ba01f245) C:\WINDOWS\system32\fxssvc.exe
    13:30:35.0649 1976 Fax - ok
    13:30:35.0696 1976 Fdc (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:30:35.0696 1976 Fdc - ok
    13:30:35.0774 1976 Fips (b485ac2edc466c538bdff32bc3f2e506) C:\WINDOWS\system32\drivers\Fips.sys
    13:30:35.0774 1976 Fips - ok
    13:30:35.0821 1976 Flpydisk (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:30:35.0821 1976 Flpydisk - ok
    13:30:35.0914 1976 FltMgr (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:30:35.0946 1976 FltMgr - ok
    13:30:36.0086 1976 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:30:36.0086 1976 FontCache3.0.0.0 - ok
    13:30:36.0133 1976 Fs_Rec (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:30:36.0133 1976 Fs_Rec - ok
    13:30:36.0227 1976 Ftdisk (4c533b70afa917416aec57fcbeecb57d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:30:36.0258 1976 Ftdisk - ok
    13:30:36.0289 1976 Gpc (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:30:36.0289 1976 Gpc - ok
    13:30:36.0446 1976 helpsvc (40ca39dba80372ed8ec34c4bece68495) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:30:36.0446 1976 helpsvc - ok
    13:30:36.0461 1976 HidServ - ok
    13:30:36.0492 1976 hidusb (90a325e14f9b95f17712707b1a7181b5) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:30:36.0492 1976 hidusb - ok
    13:30:36.0539 1976 hpcisss (8a445379d6e73731a6a37318dbb0c880) C:\WINDOWS\system32\drivers\hpcisss.sys
    13:30:36.0539 1976 hpcisss - ok
    13:30:36.0571 1976 hpn - ok
    13:30:36.0586 1976 hpt3xx - ok
    13:30:36.0680 1976 HTTP (7a5d176c4b43f0a47da4051c96c56439) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:30:36.0680 1976 HTTP - ok
    13:30:36.0727 1976 HTTPFilter (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:36.0727 1976 HTTPFilter - ok
    13:30:36.0789 1976 hugoio (7deccb2612255f4b538976ad25da0d29) C:\Program Files\I-Menu\hugoio.sys
    13:30:36.0789 1976 hugoio - ok
    13:30:36.0805 1976 i2omgmt - ok
    13:30:36.0836 1976 i2omp - ok
    13:30:36.0883 1976 i8042prt (68e8ff9eeaf8b37a66cac2c57835ffbd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:30:36.0899 1976 i8042prt - ok
    13:30:36.0961 1976 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:30:36.0992 1976 idsvc - ok
    13:30:37.0008 1976 iirsp - ok
    13:30:37.0071 1976 IISADMIN (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:37.0071 1976 IISADMIN - ok
    13:30:37.0086 1976 IMAP4Svc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:37.0086 1976 IMAP4Svc - ok
    13:30:37.0117 1976 imapi (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:30:37.0149 1976 imapi - ok
    13:30:37.0196 1976 ImapiService (5da3013244229422c9cbd91a16a477c4) C:\WINDOWS\system32\imapi.exe
    13:30:37.0227 1976 ImapiService - ok
    13:30:37.0289 1976 IntelIde - ok
    13:30:37.0336 1976 intelppm (7d7575b971b3a0fe26fac6f5d58f5180) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:30:37.0336 1976 intelppm - ok
    13:30:37.0414 1976 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    13:30:37.0414 1976 IntuitUpdateService - ok
    13:30:37.0446 1976 Ip6Fw (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:30:37.0461 1976 Ip6Fw - ok
    13:30:37.0477 1976 IpFilterDriver (5a41f207b7c39ee4918f7496a4f19b14) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:30:37.0492 1976 IpFilterDriver - ok
    13:30:37.0508 1976 IpInIp - ok
    13:30:37.0555 1976 IpNat (890e7a14a63aec2ea9257a79a88be784) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:30:37.0555 1976 IpNat - ok
