TechSpot

SMART recovery/HDD rogue

Solved
By DGARR1
Jun 21, 2012
  1. Happened today system reported a HDD failure then Low and Behold SMART Recovery was there to help....HaHa...I knew it was bad news after a few steps (below0 and came right too you guys...HELP!

    No programs listed Under 'All Programs'...I did unhide files so I can see they are still there and run the .exe(s)

    Booting to safe mode causes a restart to normal login
    Windows Repair hangs at loding files
    Windows Restore Hangs at Initializing



    Malwarebytes Anti-Malware log

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.21.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    dean.garrison :: GARRISON7 [administrator]
    Protection: Disabled
    6/21/2012 3:55:27 PM
    mbam-log-2012-06-21 (15-55-27).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250633
    Time elapsed: 5 minute(s), 3 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    GMER log

    NONE

    DDS DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by dean.garrison at 16:30:29 on 2012-06-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5522 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://zedworld.zeditsolutions.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX
    \AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [<NO NAME>]
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    mPolicies-system: DefaultLogonDomain = zedIT
    mPolicies-system: DisableStartupSound = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: garrison7
    Trusted Zone: zedit.com\zedworld
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=724
    TCP: DhcpNameServer = 192.168.113.22 209.218.76.2
    TCP: Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9}\65963796F6E63333 : DhcpNameServer = 192.168.113.22 209.218.76.2
    TCP: Interfaces\{CD2094C8-9C58-4E71-B30D-D56425AD36F7} : DhcpNameServer = 192.168.113.22 209.218.76.2
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop
    \IconPackager\iprepair.dll
    LSA: Authentication Packages = msv1_0 wvauth
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
    \ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [(Default)]
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop
    \IconPackager\iprepair.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS
    \stdcfltn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-
    17 210784]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting
    Services\ReportServer\bin\ReportingServicesService.exe [2010-4-3 2175328]
    R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS
    \CtClsFlt.sys [?]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows
    \system32\DRIVERS\e1c62x64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    [2012-6-1 138912]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS
    \HECIx64.sys [?]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server
    \MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS
    \NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows
    \system32\drivers\nvhda64v.sys [?]
    R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
    R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
    \v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS
    \lgandbus64.sys [?]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS
    \lganddiag64.sys [?]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS
    \lgandgps64.sys [?]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS
    \lgandmodem64.sys [?]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
    S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys
    [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    [2012-5-1 253088]
    S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-19 89600]
    S4 B1LicenseService;SAP Business One License Manager;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License
    \B1License.exe [2012-3-27 3887104]
    S4 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH
    Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
    S4 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host
    Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
    S4 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24
    2279320]
    S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows
    \system32\IProsetMonitor.exe [?]
    S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT
    \jhi_service.exe [2011-2-23 212944]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-21 654408]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe
    [2010-4-3 59744]
    S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-19
    1997416]
    S4 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-2-19 8192]
    S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010
    -11-25 1116656]
    S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    [2010-11-25 219632]
    S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
    S4 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;C:\Program Files (x86)\SAP\Remote support platform for
    SAP Business One\Service\BIN\AgentService.exe [2011-8-17 12800]
    S4 SAPB1iDIProxy;SAP Business One DI Proxy Service;C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy
    \SAPB1iDIProxy.exe [2012-5-24 249856]
    S4 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;C:\Program Files (x86)\SAP\SAP Business One Integration
    \DIProxy\SAPB1iDIProxy_Monitor.exe [2012-5-24 249856]
    S4 SAPB1iEventSender;SAP Business One EventSender Service;C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender
    \SAPB1iEventSender.exe [2012-5-24 249856]
    S4 SBOBackUp;SAP Business One BackUp Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-3
    -27 241664]
    S4 SBOClientAgent;SAP Business One Client Agent;C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe [2012
    -3-27 61440]
    S4 SBODI_Server;SAP Business One DI Server;C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
    [2012-3-27 733184]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
    S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    [2011-6-5 378472]
    S4 SvcNEWTScanner;NEWTScanner Service;C:\Windows\SysWOW64\NEWTScannerSvc.exe [2012-6-20 78576]
    S4 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    [2009-5-12 2440632]
    S4 TAO_NT_Naming_Service;TAO NT Naming Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License
    \NT_Naming_Service.exe [2012-3-27 1388544]
    S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]
    S4 Tomcat6;SAP Business One Integration Service;C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin
    \tomcat6.exe [2012-5-24 78336]
    S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management
    Engine Components\UNS\UNS.exe [2012-2-19 2656536]
    S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
    S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    [2011-8-29 846448]
    S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access
    \Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
    S4 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-1-19 62184]
    S4 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
    .
    =============== Created Last 30 ================
    .
    2012-06-21 22:53:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-
    422C-AF4A-5090183FE82F}\offreg.dll
    2012-06-21 21:22:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-21 20:26:25 -------- d-----w- C:\Users\dean.garrison\AppData\Roaming\Malwarebytes
    2012-06-21 20:26:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-21 20:26:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-21 20:08:16 -------- d-----w- C:\Program Files\HitmanPro
    2012-06-21 20:08:12 -------- d-----w- C:\ProgramData\HitmanPro
    2012-06-21 19:47:47 -------- d-sh--w- C:\found.000
    2012-06-21 18:20:25 253688 ---ha-w- C:\ProgramData\M8bNpuGd8Z7Nvx.exe
    2012-06-21 17:40:38 344824 ---ha-w- C:\ProgramData\kGACsYrmPjUu.exe
    2012-06-20 18:49:30 1784736 ---ha-w- C:\Windows\SysWow64\NEWT.dll
    2012-06-20 18:48:59 269728 ---ha-w- C:\Windows\SysWow64\NEWTScan.exe
    2012-06-20 18:48:55 82672 ---ha-w- C:\Windows\SysWow64\NEWTScannerCOM.exe
    2012-06-20 18:48:52 78576 ---ha-w- C:\Windows\SysWow64\NEWTScannerSvc.exe
    2012-06-19 15:05:00 9013136 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-
    422C-AF4A-5090183FE82F}\mpengine.dll
    2012-06-18 22:31:14 -------- d--h--w- C:\Program Files (x86)\Vision33 1D2V CRM Dashboard
    2012-06-14 06:12:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 06:12:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 06:12:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 06:11:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-14 06:11:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-14 06:11:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-14 06:11:54 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-14 06:11:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-08 17:45:57 -------- d--h--w- C:\Users\dean.garrison\AppData\Roaming\SAP
    2012-05-24 19:02:39 77824 ---ha-w- C:\Windows\SysWow64\LoadDotNetAssembly.dll
    2012-05-24 19:02:39 13312 ---ha-w- C:\Windows\SysWow64\LoadDotNetAssembly.netmodule
    2012-05-24 19:00:49 69632 ---ha-w- C:\Windows\SysWow64\B1iUtilitiesNative.dll
    2012-05-24 16:21:38 -------- d--h--w- C:\Windows\SysWow64\BestPractices
    2012-05-24 16:21:35 -------- d-----w- C:\Windows\System32\BestPractices
    2012-05-24 16:04:06 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\ElevatedDiagnostics
    2012-05-23 17:57:13 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\IsolatedStorage
    2012-05-23 16:37:59 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\assembly
    .
    ==================== Find3M ====================
    .
    2012-05-24 19:01:26 86016 ---ha-w- C:\Windows\SysWow64\B1iTranslatorNative.dll
    2012-05-24 19:01:25 61440 ----a-w- C:\Windows\System32\B1iUtilitiesNative64.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-01 16:04:45 70304 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-01 16:04:45 418464 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-18 23:30:15 89088 ----a-w- C:\Windows\System32\explorer.exe
    2012-04-16 21:37:28 60304 ---ha-w- C:\Users\dean.garrison\g2mdlhlpx.exe
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-28 20:28:03 834560 ----a-w- C:\Windows\System32\RpcTspUI.dll
    2012-03-28 20:28:03 81408 ----a-w- C:\Windows\System32\CPHelper.dll
    2012-03-28 20:28:03 718848 ----a-w- C:\Windows\System32\RpcTspX.tsp
    2012-03-28 20:28:03 36864 ----a-w- C:\Windows\System32\TMSRegLib.dll
    2012-03-28 20:28:03 261120 ----a-w- C:\Windows\System32\TAPIConverterX.dll
    2012-03-28 20:28:03 195072 ----a-w- C:\Windows\System32\Reglib.dll
    2012-03-28 20:28:03 144896 ----a-w- C:\Windows\System32\loglib.dll
    2012-03-28 20:28:03 115200 ----a-w- C:\Windows\System32\STLogin.dll
    2012-03-28 20:28:03 105984 ----a-w- C:\Windows\System32\STCLogin.exe
    2012-03-28 19:03:13 172080 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-03-28 03:30:24 91648 ----a-w- C:\Windows\System32\LoadDotNetAssembly.dll
    2012-03-28 03:30:24 13312 ----a-w- C:\Windows\System32\LoadDotNetAssembly.netmodule
    2012-03-28 03:10:20 101888 ---ha-r- C:\Windows\SysWow64\VB6STKIT.DLL
    .
    ============= FINISH: 16:30:49.27 ===============