    13:30:37.0617 1976 IPSec (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:30:37.0617 1976 IPSec - ok
    13:30:37.0633 1976 ipsraidn - ok
    13:30:37.0711 1976 IRENUM (11407ee682a2d5b0248de8af0f1a6996) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:30:37.0711 1976 IRENUM - ok
    13:30:37.0758 1976 isapnp (b71ba04a3b5d4404225ccdbf1969078f) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:30:37.0758 1976 isapnp - ok
    13:30:37.0821 1976 IsmServ (1b1a2084540cc1f2e9a297a263d69d23) C:\WINDOWS\System32\ismserv.exe
    13:30:37.0821 1976 IsmServ - ok
    13:30:37.0899 1976 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    13:30:37.0914 1976 JavaQuickStarterService - ok
    13:30:37.0961 1976 Kbdclass (e5097a07e14f36abc21fa18d88f93655) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:30:37.0961 1976 Kbdclass - ok
    13:30:37.0992 1976 kdc (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\System32\lsass.exe
    13:30:37.0992 1976 kdc - ok
    13:30:38.0039 1976 KSecDD (2e47d8ffe0965d166f962a45302c7edd) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:30:38.0039 1976 KSecDD - ok
    13:30:38.0086 1976 lanmanserver (dfc5b13f931461acc025d76d39afec0d) C:\WINDOWS\System32\srvsvc.dll
    13:30:38.0086 1976 lanmanserver - ok
    13:30:38.0133 1976 lanmanworkstation (5e8a9c4673b194dd1181b3f003d4f996) C:\WINDOWS\System32\wkssvc.dll
    13:30:38.0133 1976 lanmanworkstation - ok
    13:30:38.0211 1976 LicenseService (647945b72994e7b4a07f6da10f1dcd79) C:\WINDOWS\System32\llssrv.exe
    13:30:38.0227 1976 LicenseService - ok
    13:30:38.0274 1976 LmHosts (1916d44188853a53db93aecc6e6197d0) C:\WINDOWS\System32\lmhsvc.dll
    13:30:38.0289 1976 LmHosts - ok
    13:30:38.0352 1976 LMIInfo - ok
    13:30:38.0446 1976 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    13:30:38.0461 1976 lmimirr - ok
    13:30:38.0477 1976 LMIRfsClientNP - ok
    13:30:38.0539 1976 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    13:30:38.0539 1976 LMIRfsDriver - ok
    13:30:38.0555 1976 lp6nds35 - ok
    13:30:38.0633 1976 MegaIDE (3eddb807e7de20510dd7ffd4a36aba26) C:\WINDOWS\system32\drivers\MegaIDE.sys
    13:30:38.0649 1976 MegaIDE - ok
    13:30:38.0680 1976 Messenger (7ce5ba9dd4beafa48dd099564046c6de) C:\WINDOWS\System32\msgsvc.dll
    13:30:38.0680 1976 Messenger - ok
    13:30:38.0711 1976 mnmdd (c35bb38904d843c0465858195b30dab7) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:30:38.0711 1976 mnmdd - ok
    13:30:38.0743 1976 mnmsrvc (e2d859fa2e90fd1f12ca0806df8a4b3e) C:\WINDOWS\system32\mnmsrvc.exe
    13:30:38.0758 1976 mnmsrvc - ok
    13:30:38.0774 1976 Modem (81ec1c6d3798b36a92a6d7a355ba2c62) C:\WINDOWS\system32\drivers\Modem.sys
    13:30:38.0774 1976 Modem - ok
    13:30:38.0805 1976 Mouclass (aa50da5ab638ce0bab5f7d5d633110c2) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:30:38.0805 1976 Mouclass - ok
    13:30:38.0836 1976 mouhid (6824b20127716121b53a2ec2bd6739b7) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:30:38.0836 1976 mouhid - ok
    13:30:38.0899 1976 MountMgr (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:30:38.0899 1976 MountMgr - ok
    13:30:38.0946 1976 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    13:30:38.0946 1976 MozillaMaintenance - ok
    13:30:38.0961 1976 mraid35x - ok
    13:30:39.0024 1976 MRxDAV (ab6db63a1791f8e86b085291686464fd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:30:39.0024 1976 MRxDAV - ok
    13:30:39.0102 1976 MRxSmb (16936142fa1d989cf63fd22c8b9d4a6d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:30:39.0133 1976 MRxSmb - ok
    13:30:39.0164 1976 MSDTC (2eaa1763a77be385b9a71a843c7f159e) C:\WINDOWS\system32\msdtc.exe
    13:30:39.0164 1976 MSDTC - ok
    13:30:39.0305 1976 MSExchangeES (b3a81fdbcbe84136ab5abdc7b802683d) C:\Program Files\Exchsrvr\bin\events.exe
    13:30:39.0321 1976 MSExchangeES - ok
    13:30:39.0743 1976 MSExchangeIS (44fc186cfdab789de709b008aef40830) C:\Program Files\Exchsrvr\bin\store.exe
    13:30:39.0852 1976 MSExchangeIS - ok
    13:30:40.0211 1976 MSExchangeMGMT (5a3170fca8186ef7030f93a4322951ab) C:\Program Files\Exchsrvr\bin\exmgmt.exe
    13:30:40.0289 1976 MSExchangeMGMT - ok
    13:30:40.0618 1976 MSExchangeMTA (5e0769d165cd7e044103fad0692b010c) C:\Program Files\Exchsrvr\bin\emsmta.exe
    13:30:40.0743 1976 MSExchangeMTA - ok
    13:30:41.0336 1976 MSExchangeSA (f46b1976f4714d5fd4f2ecbeb888633b) C:\Program Files\Exchsrvr\bin\mad.exe
    13:30:41.0555 1976 MSExchangeSA - ok
    13:30:41.0633 1976 MSExchangeSRS (e16d42d2550f0def215900a4596e3166) C:\Program Files\Exchsrvr\bin\srsmain.exe
    13:30:41.0649 1976 MSExchangeSRS - ok
    13:30:41.0789 1976 Msfs (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys
    13:30:41.0789 1976 Msfs - ok
    13:30:41.0805 1976 MSIServer - ok
    13:30:41.0883 1976 MSPOP3Connector (a26a5ad2b6ebd2d5b98bd5c27e644ce3) C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
    13:30:41.0883 1976 MSPOP3Connector - ok
    13:30:41.0977 1976 MSSEARCH (5c7157451da94116443b96c4d59d059c) C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    13:30:41.0977 1976 MSSEARCH - ok
    13:30:42.0039 1976 mssmbios (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:30:42.0039 1976 mssmbios - ok
    13:30:42.0149 1976 MSSQL$LYTECMD - ok
    13:30:42.0993 1976 MSSQL$LYTEC_SQL (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$LYTEC_SQL\Binn\sqlservr.exe
    13:30:43.0274 1976 MSSQL$LYTEC_SQL - ok
    13:30:43.0977 1976 MSSQL$SBSMONITORING (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
    13:30:44.0164 1976 MSSQL$SBSMONITORING - ok
    13:30:44.0868 1976 MSSQL$SHAREPOINT (05f3cc005d244d39af3944948b5f32f0) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
    13:30:45.0055 1976 MSSQL$SHAREPOINT - ok
    13:30:45.0102 1976 MSSQLServerADHelper (1d1b22613eab9287af902398867bc93c) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
    13:30:45.0102 1976 MSSQLServerADHelper - ok
    13:30:45.0164 1976 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    13:30:45.0164 1976 MSSQLServerADHelper100 - ok
    13:30:45.0305 1976 Mup (834560abee4eae62620f4026263aa051) C:\WINDOWS\system32\drivers\Mup.sys
    13:30:45.0305 1976 Mup - ok
    13:30:45.0352 1976 NDIS (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys
    13:30:45.0368 1976 NDIS - ok
    13:30:45.0399 1976 NdisTapi (888b08f81b7d8428a37439d15c27f419) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:30:45.0399 1976 NdisTapi - ok
    13:30:45.0430 1976 Ndisuio (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:30:45.0430 1976 Ndisuio - ok
    13:30:45.0493 1976 NdisWan (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:30:45.0493 1976 NdisWan - ok
    13:30:45.0524 1976 NDProxy (5298ed90bbe5c5eeedc363eed2888a25) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:30:45.0524 1976 NDProxy - ok
    13:30:45.0555 1976 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
    13:30:45.0555 1976 Net Driver HPZ12 - ok
    13:30:45.0586 1976 NetBIOS (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:30:45.0586 1976 NetBIOS - ok
    13:30:45.0680 1976 NetBT (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:30:45.0680 1976 NetBT - ok