    DDS Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/27/2012 2:05:37 PM
    System Uptime: 6/21/2012 3:49:40 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 032T9K
    Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz | CPU 1 | 2401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 226.722 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 1863 GiB total, 1769.156 GiB free.
    M: is NetworkDisk (NTFS) - 49 GiB total, 29.015 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP86: 6/12/2012 9:01:44 AM - Windows Update
    RP87: 6/14/2012 3:00:25 AM - Windows Update
    RP88: 6/19/2012 8:04:28 AM - Windows Update
    RP89: 6/21/2012 11:39:55 AM - Windows Defender Checkpoint
    RP90: 6/21/2012 12:12:40 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 3 (SP3)
    AccelerometerP11
    Adobe Reader X (10.1.3)
    Android SDK Tools
    ASAP Utilities
    Belarc Advisor 8.2
    Crystal Report 2008 Runtime SP3
    Crystal Reports Basic 2008 for SAP Business One
    CyberLink PowerDVD 9.5
    Dell Client System Update
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Dell Webcam Central
    DirectX 9 Runtime
    DXB1
    FileZilla Client 3.5.3
    GoToMeeting 5.1.0.880
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IconPackager
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 7 Update 1
    Jing
    LG United Mobile Driver
    LiveUpdate 3.3 (Symantec Corporation)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft_VC90_CRT_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Stereoscopic 3D Driver
    O2Micro Flash Memory Card Windows Driver
    PDFCreator
    PhotoShowExpress
    Rainmeter
    Remote Support Platform for SAP Business One
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    SAP Business One - Microsoft Outlook Integration Server Installer
    SAP Business One 8.8 SP1 - Copy Express
    SAP Business One 8.8 SP2 - DATEV-FI Interface
    SAP Business One Client
    SAP Business One Client Agent
    SAP Business One Crystal Report Integration Package
    SAP Business One Data Transfer Workbench
    SAP Business One DI API
    SAP Business One integration DIProxy
    SAP Business One integration EventSender
    SAP Business One integration Server
    SAP Business One Screen Painter
    SAP Business One Server
    SAP Business One Server Tools
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    ShoreTel Communicator
    Skype™ 5.9
    Sonic CinePlayer Decoder Pack
    TeamViewer 7
    tools-windows
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vision33 1D2V CRM Dashboard + 1.8.8.4
    Vision33 1D2V Finance Charges + 1.8.8.2
    Visual Studio Tools for the Office system 3.0 Runtime
    VMware Player
    Xobni
    Xobni Core
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/21/2012 3:35:05 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the
    following error: The media is write protected.
    6/21/2012 3:34:26 PM, Error: NetBT [4321] - The name "ZEDIT :1d" could not be registered on the interface
    with IP address 192.168.113.143. The computer with the IP address 192.168.113.9 did not allow the name to be claimed
    by this computer.
    6/21/2012 3:31:26 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM
    Base Services service which failed to start because of the following error: The operation completed successfully.
    6/21/2012 3:29:08 PM, Error: Service Control Manager [7023] -
    6/21/2012 3:29:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)
    failed to load: AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt
    Wanarpv6 WfpLwf ws2ifsl
    6/21/2012 3:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store
    Interface Service service which failed to start because of the following error: The dependency service or group
    failed to start.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service
    depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A
    device attached to the system is not functioning.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB
    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency
    service or group failed to start.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB
    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency
    service or group failed to start.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the
    Network Store Interface Service service which failed to start because of the following error: The dependency service
    or group failed to start.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service
    which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store
    Interface Service service which failed to start because of the following error: The dependency service or group
    failed to start.
    6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the
    Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached
    to the system is not functioning.
    6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on
    the NSI proxy service driver. service which failed to start because of the following error: A device attached to the
    system is not functioning.
    6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The Intel(R) PROSet/Wireless ZeroConfig Service service
    depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service
    or group failed to start.
    6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI
    Support Driver service which failed to start because of the following error: A device attached to the system is not
    functioning.
    6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary
    Function Driver for Winsock service which failed to start because of the following error: A device attached to the
    system is not functioning.
    6/21/2012 3:17:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/21/2012 3:15:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server
    service which failed to start because of the following error: The dependency service or group failed to start.
    6/21/2012 3:06:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/21/2012 3:06:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/21/2012 3:06:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/21/2012 3:06:40 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to
    start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    6/21/2012 3:06:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/21/2012 3:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/21/2012 3:06:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)
    failed to load: discache eeCtrl spldr SRTSP SRTSPX Wanarpv6
    6/21/2012 3:06:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
    service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
    6/21/2012 2:44:05 PM, Error: Service Control Manager [7041] - The nvUpdatusService service was unable to log on as .
    \UpdatusUser with the currently configured password due to the following error: Logon failure: the user has not been
    granted the requested logon type at this computer. Service: nvUpdatusService Domain and account: .\UpdatusUser
    This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a
    service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this
    computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in
    the cluster. If you have already assigned this user right to the service account, and the user right appears to be
    removed, check with your domain administrator to find out if a Group Policy object associated with this node might be
    removing the right.
    6/21/2012 2:44:05 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to
    start due to the following error: The service did not start due to a logon failure.
    6/21/2012 2:44:04 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector
    service which failed to start because of the following error: The system cannot find the file specified.
    6/21/2012 2:44:04 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the
    following error: The system cannot find the file specified.
    6/21/2012 2:12:11 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows
    could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on
    the current domain controller. b) Active Directory Replication Latency (an account created on another domain
    controller has not replicated to the current domain controller).
    6/21/2012 2:11:44 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows
    could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure
    on the current domain controller. b) Active Directory Replication Latency (an account created on another domain
    controller has not replicated to the current domain controller).
    6/21/2012 2:11:36 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event
    Log service which failed to start because of the following error: The service cannot be started, either because it is
    disabled or because it has no enabled devices associated with it.
    6/20/2012 2:07:42 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
    terminated unexpectedly. It has done this 1 time(s).
    6/19/2012 9:24:05 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of
    lack of network connectivity to a domain controller. This may be a transient condition. A success message would be
    generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you
    do not see a success message for several hours, then contact your administrator.
    6/19/2012 7:56:37 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server
    cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured:
    The specified domain either does not exist or could not be contacted. .
    6/19/2012 7:50:55 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain
    controller in domain ZEDIT due to the following: There are currently no logon servers available to service the logon
    request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the
    problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    6/15/2012 9:19:08 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
    terminated unexpectedly. It has done this 2 time(s).
    6/15/2012 11:19:29 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
    terminated unexpectedly. It has done this 3 time(s).
    6/14/2012 3:28:41 AM, Error: Service Control Manager [7031] - The SAP Business One Integration Service service
    terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0
    milliseconds: Restart the service.
    6/14/2012 12:40:00 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows
    could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your
    Domain Name System (DNS) is configured and working correctly.
    6/14/2012 10:53:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while
    waiting for the SAP Business One DI Server service to connect.
    6/14/2012 10:53:32 PM, Error: Service Control Manager [7000] - The SAP Business One DI Server service failed to start
    due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================

    First of all you've been to this forum before so you should know very well that running any computer without an active AV program is a big NO-NO.
    Secondly it's a very first step in our preliminaries to install some AV program if you don't have one.
    You didn't comply because?

    Is it same computer as here: http://www.techspot.com/community/topics/ie-browser-links-result-in-random-redirects.179501/ ?
  3. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    I have to appologize...1st it is not the same computer, second I did a clean boot, (using msconfig) to only start windows services so my AV was not on (Norton 360)....also thinking about it it might have skewed the results I posted.....:-(

    //Dean
  4. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Reboot computer normally (not clean boot).

    Disable "word wrap" in Notepad as some logs are harder to read.

    ============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =======================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    sorry not Norton 360 Symantec Endpoint and it is going crazy now.....Here are the logs

    //DEAN

    BootKit Remover:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`d5800000
    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!
    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;
    Press any key to quit...


    aswMBR Log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-21 21:47:48
    -----------------------------
    21:47:48.868 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:47:48.868 Number of processors: 8 586 0x2A07
    21:47:48.870 ComputerName: GARRISON7 UserName:
    21:48:01.645 Initialize success
    21:48:07.358 AVAST engine defs: 12062101
    21:48:30.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:48:30.226 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 8
    21:48:30.245 Disk 0 MBR read successfully
    21:48:30.251 Disk 0 MBR scan
    21:48:30.263 Disk 0 Windows 7 default MBR code
    21:48:30.270 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    21:48:30.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11568 MB offset 81920
    21:48:30.309 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465322 MB offset 23773184
    21:48:30.350 Disk 0 scanning C:\Windows\system32\drivers
    21:48:44.164 Service scanning
    21:49:18.606 Modules scanning
    21:49:18.623 Disk 0 trace - called modules:
    21:49:18.651 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    21:49:18.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009607790]
    21:49:18.676 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800951ecb0]
    21:49:18.686 5 stdcfltn.sys[fffff88001b40d12] -> nt!IofCallDriver -> [0xfffffa80077a04c0]
    21:49:18.692 7 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077a5050]
    21:49:32.654 AVAST engine scan C:\Windows
    21:49:45.452 AVAST engine scan C:\Windows\system32
    21:55:09.453 AVAST engine scan C:\Windows\system32\drivers
    21:55:25.705 AVAST engine scan C:\Users\dean.garrison
    22:05:52.121 AVAST engine scan C:\ProgramData
    22:06:36.018 Scan finished successfully
    22:08:42.719 Disk 0 MBR has been saved successfully to "C:\Users\dean.garrison\Desktop\Virus Fix\MBR.dat"
    22:08:42.723 The log file has been saved successfully to "C:\Users\dean.garrison\Desktop\Virus Fix\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    16:12:12.0332 9112 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

    16:12:12.0884 9112 ============================================================

    16:12:12.0884 9112 Current date / time: 2012/06/22 16:12:12.0884

    16:12:12.0884 9112 SystemInfo:

    16:12:12.0884 9112

    16:12:12.0884 9112 OS Version: 6.1.7601 ServicePack: 1.0

    16:12:12.0884 9112 Product type: Workstation

    16:12:12.0884 9112 ComputerName: GARRISON7

    16:12:12.0885 9112 UserName: dean.garrison

    16:12:12.0885 9112 Windows directory: C:\Windows

    16:12:12.0885 9112 System windows directory: C:\Windows

    16:12:12.0885 9112 Running under WOW64

    16:12:12.0885 9112 Processor architecture: Intel x64

    16:12:12.0885 9112 Number of processors: 8

    16:12:12.0885 9112 Page size: 0x1000

    16:12:12.0885 9112 Boot type: Normal boot

    16:12:12.0885 9112 ============================================================

    16:12:13.0525 9112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:12:13.0548 9112 ============================================================

    16:12:13.0548 9112 \Device\Harddisk0\DR0:

    16:12:13.0548 9112 MBR partitions:

    16:12:13.0548 9112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1698000

    16:12:13.0548 9112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16AC000, BlocksNum 0x38CD5030

    16:12:13.0548 9112 ============================================================

    16:12:13.0572 9112 C: <-> \Device\Harddisk0\DR0\Partition1

    16:12:13.0572 9112 ============================================================

    16:12:13.0572 9112 Initialize success

    16:12:13.0572 9112 ============================================================

    16:12:15.0781 6028 ============================================================

    16:12:15.0781 6028 Scan started

    16:12:15.0781 6028 Mode: Manual;

    16:12:15.0781 6028 ============================================================

    16:12:16.0118 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

    16:12:16.0140 6028 1394ohci - ok

    16:12:16.0168 6028 Acceler (1575a815c27789061f34b4f55ae0b5c3) C:\Windows\system32\DRIVERS\accelern.sys

    16:12:16.0169 6028 Acceler - ok

    16:12:16.0202 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

    16:12:16.0210 6028 ACPI - ok

    16:12:16.0223 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

    16:12:16.0232 6028 AcpiPmi - ok

    16:12:16.0340 6028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    16:12:16.0341 6028 AdobeARMservice - ok

    16:12:16.0478 6028 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    16:12:16.0485 6028 AdobeFlashPlayerUpdateSvc - ok