    13:30:45.0727 1976 NetDDE (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
    13:30:45.0727 1976 NetDDE - ok
    13:30:45.0743 1976 NetDDEdsdm (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
    13:30:45.0743 1976 NetDDEdsdm - ok
    13:30:45.0789 1976 Netlogon (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:45.0789 1976 Netlogon - ok
    13:30:45.0821 1976 Netman (12bcfb57162ad17cea545e362cd886a8) C:\WINDOWS\System32\netman.dll
    13:30:45.0836 1976 Netman - ok
    13:30:45.0930 1976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:30:45.0946 1976 NetTcpPortSharing - ok
    13:30:45.0961 1976 nfrd960 - ok
    13:30:46.0024 1976 Nla (9c0bf64484e9d297cb3e96dc22765a82) C:\WINDOWS\System32\mswsock.dll
    13:30:46.0024 1976 Nla - ok
    13:30:46.0071 1976 NntpSvc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:46.0071 1976 NntpSvc - ok
    13:30:46.0102 1976 Npfs (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys
    13:30:46.0102 1976 Npfs - ok
    13:30:46.0196 1976 NtFrs (981756f0532439aa3a1a4ae9da9f930e) C:\WINDOWS\system32\ntfrs.exe
    13:30:46.0211 1976 NtFrs - ok
    13:30:46.0289 1976 Ntfs (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:30:46.0305 1976 Ntfs - ok
    13:30:46.0336 1976 NtLmSsp (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:46.0336 1976 NtLmSsp - ok
    13:30:46.0399 1976 NtmsSvc (fea5225ef80d5930b86d7a6570bcbbdf) C:\WINDOWS\system32\ntmssvc.dll
    13:30:46.0414 1976 NtmsSvc - ok
    13:30:46.0430 1976 Null (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys
    13:30:46.0430 1976 Null - ok
    13:30:46.0508 1976 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:30:46.0524 1976 ose - ok
    13:30:46.0539 1976 Parport (ee3333b36deb86a0d472f037172da10a) C:\WINDOWS\system32\drivers\Parport.sys
    13:30:46.0555 1976 Parport - ok
    13:30:46.0571 1976 PartMgr (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:30:46.0571 1976 PartMgr - ok
    13:30:46.0649 1976 PCI (8217000e5c53ce823b3111f339e47c41) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:30:46.0649 1976 PCI - ok
    13:30:46.0696 1976 PCIIde (7e3fb50aa22d4ed883c6abdd40e9c60b) C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:30:46.0696 1976 PCIIde - ok
    13:30:46.0727 1976 Pcmcia (fc9f4c9c73e9698357c836be4628a299) C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:30:46.0727 1976 Pcmcia - ok
    13:30:46.0743 1976 PDCOMP - ok
    13:30:46.0774 1976 PDFRAME - ok
    13:30:46.0805 1976 PDRELI - ok
    13:30:46.0821 1976 PDRFRAME - ok
    13:30:46.0852 1976 perc2 - ok
    13:30:46.0883 1976 perc2hib - ok
    13:30:46.0993 1976 PlugPlay (cf500580cdd83b145646a4dcfce1cf3c) C:\WINDOWS\system32\services.exe
    13:30:46.0993 1976 PlugPlay - ok
    13:30:47.0024 1976 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
    13:30:47.0024 1976 Pml Driver HPZ12 - ok
    13:30:47.0039 1976 PolicyAgent (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:47.0039 1976 PolicyAgent - ok
    13:30:47.0102 1976 POP3Svc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:47.0102 1976 POP3Svc - ok
    13:30:47.0133 1976 PptpMiniport (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:30:47.0133 1976 PptpMiniport - ok
    13:30:47.0149 1976 ProtectedStorage (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:47.0164 1976 ProtectedStorage - ok
    13:30:47.0196 1976 Ptilink (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:30:47.0196 1976 Ptilink - ok
    13:30:47.0211 1976 ql1080 - ok
    13:30:47.0243 1976 Ql10wnt - ok
    13:30:47.0274 1976 ql12160 - ok
    13:30:47.0305 1976 ql1240 - ok
    13:30:47.0336 1976 ql1280 - ok