    16:12:16.0529 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

    16:12:16.0574 6028 adp94xx - ok

    16:12:16.0631 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

    16:12:16.0660 6028 adpahci - ok

    16:12:16.0694 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

    16:12:16.0711 6028 adpu320 - ok

    16:12:16.0734 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

    16:12:16.0736 6028 AeLookupSvc - ok

    16:12:16.0795 6028 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

    16:12:16.0797 6028 AESTFilters - ok

    16:12:16.0860 6028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

    16:12:16.0883 6028 AFD - ok

    16:12:16.0919 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

    16:12:16.0938 6028 agp440 - ok

    16:12:16.0958 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

    16:12:16.0960 6028 ALG - ok

    16:12:16.0975 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

    16:12:16.0987 6028 aliide - ok

    16:12:16.0997 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

    16:12:17.0018 6028 amdide - ok

    16:12:17.0044 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

    16:12:17.0060 6028 AmdK8 - ok

    16:12:17.0073 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

    16:12:17.0079 6028 AmdPPM - ok

    16:12:17.0097 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

    16:12:17.0117 6028 amdsata - ok

    16:12:17.0150 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

    16:12:17.0181 6028 amdsbs - ok

    16:12:17.0200 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

    16:12:17.0200 6028 amdxata - ok

    16:12:17.0295 6028 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\Windows\system32\DRIVERS\lgandbus64.sys

    16:12:17.0311 6028 Andbus - ok

    16:12:17.0355 6028 AndDiag (6487376cbbf73c7f72ba4f48162c7501) C:\Windows\system32\DRIVERS\lganddiag64.sys

    16:12:17.0374 6028 AndDiag - ok

    16:12:17.0391 6028 AndGps (31c0b1139f5c893084c15b2436c9acd5) C:\Windows\system32\DRIVERS\lgandgps64.sys

    16:12:17.0408 6028 AndGps - ok

    16:12:17.0424 6028 ANDModem (3927a2b72fcbcd05b38ae3a6f69203eb) C:\Windows\system32\DRIVERS\lgandmodem64.sys

    16:12:17.0441 6028 ANDModem - ok

    16:12:17.0465 6028 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys

    16:12:17.0471 6028 androidusb - ok

    16:12:17.0526 6028 ApfiltrService (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys

    16:12:17.0532 6028 ApfiltrService - ok

    16:12:17.0628 6028 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

    16:12:17.0632 6028 AppHostSvc - ok

    16:12:17.0676 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

    16:12:17.0694 6028 AppID - ok

    16:12:17.0734 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

    16:12:17.0737 6028 AppIDSvc - ok

    16:12:17.0775 6028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

    16:12:17.0779 6028 Appinfo - ok

    16:12:17.0822 6028 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

    16:12:17.0829 6028 AppMgmt - ok

    16:12:17.0859 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

    16:12:17.0879 6028 arc - ok

    16:12:17.0898 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

    16:12:17.0913 6028 arcsas - ok

    16:12:18.0010 6028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    16:12:18.0058 6028 aspnet_state - ok

    16:12:18.0079 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

    16:12:18.0084 6028 AsyncMac - ok

    16:12:18.0111 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

    16:12:18.0117 6028 atapi - ok

    16:12:18.0185 6028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    16:12:18.0205 6028 AudioEndpointBuilder - ok

    16:12:18.0217 6028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    16:12:18.0225 6028 AudioSrv - ok

    16:12:18.0283 6028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

    16:12:18.0287 6028 AxInstSV - ok

    16:12:18.0345 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

    16:12:18.0389 6028 b06bdrv - ok

    16:12:18.0633 6028 B1LicenseService (32d4d66d38bca36ad30371ea78dd39ea) C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe

    16:12:18.0761 6028 B1LicenseService - ok

    16:12:18.0864 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

    16:12:18.0907 6028 b57nd60a - ok

    16:12:18.0951 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

    16:12:18.0955 6028 BDESVC - ok

    16:12:18.0973 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

    16:12:18.0976 6028 Beep - ok

    16:12:19.0057 6028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

    16:12:19.0082 6028 BFE - ok

    16:12:19.0160 6028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

    16:12:19.0184 6028 BITS - ok

    16:12:19.0236 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

    16:12:19.0248 6028 blbdrive - ok

    16:12:19.0294 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

    16:12:19.0298 6028 bowser - ok

    16:12:19.0315 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

    16:12:19.0329 6028 BrFiltLo - ok

    16:12:19.0334 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

    16:12:19.0345 6028 BrFiltUp - ok

    16:12:19.0377 6028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

    16:12:19.0382 6028 Browser - ok

    16:12:19.0414 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

    16:12:19.0441 6028 Brserid - ok

    16:12:19.0451 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

    16:12:19.0468 6028 BrSerWdm - ok

    16:12:19.0473 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

    16:12:19.0478 6028 BrUsbMdm - ok

    16:12:19.0483 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

    16:12:19.0488 6028 BrUsbSer - ok

    16:12:19.0499 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

    16:12:19.0505 6028 BTHMODEM - ok

    16:12:19.0537 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

    16:12:19.0541 6028 bthserv - ok

    16:12:19.0655 6028 ccEvtMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

    16:12:19.0657 6028 ccEvtMgr - ok

    16:12:19.0674 6028 ccSetMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

    16:12:19.0676 6028 ccSetMgr - ok

    16:12:19.0711 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

    16:12:19.0717 6028 cdfs - ok

    16:12:19.0740 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

    16:12:19.0747 6028 cdrom - ok

    16:12:19.0782 6028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    16:12:19.0786 6028 CertPropSvc - ok

    16:12:19.0799 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

    16:12:19.0815 6028 circlass - ok

    16:12:19.0856 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

    16:12:19.0865 6028 CLFS - ok

    16:12:19.0937 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    16:12:19.0985 6028 clr_optimization_v2.0.50727_32 - ok

    16:12:20.0041 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    16:12:20.0061 6028 clr_optimization_v2.0.50727_64 - ok

    16:12:20.0113 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    16:12:20.0118 6028 clr_optimization_v4.0.30319_32 - ok

    16:12:20.0151 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    16:12:20.0156 6028 clr_optimization_v4.0.30319_64 - ok

    16:12:20.0193 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

    16:12:20.0195 6028 CmBatt - ok

    16:12:20.0211 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

    16:12:20.0228 6028 cmdide - ok

    16:12:20.0280 6028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

    16:12:20.0301 6028 CNG - ok

    16:12:20.0324 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

    16:12:20.0325 6028 Compbatt - ok

    16:12:20.0353 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

    16:12:20.0356 6028 CompositeBus - ok

    16:12:20.0371 6028 COMSysApp - ok

    16:12:20.0393 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

    16:12:20.0411 6028 crcdisk - ok

    16:12:20.0502 6028 Credential Vault Host Control Service (d8e4f20bd26d8dca4cb67a796d7eec84) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

    16:12:20.0533 6028 Credential Vault Host Control Service - ok

    16:12:20.0548 6028 Credential Vault Host Storage (ec31c9a4d1059e599dd1dbb50b84f278) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

    16:12:20.0551 6028 Credential Vault Host Storage - ok

    16:12:20.0578 6028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

    16:12:20.0584 6028 CryptSvc - ok

    16:12:20.0640 6028 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

    16:12:20.0660 6028 CSC - ok

    16:12:20.0705 6028 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

    16:12:20.0732 6028 CscService - ok

    16:12:20.0763 6028 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys

    16:12:20.0769 6028 CtClsFlt - ok

    16:12:20.0795 6028 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

    16:12:20.0796 6028 CVirtA - ok

    16:12:20.0960 6028 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

    16:12:20.0994 6028 CVPND - ok

    16:12:21.0082 6028 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

    16:12:21.0087 6028 CVPNDRVA - ok

    16:12:21.0160 6028 cvusbdrv (afd403048b1753eb4225ca476f663350) C:\Windows\system32\Drivers\cvusbdrv.sys

    16:12:21.0161 6028 cvusbdrv - ok

    16:12:21.0212 6028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    16:12:21.0235 6028 DcomLaunch - ok

    16:12:21.0287 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

    16:12:21.0296 6028 defragsvc - ok

    16:12:21.0448 6028 DFEPService (b85201f1aae97cd58fde0db18120f924) c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

    16:12:21.0513 6028 DFEPService - ok

    16:12:21.0654 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

    16:12:21.0657 6028 DfsC - ok

    16:12:21.0700 6028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

    16:12:21.0716 6028 Dhcp - ok

    16:12:21.0737 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

    16:12:21.0739 6028 discache - ok

    16:12:21.0775 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

    16:12:21.0779 6028 Disk - ok

    16:12:21.0806 6028 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

    16:12:21.0824 6028 dmvsc - ok

    16:12:21.0852 6028 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

    16:12:21.0855 6028 DNE - ok

    16:12:21.0888 6028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

    16:12:21.0895 6028 Dnscache - ok

    16:12:21.0934 6028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

    16:12:21.0942 6028 dot3svc - ok

    16:12:21.0964 6028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

    16:12:21.0971 6028 DPS - ok

    16:12:21.0993 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

    16:12:22.0007 6028 drmkaud - ok

    16:12:22.0082 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

    16:12:22.0086 6028 DXGKrnl - ok

    16:12:22.0125 6028 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys

    16:12:22.0127 6028 e1cexpress - ok

    16:12:22.0143 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

    16:12:22.0145 6028 EapHost - ok

    16:12:22.0291 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

    16:12:22.0432 6028 ebdrv - ok

    16:12:22.0544 6028 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

    16:12:22.0551 6028 eeCtrl - ok

    16:12:22.0620 6028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

    16:12:22.0623 6028 EFS - ok

    16:12:22.0695 6028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

    16:12:22.0719 6028 ehRecvr - ok

    16:12:22.0750 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

    16:12:22.0754 6028 ehSched - ok

    16:12:22.0824 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

    16:12:22.0882 6028 elxstor - ok

    16:12:23.0015 6028 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    16:12:23.0018 6028 EraserUtilRebootDrv - ok

    16:12:23.0024 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

    16:12:23.0039 6028 ErrDev - ok

    16:12:23.0082 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

    16:12:23.0097 6028 EventSystem - ok

    16:12:23.0242 6028 EvtEng (5c08b9a2baaec1f33c2d50fd166deebb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    16:12:23.0296 6028 EvtEng - ok

    16:12:23.0450 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

    16:12:23.0474 6028 exfat - ok

    16:12:23.0496 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

    16:12:23.0503 6028 fastfat - ok

    16:12:23.0568 6028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

    16:12:23.0592 6028 Fax - ok

    16:12:23.0602 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

    16:12:23.0618 6028 fdc - ok

    16:12:23.0637 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

    16:12:23.0640 6028 fdPHost - ok

    16:12:23.0650 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

    16:12:23.0651 6028 FDResPub - ok

    16:12:23.0663 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

    16:12:23.0666 6028 FileInfo - ok

    16:12:23.0676 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

    16:12:23.0679 6028 Filetrace - ok

    16:12:23.0686 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

    16:12:23.0702 6028 flpydisk - ok

    16:12:23.0720 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

    16:12:23.0724 6028 FltMgr - ok

    16:12:23.0787 6028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

    16:12:23.0817 6028 FontCache - ok

    16:12:23.0877 6028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    16:12:23.0898 6028 FontCache3.0.0.0 - ok

    16:12:23.0943 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

    16:12:23.0947 6028 FsDepends - ok

    16:12:23.0979 6028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

    16:12:23.0981 6028 Fs_Rec - ok

    16:12:24.0016 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

    16:12:24.0023 6028 fvevol - ok

    16:12:24.0043 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

    16:12:24.0062 6028 gagp30kx - ok

    16:12:24.0124 6028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

    16:12:24.0143 6028 gpsvc - ok

    16:12:24.0206 6028 HBtnKey (0e485f2c759f155170da9f35354034e9) C:\Windows\system32\drivers\HBtnKey.sys

    16:12:24.0223 6028 HBtnKey - ok

    16:12:24.0258 6028 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

    16:12:24.0259 6028 hcmon - ok

    16:12:24.0276 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

    16:12:24.0282 6028 hcw85cir - ok

    16:12:24.0307 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

    16:12:24.0311 6028 HDAudBus - ok

    16:12:24.0319 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

    16:12:24.0333 6028 HidBatt - ok

    16:12:24.0348 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

    16:12:24.0355 6028 HidBth - ok

    16:12:24.0359 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

    16:12:24.0370 6028 HidIr - ok

    16:12:24.0392 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

    16:12:24.0396 6028 hidserv - ok

    16:12:24.0424 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

    16:12:24.0439 6028 HidUsb - ok

    16:12:24.0477 6028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

    16:12:24.0482 6028 hkmsvc - ok

    16:12:24.0504 6028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

    16:12:24.0513 6028 HomeGroupListener - ok

    16:12:24.0544 6028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

    16:12:24.0551 6028 HomeGroupProvider - ok

    16:12:24.0575 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

    16:12:24.0592 6028 HpSAMD - ok

    16:12:24.0629 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

    16:12:24.0651 6028 HTTP - ok

    16:12:24.0668 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

    16:12:24.0669 6028 hwpolicy - ok

    16:12:24.0698 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

    16:12:24.0703 6028 i8042prt - ok

    16:12:24.0752 6028 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

    16:12:24.0759 6028 iaStor - ok

    16:12:24.0786 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

    16:12:24.0800 6028 iaStorV - ok

    16:12:24.0891 6028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    16:12:24.0952 6028 idsvc - ok

    16:12:25.0533 6028 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys

    16:12:25.0718 6028 igfx - ok

    16:12:25.0825 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

    16:12:25.0839 6028 iirsp - ok

    16:12:25.0897 6028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

    16:12:25.0929 6028 IKEEXT - ok

    16:12:25.0975 6028 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

    16:12:25.0989 6028 Impcd - ok

    16:12:26.0054 6028 Intel(R) PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe

    16:12:26.0062 6028 Intel(R) PROSet Monitoring Service - ok

    16:12:26.0098 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

    16:12:26.0115 6028 intelide - ok

    16:12:26.0139 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

    16:12:26.0141 6028 intelppm - ok

    16:12:26.0172 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

    16:12:26.0174 6028 IPBusEnum - ok

    16:12:26.0189 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    16:12:26.0196 6028 IpFilterDriver - ok

    16:12:26.0216 6028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

    16:12:26.0222 6028 iphlpsvc - ok

    16:12:26.0231 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

    16:12:26.0237 6028 IPMIDRV - ok

    16:12:26.0256 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

    16:12:26.0275 6028 IPNAT - ok

    16:12:26.0289 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

    16:12:26.0291 6028 IRENUM - ok

    16:12:26.0299 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

    16:12:26.0305 6028 isapnp - ok

    16:12:26.0320 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

    16:12:26.0331 6028 iScsiPrt - ok

    16:12:26.0403 6028 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

    16:12:26.0410 6028 jhi_service - ok

    16:12:26.0438 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

    16:12:26.0439 6028 kbdclass - ok

    16:12:26.0462 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

    16:12:26.0484 6028 kbdhid - ok

    16:12:26.0515 6028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    16:12:26.0516 6028 KeyIso - ok

    16:12:26.0530 6028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

    16:12:26.0534 6028 KSecDD - ok

    16:12:26.0551 6028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

    16:12:26.0556 6028 KSecPkg - ok

    16:12:26.0571 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

    16:12:26.0574 6028 ksthunk - ok

    16:12:26.0612 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

    16:12:26.0665 6028 KtmRm - ok

    16:12:26.0718 6028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

    16:12:26.0728 6028 LanmanServer - ok

    16:12:26.0758 6028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

    16:12:26.0765 6028 LanmanWorkstation - ok

    16:12:26.0947 6028 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

    16:12:27.0100 6028 LiveUpdate - ok

    16:12:27.0194 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

    16:12:27.0197 6028 lltdio - ok

    16:12:27.0234 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

    16:12:27.0278 6028 lltdsvc - ok

    16:12:27.0295 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

    16:12:27.0300 6028 lmhosts - ok

    16:12:27.0398 6028 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    16:12:27.0403 6028 LMS - ok

    16:12:27.0437 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

    16:12:27.0455 6028 LSI_FC - ok

    16:12:27.0465 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

    16:12:27.0472 6028 LSI_SAS - ok

    16:12:27.0478 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

    16:12:27.0484 6028 LSI_SAS2 - ok

    16:12:27.0499 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

    16:12:27.0516 6028 LSI_SCSI - ok

    16:12:27.0548 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

    16:12:27.0553 6028 luafv - ok

    16:12:27.0564 6028 MBAMProtector - ok

    16:12:27.0627 6028 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    16:12:27.0654 6028 MBAMService - ok

    16:12:27.0722 6028 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

    16:12:27.0727 6028 mcdbus - ok

    16:12:27.0763 6028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

    16:12:27.0781 6028 Mcx2Svc - ok

    16:12:27.0802 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

    16:12:27.0808 6028 megasas - ok

    16:12:27.0829 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

    16:12:27.0861 6028 MegaSR - ok

    16:12:27.0882 6028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

    16:12:27.0884 6028 MEIx64 - ok

    16:12:27.0908 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    16:12:27.0913 6028 MMCSS - ok

    16:12:27.0929 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

    16:12:27.0946 6028 Modem - ok

    16:12:27.0977 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

    16:12:27.0978 6028 monitor - ok

    16:12:27.0997 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

    16:12:27.0999 6028 mouclass - ok

    16:12:28.0023 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

    16:12:28.0040 6028 mouhid - ok

    16:12:28.0063 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

    16:12:28.0065 6028 mountmgr - ok

    16:12:28.0082 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

    16:12:28.0106 6028 mpio - ok

    16:12:28.0123 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

    16:12:28.0125 6028 mpsdrv - ok

    16:12:28.0182 6028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

    16:12:28.0214 6028 MpsSvc - ok

    16:12:28.0237 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

    16:12:28.0259 6028 MRxDAV - ok

    16:12:28.0289 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

    16:12:28.0291 6028 mrxsmb - ok

    16:12:28.0314 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    16:12:28.0322 6028 mrxsmb10 - ok

    16:12:28.0343 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    16:12:28.0348 6028 mrxsmb20 - ok

    16:12:28.0374 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

    16:12:28.0387 6028 msahci - ok

    16:12:28.0412 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

    16:12:28.0434 6028 msdsm - ok

    16:12:28.0462 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

    16:12:28.0471 6028 MSDTC - ok

    16:12:28.0574 6028 MsDtsServer100 (f7a0ba64036ea2b3dfb569e4dc9986e7) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

    16:12:28.0581 6028 MsDtsServer100 - ok

    16:12:28.0594 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

    16:12:28.0596 6028 Msfs - ok

    16:12:28.0630 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

    16:12:28.0633 6028 mshidkmdf - ok

    16:12:28.0655 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

    16:12:28.0657 6028 msisadrv - ok

    16:12:28.0691 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

    16:12:28.0713 6028 MSiSCSI - ok

    16:12:28.0716 6028 msiserver - ok

    16:12:28.0732 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

    16:12:28.0738 6028 MSKSSRV - ok

    16:12:28.0751 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

    16:12:28.0766 6028 MSPCLOCK - ok

    16:12:28.0777 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

    16:12:28.0791 6028 MSPQM - ok

    16:12:28.0819 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

    16:12:28.0824 6028 MsRPC - ok

    16:12:28.0844 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

    16:12:28.0846 6028 mssmbios - ok

    16:12:28.0915 6028 MSSQLFDLauncher (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

    16:12:28.0916 6028 MSSQLFDLauncher - ok

    16:12:28.0929 6028 MSSQLSERVER - ok

    16:12:28.0993 6028 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

    16:12:29.0011 6028 MSSQLServerADHelper100 - ok

    16:12:29.0075 6028 MSSQLServerOLAPService - ok

    16:12:29.0111 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

    16:12:29.0126 6028 MSTEE - ok

    16:12:29.0138 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

    16:12:29.0154 6028 MTConfig - ok

    16:12:29.0167 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

    16:12:29.0167 6028 Mup - ok

    16:12:29.0212 6028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

    16:12:29.0233 6028 napagent - ok

    16:12:29.0266 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

    16:12:29.0283 6028 NativeWifiP - ok

    16:12:29.0392 6028 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120621.018\ENG64.SYS

    16:12:29.0411 6028 NAVENG - ok

    16:12:29.0515 6028 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120621.018\EX64.SYS

    16:12:29.0536 6028 NAVEX15 - ok

    16:12:29.0680 6028 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

    16:12:29.0710 6028 NDIS - ok

    16:12:29.0739 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

    16:12:29.0756 6028 NdisCap - ok

    16:12:29.0780 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

    16:12:29.0783 6028 NdisTapi - ok

    16:12:29.0796 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

    16:12:29.0800 6028 Ndisuio - ok

    16:12:29.0819 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

    16:12:29.0825 6028 NdisWan - ok

    16:12:29.0838 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

    16:12:29.0841 6028 NDProxy - ok

    16:12:29.0859 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

    16:12:29.0861 6028 NetBIOS - ok

    16:12:29.0885 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

    16:12:29.0891 6028 NetBT - ok

    16:12:29.0916 6028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    16:12:29.0917 6028 Netlogon - ok

    16:12:29.0958 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

    16:12:29.0964 6028 Netman - ok

    16:12:30.0038 6028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:12:30.0041 6028 NetMsmqActivator - ok