    13:30:47.0368 1976 ql2100 - ok
    13:30:47.0399 1976 ql2200 - ok
    13:30:47.0430 1976 ql2300 - ok
    13:30:47.0461 1976 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
    13:30:47.0461 1976 radpms - ok
    13:30:47.0477 1976 RasAcd (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:30:47.0477 1976 RasAcd - ok
    13:30:47.0524 1976 RasAuto (ed67fa5dc9ce0bfc5ccce4296c684a57) C:\WINDOWS\System32\rasauto.dll
    13:30:47.0524 1976 RasAuto - ok
    13:30:47.0555 1976 Rasl2tp (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:30:47.0555 1976 Rasl2tp - ok
    13:30:47.0664 1976 RasMan (02bc610cc90ca5415eb2c9409e77d583) C:\WINDOWS\System32\rasmans.dll
    13:30:47.0664 1976 RasMan - ok
    13:30:47.0696 1976 RasPppoe (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:30:47.0696 1976 RasPppoe - ok
    13:30:47.0727 1976 Raspti (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:30:47.0727 1976 Raspti - ok
    13:30:47.0774 1976 Rdbss (4496b15c44ccb703fbc54f2cf5b67f15) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:30:47.0774 1976 Rdbss - ok
    13:30:47.0805 1976 RDPCDD (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:30:47.0821 1976 RDPCDD - ok
    13:30:47.0883 1976 rdpdr (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:30:47.0883 1976 rdpdr - ok
    13:30:47.0930 1976 RDPWD (4e2e9b17a618433d68697a3c6d8ddd6e) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:30:47.0930 1976 RDPWD - ok
    13:30:47.0961 1976 RDSessMgr (81f1cf0ed96e58a391ff83f792c87f3e) C:\WINDOWS\system32\sessmgr.exe
    13:30:47.0977 1976 RDSessMgr - ok
    13:30:48.0008 1976 redbook (c6f8751f3263603935866e71629cfae4) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:30:48.0008 1976 redbook - ok
    13:30:48.0039 1976 RemoteAccess (d8f172c1ca72666d8193e226da7225f4) C:\WINDOWS\System32\mprdim.dll
    13:30:48.0039 1976 RemoteAccess - ok
    13:30:48.0071 1976 RemoteRegistry (55efa91d1c0de44c22d2d83413b06510) C:\WINDOWS\system32\regsvc.dll
    13:30:48.0071 1976 RemoteRegistry - ok
    13:30:48.0118 1976 RESvc (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:48.0118 1976 RESvc - ok
    13:30:48.0149 1976 RpcLocator (a83414d7a45555274e99793aa22d54ab) C:\WINDOWS\system32\locator.exe
    13:30:48.0149 1976 RpcLocator - ok
    13:30:48.0211 1976 RpcSs (305a8757d66b5d416b47c497c27a01fe) C:\WINDOWS\system32\rpcss.dll
    13:30:48.0211 1976 RpcSs - ok
    13:30:48.0258 1976 RsFx0151 (66a54bf20084400a7dd5e3b69e008799) C:\WINDOWS\system32\DRIVERS\RsFx0151.sys
    13:30:48.0258 1976 RsFx0151 - ok
    13:30:48.0305 1976 RSoPProv (3357c6edd71e73110c83f54e35ecde4d) C:\WINDOWS\system32\RSoPProv.exe
    13:30:48.0305 1976 RSoPProv - ok
    13:30:48.0336 1976 sacdrv (34d79729d6e4d1289e08322405045085) C:\WINDOWS\system32\drivers\sacdrv.sys
    13:30:48.0352 1976 sacdrv - ok
    13:30:48.0368 1976 sacsvr (77919394900dec12c8e65cb35d6272fe) C:\WINDOWS\system32\sacsvr.dll
    13:30:48.0368 1976 sacsvr - ok
    13:30:48.0399 1976 SamSs (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
    13:30:48.0399 1976 SamSs - ok
    13:30:48.0430 1976 SBCore (d73cbd3de79ab61de6a23fa1a6ee8062) C:\WINDOWS\System32\sbscrexe.exe
    13:30:48.0430 1976 SBCore - ok
    13:30:48.0461 1976 SCardSvr (edf6b1852a55581ecc6ba18b4e2c6e8e) C:\WINDOWS\System32\SCardSvr.exe
    13:30:48.0461 1976 SCardSvr - ok
    13:30:48.0508 1976 Schedule (7e60f04ae424401a14d153ca6e851a85) C:\WINDOWS\system32\schedsvc.dll
    13:30:48.0508 1976 Schedule - ok
    13:30:48.0618 1976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:30:48.0618 1976 Secdrv - ok
    13:30:48.0664 1976 seclogon (03911d9a5d15a80301e767f787c0b015) C:\WINDOWS\System32\seclogon.dll
    13:30:48.0680 1976 seclogon - ok
    13:30:48.0711 1976 SENS (97b6172283112af7451e4abe83dd6f24) C:\WINDOWS\system32\sens.dll
    13:30:48.0727 1976 SENS - ok
    13:30:48.0758 1976 serenum (b261d4597bf9a2723b7020207260c72a) C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:30:48.0758 1976 serenum - ok
    13:30:48.0789 1976 Serial (95768fde08dd34089aa90dccb5537704) C:\WINDOWS\system32\DRIVERS\serial.sys
    13:30:48.0789 1976 Serial - ok
    13:30:48.0930 1976 Sfloppy (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:30:48.0930 1976 Sfloppy - ok
    13:30:48.0977 1976 SharedAccess (27c6b8c2afed21c10429a56db95735f6) C:\WINDOWS\system32\ipnathlp.dll
    13:30:48.0993 1976 SharedAccess - ok
    13:30:49.0024 1976 ShellHWDetection (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
    13:30:49.0024 1976 ShellHWDetection - ok
    13:30:49.0039 1976 Simbad - ok
    13:30:49.0086 1976 SMTPSVC (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
    13:30:49.0086 1976 SMTPSVC - ok
    13:30:49.0133 1976 Spooler (30b32e3127d9bbaa1e32394134718070) C:\WINDOWS\system32\spoolsv.exe
    13:30:49.0133 1976 Spooler - ok
    13:30:49.0227 1976 SPTimer (7cf73f624438d102f3e3e560d188a75c) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE
    13:30:49.0227 1976 SPTimer - ok
    13:30:49.0274 1976 SQLAgent$LYTECMD (230c6aa1091190d2fdb40766cbd3dbbd) D:\LytecData2011\Data\MSSQL10_50.LYTECMD\MSSQL\Binn\SQLAGENT.EXE
    13:30:49.0305 1976 SQLAgent$LYTECMD - ok
    13:30:49.0368 1976 SQLAgent$LYTEC_SQL (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$LYTEC_SQL\Binn\sqlagent.EXE
    13:30:49.0383 1976 SQLAgent$LYTEC_SQL - ok
    13:30:49.0446 1976 SQLAgent$SBSMONITORING (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
    13:30:49.0461 1976 SQLAgent$SBSMONITORING - ok
    13:30:49.0524 1976 SQLAgent$SHAREPOINT (cfa2e4f377ecfb4be7a2242a35ff8086) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE
    13:30:49.0539 1976 SQLAgent$SHAREPOINT - ok
    13:30:49.0649 1976 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    13:30:49.0649 1976 SQLBrowser - ok
    13:30:49.0727 1976 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    13:30:49.0727 1976 SQLWriter - ok
    13:30:49.0883 1976 Srv (e8b1a07774a9e4fec3105cbad49bf289) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:30:49.0883 1976 Srv - ok
    13:30:49.0930 1976 stisvc (0df3c24094f68a5e5fa77a681e438a46) C:\WINDOWS\system32\wiaservc.dll
    13:30:49.0946 1976 stisvc - ok
    13:30:49.0977 1976 swenum (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:30:49.0977 1976 swenum - ok
    13:30:50.0008 1976 swprv (0ba2f4d23d62f7475a70d1988142d6bd) C:\WINDOWS\System32\swprv.dll
    13:30:50.0024 1976 swprv - ok
    13:30:50.0039 1976 symc810 - ok
    13:30:50.0071 1976 symc8xx - ok
    13:30:50.0102 1976 symmpi - ok
    13:30:50.0133 1976 sym_hi - ok
    13:30:50.0149 1976 sym_u3 - ok
    13:30:50.0211 1976 SysmonLog (cc8610d2ffaff19d5c9cf8ce9ffad71a) C:\WINDOWS\system32\smlogsvc.exe
    13:30:50.0211 1976 SysmonLog - ok
    13:30:50.0258 1976 TapiSrv (ce1fcaf92f06bb8549c9e1b8605b90cc) C:\WINDOWS\System32\tapisrv.dll
    13:30:50.0274 1976 TapiSrv - ok
    13:30:50.0321 1976 Tcpip (238dc2b879d1b37b91f8d5d44f3815d3) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:30:50.0321 1976 Tcpip - ok
    13:30:50.0352 1976 TDPIPE (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:30:50.0352 1976 TDPIPE - ok
    13:30:50.0383 1976 TDTCP (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys
    13:30:50.0383 1976 TDTCP - ok
    13:30:50.0414 1976 TermDD (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:30:50.0414 1976 TermDD - ok
    13:30:50.0461 1976 TermService (5f0bd29cbd95465a3aa3ca319bc591a9) C:\WINDOWS\System32\termsrv.dll
    13:30:50.0461 1976 TermService - ok
    13:30:50.0493 1976 Themes (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
    13:30:50.0493 1976 Themes - ok
    13:30:50.0524 1976 TlntSvr (fe7ff05a90c1a24855b1cdc066b959e0) C:\WINDOWS\system32\tlntsvr.exe
    13:30:50.0524 1976 TlntSvr - ok
    13:30:50.0539 1976 TosIde - ok
    13:30:50.0586 1976 TrkSvr (2ee42aced5fd4e1988116edeced90e93) C:\WINDOWS\system32\trksvr.dll
    13:30:50.0633 1976 TrkSvr - ok
    13:30:50.0696 1976 TrkWks (671fc35e995ffdbced00202771c6d169) C:\WINDOWS\system32\trkwks.dll
    13:30:50.0711 1976 TrkWks - ok
    13:30:50.0758 1976 Tssdis (43992245309838eacd05506b474985e5) C:\WINDOWS\System32\tssdis.exe
    13:30:50.0758 1976 Tssdis - ok
    13:30:50.0821 1976 Udfs (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys
    13:30:50.0821 1976 Udfs - ok
    13:30:50.0836 1976 ultra - ok
    13:30:50.0883 1976 UMWdf (997fe835c85d0fb0501df6664d6fd072) C:\WINDOWS\system32\wdfmgr.exe
    13:30:50.0883 1976 UMWdf - ok
    13:30:50.0930 1976 Update (b0e133858e63940755b496761834f334) C:\WINDOWS\system32\DRIVERS\update.sys
    13:30:50.0930 1976 Update - ok
    13:30:50.0961 1976 UPS (92c3a632e963a8224fe62aa37c9508f6) C:\WINDOWS\System32\ups.exe
    13:30:50.0961 1976 UPS - ok
    13:30:51.0008 1976 usbccgp (185959a7fccfd38aa71a274ae6252b88) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:30:51.0008 1976 usbccgp - ok
    13:30:51.0039 1976 usbehci (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:30:51.0039 1976 usbehci - ok
    13:30:51.0133 1976 usbhub (17859937740bc0d422fe71a588d6ddf7) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:30:51.0149 1976 usbhub - ok
    13:30:51.0180 1976 usbprint (0e08d118964cb2727c84ad7441cfa7a2) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:30:51.0180 1976 usbprint - ok
    13:30:51.0211 1976 USBSTOR (d0740ff9f7e819486e88096826b4dc37) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:30:51.0211 1976 USBSTOR - ok
    13:30:51.0274 1976 usbuhci (cbd3053337bb475f442a892edf671312) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:30:51.0274 1976 usbuhci - ok
    13:30:51.0305 1976 vds (5ce9331dc4c9e3b1fa4aaef1b212701f) C:\WINDOWS\System32\vds.exe
    13:30:51.0321 1976 vds - ok
    13:30:51.0352 1976 vga (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
    13:30:51.0352 1976 vga - ok
    13:30:51.0368 1976 VgaSave (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys
    13:30:51.0368 1976 VgaSave - ok
    13:30:51.0399 1976 ViaIde - ok
    13:30:51.0430 1976 vmwvusb (6ba3ed102ab24310a0259c8f9e29d5b8) C:\WINDOWS\system32\Drivers\vmwvusb.sys
    13:30:51.0430 1976 vmwvusb - ok
    13:30:51.0461 1976 VolSnap (45ae67c387a640ec6e228f30d421f088) C:\WINDOWS\system32\DRIVERS\volsnap.sys
    13:30:51.0461 1976 VolSnap - ok
    13:30:51.0555 1976 VSS (74a6820792e5bca5ee4d0cc4595c6916) C:\WINDOWS\System32\vssvc.exe
    13:30:51.0571 1976 VSS - ok
    13:30:51.0743 1976 W32Time (42cdae64da5beabb51c0c0f613658545) C:\WINDOWS\system32\w32time.dll
    13:30:51.0743 1976 W32Time - ok
    13:30:51.0805 1976 W3SVC (db0e023ee673896ad1780acad3bab393) C:\WINDOWS\system32\inetsrv\iisw3adm.dll
    13:30:51.0821 1976 W3SVC - ok
    13:30:51.0852 1976 Wanarp (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:30:51.0852 1976 Wanarp - ok