    16:12:30.0048 6028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:12:30.0051 6028 NetPipeActivator - ok

    16:12:30.0089 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

    16:12:30.0111 6028 netprofm - ok

    16:12:30.0120 6028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:12:30.0123 6028 NetTcpActivator - ok

    16:12:30.0130 6028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    16:12:30.0133 6028 NetTcpPortSharing - ok

    16:12:30.0186 6028 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

    16:12:30.0196 6028 netvsc - ok

    16:12:30.0509 6028 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

    16:12:30.0654 6028 NETwNs64 - ok

    16:12:30.0743 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

    16:12:30.0762 6028 nfrd960 - ok

    16:12:30.0812 6028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

    16:12:30.0818 6028 NlaSvc - ok

    16:12:30.0826 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

    16:12:30.0826 6028 Npfs - ok

    16:12:30.0830 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

    16:12:30.0832 6028 nsi - ok

    16:12:30.0837 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

    16:12:30.0838 6028 nsiproxy - ok

    16:12:30.0924 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

    16:12:30.0955 6028 Ntfs - ok

    16:12:31.0029 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

    16:12:31.0031 6028 Null - ok

    16:12:31.0064 6028 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

    16:12:31.0088 6028 NVHDA - ok

    16:12:31.0566 6028 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

    16:12:31.0616 6028 nvlddmkm - ok

    16:12:31.0683 6028 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys

    16:12:31.0684 6028 nvpciflt - ok

    16:12:31.0722 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

    16:12:31.0745 6028 nvraid - ok

    16:12:31.0769 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

    16:12:31.0787 6028 nvstor - ok

    16:12:31.0852 6028 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe

    16:12:31.0892 6028 NVSvc - ok

    16:12:32.0019 6028 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    16:12:32.0126 6028 nvUpdatusService - ok

    16:12:32.0217 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

    16:12:32.0224 6028 nv_agp - ok

    16:12:32.0259 6028 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe

    16:12:32.0260 6028 O2FLASH - ok

    16:12:32.0270 6028 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys

    16:12:32.0270 6028 O2MDFRDR - ok

    16:12:32.0283 6028 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\drivers\O2MDRw7x64.sys

    16:12:32.0290 6028 O2MDRRDR - ok

    16:12:32.0352 6028 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe

    16:12:32.0355 6028 O2SDIOAssist - ok

    16:12:32.0375 6028 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys

    16:12:32.0377 6028 O2SDJRDR - ok

    16:12:32.0481 6028 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    16:12:32.0540 6028 odserv - ok

    16:12:32.0568 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

    16:12:32.0575 6028 ohci1394 - ok

    16:12:32.0623 6028 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    16:12:32.0670 6028 ose - ok

    16:12:32.0703 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    16:12:32.0708 6028 p2pimsvc - ok

    16:12:32.0742 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

    16:12:32.0764 6028 p2psvc - ok

    16:12:32.0800 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

    16:12:32.0804 6028 Parport - ok

    16:12:32.0840 6028 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

    16:12:32.0845 6028 partmgr - ok

    16:12:32.0872 6028 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys

    16:12:32.0874 6028 PBADRV - ok

    16:12:32.0894 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

    16:12:32.0902 6028 PcaSvc - ok

    16:12:32.0931 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

    16:12:32.0936 6028 pci - ok

    16:12:32.0962 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

    16:12:32.0979 6028 pciide - ok

    16:12:33.0006 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

    16:12:33.0033 6028 pcmcia - ok

    16:12:33.0048 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

    16:12:33.0049 6028 pcw - ok

    16:12:33.0087 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

    16:12:33.0115 6028 PEAUTH - ok

    16:12:33.0202 6028 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

    16:12:33.0279 6028 PeerDistSvc - ok

    16:12:33.0360 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

    16:12:33.0364 6028 PerfHost - ok

    16:12:33.0510 6028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

    16:12:33.0564 6028 pla - ok

    16:12:33.0615 6028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

    16:12:33.0637 6028 PlugPlay - ok

    16:12:33.0657 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

    16:12:33.0663 6028 PNRPAutoReg - ok

    16:12:33.0695 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    16:12:33.0702 6028 PNRPsvc - ok

    16:12:33.0751 6028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

    16:12:33.0772 6028 PolicyAgent - ok

    16:12:33.0803 6028 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll

    16:12:33.0811 6028 Power - ok

    16:12:33.0872 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

    16:12:33.0876 6028 PptpMiniport - ok

    16:12:33.0894 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

    16:12:33.0911 6028 Processor - ok

    16:12:33.0947 6028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

    16:12:33.0956 6028 ProfSvc - ok

    16:12:33.0985 6028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    16:12:33.0987 6028 ProtectedStorage - ok

    16:12:34.0008 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

    16:12:34.0013 6028 Psched - ok

    16:12:34.0044 6028 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

    16:12:34.0045 6028 PxHlpa64 - ok

    16:12:34.0110 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

    16:12:34.0206 6028 ql2300 - ok

    16:12:34.0306 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

    16:12:34.0325 6028 ql40xx - ok

    16:12:34.0362 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

    16:12:34.0371 6028 QWAVE - ok

    16:12:34.0390 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

    16:12:34.0392 6028 QWAVEdrv - ok

    16:12:34.0403 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

    16:12:34.0410 6028 RasAcd - ok

    16:12:34.0435 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

    16:12:34.0437 6028 RasAgileVpn - ok

    16:12:34.0458 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

    16:12:34.0464 6028 RasAuto - ok

    16:12:34.0487 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

    16:12:34.0492 6028 Rasl2tp - ok

    16:12:34.0532 6028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

    16:12:34.0548 6028 RasMan - ok

    16:12:34.0571 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

    16:12:34.0575 6028 RasPppoe - ok

    16:12:34.0604 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

    16:12:34.0608 6028 RasSstp - ok

    16:12:34.0632 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

    16:12:34.0640 6028 rdbss - ok

    16:12:34.0653 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

    16:12:34.0656 6028 rdpbus - ok

    16:12:34.0665 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

    16:12:34.0668 6028 RDPCDD - ok

    16:12:34.0708 6028 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

    16:12:34.0714 6028 RDPDR - ok

    16:12:34.0741 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

    16:12:34.0744 6028 RDPENCDD - ok

    16:12:34.0761 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

    16:12:34.0764 6028 RDPREFMP - ok

    16:12:34.0809 6028 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

    16:12:34.0816 6028 RDPWD - ok

    16:12:34.0842 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

    16:12:34.0848 6028 rdyboost - ok

    16:12:34.0929 6028 RegSrvc (f90cc59135f2945a6ebb1670a7bbd8b3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    16:12:34.0958 6028 RegSrvc - ok

    16:12:34.0992 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

    16:12:34.0998 6028 RemoteAccess - ok

    16:12:35.0026 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

    16:12:35.0030 6028 RemoteRegistry - ok

    16:12:35.0201 6028 ReportServer (c48163f4c29540abdb272d50dfb76280) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

    16:12:35.0263 6028 ReportServer - ok

    16:12:35.0402 6028 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

    16:12:35.0477 6028 RoxMediaDB12OEM - ok

    16:12:35.0523 6028 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

    16:12:35.0529 6028 RoxWatch12 - ok

    16:12:35.0613 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
  8. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    16:12:35.0619 6028 RpcEptMapper - ok

    16:12:35.0645 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

    16:12:35.0648 6028 RpcLocator - ok

    16:12:35.0690 6028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    16:12:35.0700 6028 RpcSs - ok

    16:12:35.0753 6028 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys

    16:12:35.0780 6028 RsFx0151 - ok

    16:12:35.0810 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

    16:12:35.0813 6028 rspndr - ok

    16:12:35.0834 6028 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

    16:12:35.0849 6028 s3cap - ok

    16:12:35.0877 6028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    16:12:35.0878 6028 SamSs - ok

    16:12:35.0994 6028 SAP Business One RSP Agent Service (f9b59b015d8c5f58fca30b2d860d0ada) C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe

    16:12:35.0995 6028 SAP Business One RSP Agent Service - ok

    16:12:36.0064 6028 SAPB1iDIProxy - ok

    16:12:36.0072 6028 SAPB1iDIProxy_Monitor - ok

    16:12:36.0119 6028 SAPB1iEventSender - ok

    16:12:36.0171 6028 SBOBackUp (63ab7ec49a2e652431d1bc6f75ea4f30) C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe

    16:12:36.0220 6028 SBOBackUp - ok

    16:12:36.0273 6028 SBOClientAgent (5ab418e0c2ff003a5cdd0c6ec7837885) C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe

    16:12:36.0273 6028 SBOClientAgent - ok

    16:12:36.0318 6028 SBODI_Server (88d81cbe5cdc1d9d41c0787b7fa72b5f) C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe

    16:12:36.0341 6028 SBODI_Server - ok

    16:12:36.0358 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

    16:12:36.0377 6028 sbp2port - ok

    16:12:36.0407 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

    16:12:36.0416 6028 SCardSvr - ok

    16:12:36.0437 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

    16:12:36.0438 6028 scfilter - ok

    16:12:36.0481 6028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

    16:12:36.0518 6028 Schedule - ok

    16:12:36.0537 6028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    16:12:36.0540 6028 SCPolicySvc - ok

    16:12:36.0563 6028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

    16:12:36.0567 6028 SDRSVC - ok

    16:12:36.0607 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

    16:12:36.0610 6028 secdrv - ok

    16:12:36.0623 6028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

    16:12:36.0629 6028 seclogon - ok

    16:12:36.0794 6028 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe

    16:12:36.0957 6028 SecureStorageService - ok

    16:12:37.0062 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

    16:12:37.0068 6028 SENS - ok

    16:12:37.0086 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

    16:12:37.0091 6028 SensrSvc - ok

    16:12:37.0131 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

    16:12:37.0148 6028 Serenum - ok

    16:12:37.0167 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

    16:12:37.0184 6028 Serial - ok

    16:12:37.0208 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

    16:12:37.0224 6028 sermouse - ok

    16:12:37.0251 6028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

    16:12:37.0253 6028 SessionEnv - ok

    16:12:37.0256 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

    16:12:37.0262 6028 sffdisk - ok

    16:12:37.0275 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

    16:12:37.0290 6028 sffp_mmc - ok

    16:12:37.0297 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

    16:12:37.0304 6028 sffp_sd - ok

    16:12:37.0307 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

    16:12:37.0312 6028 sfloppy - ok

    16:12:37.0346 6028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

    16:12:37.0363 6028 SharedAccess - ok

    16:12:37.0396 6028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

    16:12:37.0417 6028 ShellHWDetection - ok

    16:12:37.0429 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

    16:12:37.0446 6028 SiSRaid2 - ok

    16:12:37.0455 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

    16:12:37.0461 6028 SiSRaid4 - ok

    16:12:37.0540 6028 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

    16:12:37.0543 6028 SkypeUpdate - ok

    16:12:37.0567 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

    16:12:37.0587 6028 Smb - ok

    16:12:37.0749 6028 SmcService (8316eb68c09b53135e717ff464180913) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

    16:12:37.0844 6028 SmcService - ok

    16:12:37.0900 6028 SNAC (7baaa607b3d6b9f6180a3f1746bf1a6a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

    16:12:37.0948 6028 SNAC - ok

    16:12:38.0035 6028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

    16:12:38.0040 6028 SNMPTRAP - ok

    16:12:38.0068 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

    16:12:38.0070 6028 spldr - ok

    16:12:38.0109 6028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

    16:12:38.0132 6028 Spooler - ok

    16:12:38.0293 6028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

    16:12:38.0382 6028 sppsvc - ok

    16:12:38.0442 6028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

    16:12:38.0448 6028 sppuinotify - ok

    16:12:38.0512 6028 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    16:12:38.0519 6028 SQLBrowser - ok

    16:12:38.0599 6028 SQLSERVERAGENT (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

    16:12:38.0622 6028 SQLSERVERAGENT - ok

    16:12:38.0686 6028 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    16:12:38.0691 6028 SQLWriter - ok

    16:12:38.0758 6028 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS

    16:12:38.0765 6028 SRTSP - ok

    16:12:38.0805 6028 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS

    16:12:38.0856 6028 SRTSPL - ok

    16:12:38.0878 6028 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS

    16:12:38.0895 6028 SRTSPX - ok

    16:12:38.0937 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

    16:12:38.0957 6028 srv - ok

    16:12:38.0991 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

    16:12:39.0011 6028 srv2 - ok

    16:12:39.0038 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

    16:12:39.0044 6028 srvnet - ok

    16:12:39.0089 6028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

    16:12:39.0098 6028 SSDPSRV - ok

    16:12:39.0122 6028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

    16:12:39.0128 6028 SstpSvc - ok

    16:12:39.0199 6028 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

    16:12:39.0206 6028 STacSV - ok

    16:12:39.0229 6028 stdcfltn (e4ea2412fb1b8aee33667a9cc6d456a4) C:\Windows\system32\DRIVERS\stdcfltn.sys

    16:12:39.0231 6028 stdcfltn - ok

    16:12:39.0295 6028 Stereo Service (479321c119b54d7f13a91e16cf7c2e9a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    16:12:39.0299 6028 Stereo Service - ok

    16:12:39.0321 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

    16:12:39.0339 6028 stexstor - ok

    16:12:39.0379 6028 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys

    16:12:39.0401 6028 STHDA - ok

    16:12:39.0465 6028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

    16:12:39.0491 6028 stisvc - ok

    16:12:39.0563 6028 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

    16:12:39.0591 6028 stllssvr - ok

    16:12:39.0609 6028 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

    16:12:39.0613 6028 StorSvc - ok

    16:12:39.0634 6028 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

    16:12:39.0640 6028 storvsc - ok

    16:12:39.0745 6028 SvcNEWTScanner (23684ca0561953adde66dd4e5e0734f0) C:\Windows\SysWOW64\NEWTScannerSvc.exe

    16:12:39.0749 6028 SvcNEWTScanner - ok

    16:12:39.0777 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

    16:12:39.0778 6028 swenum - ok

    16:12:39.0826 6028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

    16:12:39.0851 6028 swprv - ok

    16:12:40.0005 6028 Symantec AntiVirus (da035c6cd2684e3160b9d0a66176814c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    16:12:40.0015 6028 Symantec AntiVirus - ok

    16:12:40.0141 6028 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

    16:12:40.0155 6028 SymEvent - ok

    16:12:40.0187 6028 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

    16:12:40.0193 6028 SynthVid - ok

    16:12:40.0288 6028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

    16:12:40.0330 6028 SysMain - ok

    16:12:40.0411 6028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

    16:12:40.0417 6028 TabletInputService - ok

    16:12:40.0534 6028 TAO_NT_Naming_Service (299f5e12100b47de68f8dbc4cbda345c) C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe

    16:12:40.0585 6028 TAO_NT_Naming_Service - ok

    16:12:40.0681 6028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

    16:12:40.0698 6028 TapiSrv - ok

    16:12:40.0720 6028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

    16:12:40.0724 6028 TBS - ok

    16:12:40.0856 6028 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

    16:12:40.0934 6028 Tcpip - ok

    16:12:41.0081 6028 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

    16:12:41.0091 6028 TCPIP6 - ok

    16:12:41.0149 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

    16:12:41.0152 6028 tcpipreg - ok

    16:12:41.0275 6028 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

    16:12:41.0404 6028 tcsd_win32.exe - ok

    16:12:41.0626 6028 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

    16:12:41.0707 6028 TdmService - ok

    16:12:41.0793 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

    16:12:41.0808 6028 TDPIPE - ok

    16:12:41.0836 6028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

    16:12:41.0839 6028 TDTCP - ok

    16:12:41.0860 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

    16:12:41.0864 6028 tdx - ok

    16:12:42.0019 6028 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

    16:12:42.0030 6028 TeamViewer7 - ok

    16:12:42.0107 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

    16:12:42.0109 6028 TermDD - ok

    16:12:42.0167 6028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

    16:12:42.0191 6028 TermService - ok

    16:12:42.0204 6028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

    16:12:42.0206 6028 Themes - ok

    16:12:42.0228 6028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    16:12:42.0231 6028 THREADORDER - ok

    16:12:42.0343 6028 Tomcat6 (adad1371f9d555c82258cc9f719e7647) C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe

    16:12:42.0345 6028 Tomcat6 - ok

    16:12:42.0371 6028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

    16:12:42.0375 6028 TrkWks - ok

    16:12:42.0413 6028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

    16:12:42.0416 6028 TrustedInstaller - ok

    16:12:42.0452 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

    16:12:42.0455 6028 tssecsrv - ok

    16:12:42.0476 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

    16:12:42.0484 6028 TsUsbFlt - ok

    16:12:42.0498 6028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

    16:12:42.0514 6028 TsUsbGD - ok

    16:12:42.0538 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

    16:12:42.0540 6028 tunnel - ok

    16:12:42.0546 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

    16:12:42.0552 6028 uagp35 - ok

    16:12:42.0572 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

    16:12:42.0588 6028 udfs - ok

    16:12:42.0609 6028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

    16:12:42.0615 6028 UI0Detect - ok

    16:12:42.0627 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

    16:12:42.0634 6028 uliagpkx - ok

    16:12:42.0647 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

    16:12:42.0650 6028 umbus - ok

    16:12:42.0666 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

    16:12:42.0683 6028 UmPass - ok

    16:12:42.0720 6028 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

    16:12:42.0727 6028 UmRdpService - ok

    16:12:42.0916 6028 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    16:12:42.0975 6028 UNS - ok

    16:12:43.0011 6028 UnsignedThemes (8f387a1cc015a3f5020700c657a0fc85) C:\Windows\UnsignedThemesSvc.exe

    16:12:43.0012 6028 UnsignedThemes - ok

    16:12:43.0094 6028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

    16:12:43.0110 6028 upnphost - ok

    16:12:43.0158 6028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

    16:12:43.0177 6028 usbaudio - ok

    16:12:43.0212 6028 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

    16:12:43.0215 6028 usbccgp - ok

    16:12:43.0241 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

    16:12:43.0254 6028 usbcir - ok

    16:12:43.0270 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

    16:12:43.0273 6028 usbehci - ok

    16:12:43.0312 6028 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

    16:12:43.0330 6028 usbhub - ok

    16:12:43.0364 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

    16:12:43.0380 6028 usbohci - ok

    16:12:43.0401 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

    16:12:43.0408 6028 usbprint - ok

    16:12:43.0426 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    16:12:43.0444 6028 USBSTOR - ok

    16:12:43.0471 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

    16:12:43.0477 6028 usbuhci - ok

    16:12:43.0511 6028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

    16:12:43.0517 6028 usbvideo - ok

    16:12:43.0546 6028 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys

    16:12:43.0548 6028 uxpatch - ok

    16:12:43.0574 6028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

    16:12:43.0577 6028 UxSms - ok

    16:12:43.0596 6028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    16:12:43.0596 6028 VaultSvc - ok

    16:12:43.0615 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

    16:12:43.0617 6028 vdrvroot - ok

    16:12:43.0655 6028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

    16:12:43.0678 6028 vds - ok

    16:12:43.0693 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

    16:12:43.0705 6028 vga - ok

    16:12:43.0722 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

    16:12:43.0725 6028 VgaSave - ok

    16:12:43.0743 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

    16:12:43.0762 6028 vhdmp - ok

    16:12:43.0785 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

    16:12:43.0797 6028 viaide - ok

    16:12:43.0858 6028 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

    16:12:43.0862 6028 VMAuthdService - ok

    16:12:43.0886 6028 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

    16:12:43.0902 6028 VMBusHID - ok

    16:12:43.0943 6028 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

    16:12:43.0947 6028 vmci - ok

    16:12:43.0978 6028 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys

    16:12:43.0979 6028 vmkbd - ok

    16:12:43.0992 6028 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

    16:12:43.0994 6028 VMnetAdapter - ok

    16:12:44.0010 6028 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

    16:12:44.0012 6028 VMnetBridge - ok

    16:12:44.0018 6028 VMnetDHCP - ok

    16:12:44.0038 6028 VMnetuserif (b6a3766c3e99fb1f6663c6b4b7c3f3a1) C:\Windows\system32\drivers\vmnetuserif.sys

    16:12:44.0040 6028 VMnetuserif - ok

    16:12:44.0052 6028 VMparport (72d35825bb1b94c158e2332dd6bb2a98) C:\Windows\system32\drivers\VMparport.sys

    16:12:44.0054 6028 VMparport - ok

    16:12:44.0084 6028 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys

    16:12:44.0102 6028 vmusb - ok

    16:12:44.0190 6028 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

    16:12:44.0215 6028 VMUSBArbService - ok

    16:12:44.0224 6028 VMware NAT Service - ok

    16:12:44.0243 6028 vmx86 (e53cad9b1fa901ca2046501ee88f9cef) C:\Windows\system32\drivers\vmx86.sys