    13:30:51.0914 1976 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    13:30:51.0946 1976 Wdf01000 - ok
    13:30:51.0961 1976 WDICA - ok
    13:30:52.0008 1976 WebClient (6f66e66ab1c25c0bd363f2252db04360) C:\WINDOWS\System32\webclnt.dll
    13:30:52.0008 1976 WebClient - ok
    13:30:52.0055 1976 WinHttpAutoProxySvc - ok
    13:30:52.0133 1976 winmgmt (f8d5b9c1a26c933b9ea7740bab35bcf5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:30:52.0133 1976 winmgmt - ok
    13:30:52.0211 1976 WinRM (ce2d930b9b80f16ea0bf7c177b5f4f2d) C:\WINDOWS\system32\WsmSvc.dll
    13:30:52.0243 1976 WinRM - ok
    13:30:52.0305 1976 WINS (d8bfec6ef6a5a02f637deb6e3e36f11e) C:\WINDOWS\System32\wins.exe
    13:30:52.0305 1976 WINS - ok
    13:30:52.0399 1976 WLBS (d346e2f289f23e557ddfb9132d1dab35) C:\WINDOWS\system32\DRIVERS\wlbs.sys
    13:30:52.0399 1976 WLBS - ok
    13:30:52.0430 1976 WmdmPmSN (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\system32\mspmsnsv.dll
    13:30:52.0430 1976 WmdmPmSN - ok
    13:30:52.0508 1976 Wmi (2085b957fb56927a8f3768de740612c4) C:\WINDOWS\System32\advapi32.dll
    13:30:52.0524 1976 Wmi - ok
    13:30:52.0649 1976 WmiApSrv (796d30c693f7b8a717499a9abeb3af39) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:30:52.0664 1976 WmiApSrv - ok
    13:30:52.0696 1976 WpdUsb (1afced07ab83bbc2ac138a66b4f0c5df) C:\WINDOWS\system32\Drivers\wpdusb.sys
    13:30:52.0696 1976 WpdUsb - ok
    13:30:52.0883 1976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    13:30:52.0930 1976 WPFFontCache_v0400 - ok
    13:30:53.0055 1976 wsnm (3cf81f104137457a7f32c274709635be) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    13:30:53.0071 1976 wsnm - ok
    13:30:53.0164 1976 wsnm_usbctrl (930762671268b7754ffadccbf1d1bb95) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
    13:30:53.0180 1976 wsnm_usbctrl - ok
    13:30:53.0274 1976 wuauserv (996cec79b1662044e8462e130a65739e) C:\WINDOWS\system32\wuauserv.dll
    13:30:53.0305 1976 wuauserv - ok
    13:30:53.0352 1976 WZCSVC (e21b2d0a0d4ab1d2441fe9fcc961c392) C:\WINDOWS\System32\wzcsvc.dll
    13:30:53.0368 1976 WZCSVC - ok
    13:30:53.0399 1976 xmlprov (c5b83f9a09a3ebfe8a931472f6da4e38) C:\WINDOWS\System32\xmlprov.dll
    13:30:53.0414 1976 xmlprov - ok
    13:30:53.0446 1976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    13:30:53.0961 1976 \Device\Harddisk0\DR0 - ok
    13:30:53.0977 1976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
    13:30:56.0946 1976 \Device\Harddisk1\DR3 - ok
    13:30:56.0977 1976 Boot (0x1200) (7a7e32a54d0d480732dc8957125c66be) \Device\Harddisk0\DR0\Partition0
    13:30:56.0977 1976 \Device\Harddisk0\DR0\Partition0 - ok
    13:30:57.0008 1976 Boot (0x1200) (ed25009284b5087b4aff0a73204796b5) \Device\Harddisk0\DR0\Partition1
    13:30:57.0008 1976 \Device\Harddisk0\DR0\Partition1 - ok
    13:30:57.0024 1976 Boot (0x1200) (5e776b6ee8176cfcee522be362365d58) \Device\Harddisk1\DR3\Partition0
    13:30:57.0024 1976 \Device\Harddisk1\DR3\Partition0 - ok
    13:30:57.0039 1976 ============================================================
    13:30:57.0039 1976 Scan finished
    13:30:57.0039 1976 ============================================================
    13:30:57.0086 3456 Detected object count: 0
    13:30:57.0086 3456 Actual detected object count: 0
     
  17. severedgein

    severedgein TS Rookie Topic Starter Posts: 54

    I'd forgotten about utorrent. It's not been used in a long time. It's uninstalled now.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay. That's as far as I'm willing to go with this system.

    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...