    16:12:44.0244 6028 vmx86 - ok

    16:12:44.0270 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

    16:12:44.0274 6028 volmgr - ok

    16:12:44.0307 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

    16:12:44.0322 6028 volmgrx - ok

    16:12:44.0348 6028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

    16:12:44.0364 6028 volsnap - ok

    16:12:44.0395 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

    16:12:44.0416 6028 vsmraid - ok

    16:12:44.0504 6028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

    16:12:44.0562 6028 VSS - ok

    16:12:44.0652 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

    16:12:44.0655 6028 vwifibus - ok

    16:12:44.0688 6028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

    16:12:44.0691 6028 vwififlt - ok

    16:12:44.0733 6028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

    16:12:44.0755 6028 W32Time - ok

    16:12:44.0826 6028 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

    16:12:44.0846 6028 W3SVC - ok

    16:12:44.0866 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

    16:12:44.0888 6028 WacomPen - ok

    16:12:44.0915 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    16:12:44.0918 6028 WANARP - ok

    16:12:44.0920 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    16:12:44.0920 6028 Wanarpv6 - ok

    16:12:44.0951 6028 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

    16:12:44.0957 6028 WAS - ok

    16:12:45.0104 6028 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

    16:12:45.0167 6028 Wave Authentication Manager Service - ok

    16:12:45.0331 6028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

    16:12:45.0367 6028 wbengine - ok

    16:12:45.0424 6028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

    16:12:45.0428 6028 WbioSrvc - ok

    16:12:45.0452 6028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

    16:12:45.0473 6028 wcncsvc - ok

    16:12:45.0494 6028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

    16:12:45.0500 6028 WcsPlugInService - ok

    16:12:45.0545 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

    16:12:45.0560 6028 Wd - ok

    16:12:45.0595 6028 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

    16:12:45.0605 6028 WDC_SAM - ok

    16:12:45.0646 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

    16:12:45.0667 6028 Wdf01000 - ok

    16:12:45.0696 6028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    16:12:45.0702 6028 WdiServiceHost - ok

    16:12:45.0706 6028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    16:12:45.0711 6028 WdiSystemHost - ok

    16:12:45.0738 6028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

    16:12:45.0754 6028 WebClient - ok

    16:12:45.0780 6028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

    16:12:45.0791 6028 Wecsvc - ok

    16:12:45.0814 6028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

    16:12:45.0821 6028 wercplsupport - ok

    16:12:45.0844 6028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

    16:12:45.0850 6028 WerSvc - ok

    16:12:45.0903 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

    16:12:45.0905 6028 WfpLwf - ok

    16:12:45.0920 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

    16:12:45.0939 6028 WIMMount - ok

    16:12:45.0963 6028 WinDefend - ok

    16:12:45.0967 6028 WinHttpAutoProxySvc - ok

    16:12:46.0028 6028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

    16:12:46.0036 6028 Winmgmt - ok

    16:12:46.0150 6028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

    16:12:46.0218 6028 WinRM - ok

    16:12:46.0324 6028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

    16:12:46.0327 6028 WinUsb - ok

    16:12:46.0381 6028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

    16:12:46.0409 6028 Wlansvc - ok

    16:12:46.0441 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

    16:12:46.0441 6028 WmiAcpi - ok

    16:12:46.0486 6028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

    16:12:46.0493 6028 wmiApSrv - ok

    16:12:46.0528 6028 WMPNetworkSvc - ok

    16:12:46.0601 6028 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

    16:12:46.0629 6028 WMZuneComm - ok

    16:12:46.0662 6028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

    16:12:46.0665 6028 WPCSvc - ok

    16:12:46.0686 6028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

    16:12:46.0694 6028 WPDBusEnum - ok

    16:12:46.0721 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

    16:12:46.0723 6028 ws2ifsl - ok

    16:12:46.0740 6028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

    16:12:46.0747 6028 wscsvc - ok

    16:12:46.0753 6028 WSearch - ok

    16:12:46.0873 6028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

    16:12:46.0941 6028 wuauserv - ok

    16:12:47.0035 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

    16:12:47.0040 6028 WudfPf - ok

    16:12:47.0062 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

    16:12:47.0068 6028 WUDFRd - ok

    16:12:47.0089 6028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

    16:12:47.0096 6028 wudfsvc - ok

    16:12:47.0125 6028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

    16:12:47.0143 6028 WwanSvc - ok

    16:12:47.0223 6028 XobniService (12f9ead58e8ca6c8377b0e61766c5a12) C:\Program Files (x86)\Xobni\XobniService.exe

    16:12:47.0225 6028 XobniService - ok

    16:12:47.0352 6028 ZcfgSvc7 (b87e12317928739e22d2e3acc7ccac80) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

    16:12:47.0383 6028 ZcfgSvc7 - ok

    16:12:47.0708 6028 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

    16:12:47.0971 6028 ZuneNetworkSvc - ok

    16:12:48.0045 6028 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

    16:12:48.0098 6028 ZuneWlanCfgSvc - ok

    16:12:48.0144 6028 MBR (0x1B8) (d7ad5aa31a559120c3ba48fd0a1b1636) \Device\Harddisk0\DR0

    16:12:48.0339 6028 \Device\Harddisk0\DR0 - ok

    16:12:48.0346 6028 Boot (0x1200) (f878749b4bd0877960827c7652e1edec) \Device\Harddisk0\DR0\Partition0

    16:12:48.0350 6028 \Device\Harddisk0\DR0\Partition0 - ok

    16:12:48.0372 6028 Boot (0x1200) (363520809edb43fc12e302101fa68d9c) \Device\Harddisk0\DR0\Partition1

    16:12:48.0376 6028 \Device\Harddisk0\DR0\Partition1 - ok

    16:12:48.0377 6028 ============================================================

    16:12:48.0377 6028 Scan finished

    16:12:48.0377 6028 ============================================================

    16:12:48.0384 3720 Detected object count: 0

    16:12:48.0384 3720 Actual detected object count: 0
  9. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    ComboFix 12-06-23.01 - dean.garrison 06/22/2012 21:24:42.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.4823 [GMT -7:00]
    Running from: c:\users\dean.garrison\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\kGACsYrmPjUu.exe
    c:\programdata\M8bNpuGd8Z7Nvx
    c:\programdata\M8bNpuGd8Z7Nvx.exe
    c:\users\dean.garrison\AppData\Local\assembly\tmp
    c:\users\dean.garrison\g2mdlhlpx.exe
    c:\windows\SysWow64\instsrv.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-21 21:22 . 2012-06-21 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\users\dean.garrison\AppData\Roaming\Malwarebytes
    2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-21 20:08 . 2012-06-21 20:09 -------- d-----w- c:\program files\HitmanPro
    2012-06-21 20:08 . 2012-06-21 20:09 -------- d-----w- c:\programdata\HitmanPro
    2012-06-21 19:47 . 2012-06-21 19:47 -------- d-----w- C:\found.000
    2012-06-20 18:49 . 2012-06-20 18:49 1784736 ---ha-w- c:\windows\SysWow64\NEWT.dll
    2012-06-20 18:48 . 2012-06-20 18:49 269728 ---ha-w- c:\windows\SysWow64\NEWTScan.exe
    2012-06-20 18:48 . 2012-06-20 18:48 82672 ---ha-w- c:\windows\SysWow64\NEWTScannerCOM.exe
    2012-06-20 18:48 . 2012-06-20 18:48 78576 ---ha-w- c:\windows\SysWow64\NEWTScannerSvc.exe
    2012-06-19 15:05 . 2012-05-31 04:04 9013136 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-422C-AF4A-5090183FE82F}\mpengine.dll
    2012-06-18 22:31 . 2012-06-18 22:31 -------- d--h--w- c:\program files (x86)\Vision33 1D2V CRM Dashboard
    2012-06-14 06:12 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 06:12 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 06:12 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 06:11 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 06:11 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 06:11 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 06:11 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 06:11 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-08 17:45 . 2012-06-08 17:45 -------- d--h--w- c:\users\dean.garrison\AppData\Roaming\SAP
    2012-05-24 19:02 . 2012-03-28 03:30 77824 ---ha-w- c:\windows\SysWow64\LoadDotNetAssembly.dll
    2012-05-24 19:02 . 2012-03-28 03:30 13312 ---ha-w- c:\windows\SysWow64\LoadDotNetAssembly.netmodule
    2012-05-24 19:00 . 2012-05-24 19:01 69632 ---ha-w- c:\windows\SysWow64\B1iUtilitiesNative.dll
    2012-05-24 16:21 . 2012-05-24 16:21 -------- d--h--w- c:\windows\SysWow64\BestPractices
    2012-05-24 16:21 . 2012-05-24 16:21 -------- d-----w- c:\windows\system32\BestPractices
    2012-05-24 16:04 . 2012-05-24 16:04 -------- d--h--w- c:\users\dean.garrison\AppData\Local\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-24 19:01 . 2012-05-22 23:17 86016 ---ha-w- c:\windows\SysWow64\B1iTranslatorNative.dll
    2012-05-24 19:01 . 2012-04-17 01:18 61440 ----a-w- c:\windows\system32\B1iUtilitiesNative64.dll
    2012-05-01 16:04 . 2012-05-01 16:04 418464 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-01 16:04 . 2012-02-19 17:08 70304 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-18 23:30 . 2012-04-18 23:30 89088 ----a-w- c:\windows\system32\explorer.exe
    2012-03-30 11:35 . 2012-05-11 19:00 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-28 20:28 . 2012-03-28 20:29 834560 ----a-w- c:\windows\system32\RpcTspUI.dll
    2012-03-28 20:28 . 2012-03-28 20:29 81408 ----a-w- c:\windows\system32\CPHelper.dll
    2012-03-28 20:28 . 2012-03-28 20:29 718848 ----a-w- c:\windows\system32\RpcTspX.tsp
    2012-03-28 20:28 . 2012-03-28 20:29 36864 ----a-w- c:\windows\system32\TMSRegLib.dll
    2012-03-28 20:28 . 2012-03-28 20:29 261120 ----a-w- c:\windows\system32\TAPIConverterX.dll
    2012-03-28 20:28 . 2012-03-28 20:29 195072 ----a-w- c:\windows\system32\Reglib.dll
    2012-03-28 20:28 . 2012-03-28 20:29 144896 ----a-w- c:\windows\system32\loglib.dll
    2012-03-28 20:28 . 2012-03-28 20:29 115200 ----a-w- c:\windows\system32\STLogin.dll
    2012-03-28 20:28 . 2012-03-28 20:29 105984 ----a-w- c:\windows\system32\STCLogin.exe
    2012-03-28 19:03 . 2012-03-28 19:03 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-28 03:30 . 2012-05-22 23:17 13312 ----a-w- c:\windows\system32\LoadDotNetAssembly.netmodule
    2012-03-28 03:30 . 2012-03-28 03:30 91648 ----a-w- c:\windows\system32\LoadDotNetAssembly.dll
    2012-03-28 03:10 . 2012-03-28 03:10 101888 ---ha-r- c:\windows\SysWow64\VB6STKIT.DLL
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
    "GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" [2012-04-16 39816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SAP Business One ServerTools"="c:\program files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe" [2012-03-28 331776]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2012-3-28 5120]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "dontdisplaylockeduserid"= 1 (0x1)
    "HideFastUserSwitching"= 0 (0x0)
    "DefaultLogonDomain"= zedIT
    "DisableStartupSound"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 SBOBackUp;SAP Business One BackUp Service;c:\program files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-03-28 241664]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 B1LicenseService;SAP Business One License Manager;c:\program files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe [2012-03-28 3887104]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
    S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]
    S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-04-03 2175328]
    S2 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;c:\program files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe [2011-08-17 12800]
    S2 SAPB1iDIProxy;SAP Business One DI Proxy Service;c:\program files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe [2012-03-28 249856]
    S2 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;c:\program files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe [2012-03-28 249856]
    S2 SAPB1iEventSender;SAP Business One EventSender Service;c:\program files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe [2012-03-28 249856]
    S2 SBOClientAgent;SAP Business One Client Agent;c:\program files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe [2012-03-28 61440]
    S2 SBODI_Server;SAP Business One DI Server;c:\program files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe [2012-03-28 733184]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
    S2 SvcNEWTScanner;NEWTScanner Service;c:\windows\SysWOW64\NEWTScannerSvc.exe [2012-06-20 78576]
    S2 TAO_NT_Naming_Service;TAO NT Naming Service;c:\program files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe [2012-03-28 1388544]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S2 Tomcat6;SAP Business One Integration Service;c:\program files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe [2012-03-28 78336]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
    S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
    S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
    S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2012-01-20 62184]
    S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [x]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NAL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 16:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-05-27 23:46 139128 ---ha-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-05-27 23:46 139128 ---ha-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
    "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
    "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
    "combofix"="c:\combofix\CF17729.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://zedworld.zeditsolutions.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: %SystemRoot%\system32\vsocklib.dll
    Trusted Zone: garrison7
    Trusted Zone: zedit.com\zedworld
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: NameServer = 192.168.112.16,192.168.112.124
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-Symantec Antvirus
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\sysWOW64\SDIOAssist.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Shoreline Communications\ShoreWare Client\STCLogin.exe
    c:\program files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
    c:\program files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-22 21:45:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-23 04:45
    .
    Pre-Run: 243,693,604,864 bytes free
    Post-Run: 243,718,348,800 bytes free
    .
    - - End Of File - - A90D07400BAB16D006C82AD33C2FCDA9
  11. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    OTL logfile created on: 6/25/2012 9:22:22 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\dean.garrison\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.88 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 63.00% Memory free
    15.77 Gb Paging File | 12.19 Gb Available in Paging File | 77.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.42 Gb Total Space | 227.05 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 1769.16 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
    Drive M: | 49.42 Gb Total Space | 29.02 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

    Computer Name: GARRISON7 | User Name: dean.garrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
    PRC - [2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWOW64\NEWTScannerSvc.exe
    PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
    PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
    PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/27 22:30:42 | 003,887,104 | -H-- | M] () -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe
    PRC - [2012/03/27 22:00:56 | 000,733,184 | -H-- | M] (SAP Ltd.) -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
    PRC - [2012/03/27 21:59:40 | 000,331,776 | -H-- | M] (SAP Ltd.) -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
    PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe
    PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe
    PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe
    PRC - [2012/03/27 20:10:48 | 001,388,544 | -H-- | M] () -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe
    PRC - [2012/03/19 04:38:47 | 007,357,824 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/03/19 04:38:47 | 002,666,880 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/03/19 04:29:38 | 000,106,368 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2012/01/19 20:03:30 | 000,062,184 | -H-- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
    PRC - [2011/11/13 22:42:54 | 000,354,416 | -H-- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2011/11/13 22:42:52 | 000,433,264 | -H-- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2011/11/13 20:49:40 | 000,079,872 | -H-- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    PRC - [2011/08/08 20:46:06 | 002,656,536 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/08/08 20:46:04 | 000,325,912 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/07/25 08:43:18 | 000,686,704 | -H-- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2011/06/05 06:31:30 | 000,378,472 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/03/04 14:42:24 | 000,081,920 | -H-- | M] (ShoreTel, Inc.) -- C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\STCLogin.exe
    PRC - [2011/02/23 23:10:24 | 000,212,944 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/11/17 09:35:34 | 000,514,544 | -H-- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/10/01 15:55:28 | 000,087,336 | -H-- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2010/08/13 18:25:08 | 000,223,848 | -H-- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
    PRC - [2010/03/23 12:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/05/12 22:14:50 | 000,050,616 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2009/05/12 22:12:36 | 002,440,632 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/03/17 00:25:56 | 000,115,560 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2003/04/18 19:06:26 | 000,008,192 | -H-- | M] () -- c:\Windows\SysWOW64\srvany.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/25 08:43:18 | 000,686,704 | -H-- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/11/24 21:44:02 | 000,375,280 | -H-- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 09:35:34 | 000,514,544 | -H-- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/24 15:17:34 | 002,279,320 | -H-- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
    SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011/07/01 12:52:32 | 001,600,000 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
    SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
    SRV:64bit: - [2011/05/27 16:46:56 | 003,792,240 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2011/05/24 14:42:08 | 002,154,888 | -H-- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2011/05/13 09:10:44 | 001,043,872 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2011/05/13 09:10:44 | 000,036,768 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2011/01/25 02:57:18 | 000,296,448 | -H-- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R)
    SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) [Auto | Running] -- C:\Windows\SysWOW64\NEWTScannerSvc.exe -- (SvcNEWTScanner)
    SRV - [2012/05/01 09:04:45 | 000,253,088 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/05 10:37:38 | 000,158,856 | RH-- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/27 22:32:34 | 000,061,440 | -H-- | M] (SAP) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe -- (SBOClientAgent)
    SRV - [2012/03/27 22:30:42 | 003,887,104 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe -- (B1LicenseService)
    SRV - [2012/03/27 22:00:56 | 000,733,184 | -H-- | M] (SAP Ltd.) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe -- (SBODI_Server)
    SRV - [2012/03/27 21:59:54 | 000,241,664 | -H-- | M] (SAP Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe -- (SBOBackUp)
    SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe -- (SAPB1iEventSender)
    SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe -- (SAPB1iDIProxy_Monitor)
    SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe -- (SAPB1iDIProxy)
    SRV - [2012/03/27 20:30:04 | 000,078,336 | -H-- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe -- (Tomcat6)
    SRV - [2012/03/27 20:10:48 | 001,388,544 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe -- (TAO_NT_Naming_Service)
    SRV - [2012/03/19 04:38:47 | 002,666,880 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/01/19 20:03:30 | 000,062,184 | -H-- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
    SRV - [2011/11/13 22:42:54 | 000,354,416 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2011/11/13 22:42:52 | 000,433,264 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2011/11/13 20:49:40 | 000,079,872 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2011/08/29 21:11:04 | 000,846,448 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/08/17 01:47:32 | 000,012,800 | -H-- | M] (SAP) [Auto | Running] -- C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe -- (SAP Business One RSP Agent Service)
    SRV - [2011/08/08 20:46:06 | 002,656,536 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/08/08 20:46:04 | 000,325,912 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2011/06/05 08:22:00 | 001,997,416 | -H-- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/06/05 06:31:30 | 000,378,472 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/02/23 23:10:24 | 000,212,944 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
    SRV - [2011/02/17 08:08:52 | 001,633,280 | -H-- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/11/25 04:34:18 | 000,219,632 | -H-- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 04:33:18 | 001,116,656 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/03/23 12:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/12 22:12:36 | 002,440,632 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/05/12 20:56:52 | 003,098,440 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2009/03/20 18:10:15 | 003,093,880 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2009/02/01 21:43:28 | 000,387,400 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2003/04/18 19:06:26 | 000,008,192 | -H-- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/28 12:03:13 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/19 11:53:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/02/19 11:53:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/11/13 22:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2011/11/13 22:43:30 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
    DRV:64bit: - [2011/11/13 22:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
    DRV:64bit: - [2011/11/13 22:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2011/11/13 20:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2011/11/13 20:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2011/08/29 21:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/29 21:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
    DRV:64bit: - [2011/08/08 13:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/07/22 13:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
    DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2011/07/19 15:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)
    DRV:64bit: - [2011/07/15 22:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2011/06/17 19:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/06/05 08:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/05/26 11:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/05/10 13:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2011/05/10 03:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/03/23 14:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011/01/25 02:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/01/03 15:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011/01/03 13:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2010/12/21 12:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/08/02 16:19:30 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
    DRV:64bit: - [2010/08/02 16:19:28 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
    DRV:64bit: - [2010/08/02 16:19:24 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
    DRV:64bit: - [2010/08/02 16:19:24 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
    DRV:64bit: - [2010/08/02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
    DRV:64bit: - [2010/07/21 12:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009/09/16 15:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/04 13:07:56 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2009/03/04 13:07:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2009/03/04 13:07:54 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/05/30 01:00:00 | 000,484,512 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/05/30 01:00:00 | 000,138,912 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/05/15 01:00:00 | 002,068,600 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120624.008\ex64.sys -- (NAVEX15)
    DRV - [2012/05/15 01:00:00 | 000,120,440 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120624.008\eng64.sys -- (NAVENG)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/03/04 13:07:56 | 000,480,304 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2009/03/04 13:07:56 | 000,032,304 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/03/04 13:07:54 | 000,441,904 | -H-- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B46D353-06C6-41E9-9985-DC042811E0DD}
    IE:64bit: - HKLM\..\SearchScopes\{3B46D353-06C6-41E9-9985-DC042811E0DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {3B46D353-06C6-41E9-9985-DC042811E0DD}
    IE - HKLM\..\SearchScopes\{3B46D353-06C6-41E9-9985-DC042811E0DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://zedworld.zeditsolutions.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {15FB76D0-A139-4866-945C-863D17359F4A}
    IE - HKCU\..\SearchScopes\{15FB76D0-A139-4866-945C-863D17359F4A}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012/06/22 21:41:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SAP Business One ServerTools] C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe (SAP Ltd.)
    O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = zedIT
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
    O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
    O15 - HKCU\..Trusted Domains: garrison7 ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: zedit.com ([zedworld] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab (Microsoft Office Template and Media Control)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.113.22 209.218.76.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zedIT.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: Domain = zedIT.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: NameServer = 192.168.112.16,192.168.112.124
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD2094C8-9C58-4E71-B30D-D56425AD36F7}: DhcpNameServer = 192.168.113.22 209.218.76.2
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe ()
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/09 07:58:32 | 000,000,067 | -H-- | M] () - F:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/05/18 14:47:24 | 000,000,000 | ---- | M] () - M:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
  13. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/25 09:20:18 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
    [2012/06/25 08:54:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2012/06/22 21:41:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/22 21:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V Finance Charges
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V CRM Dashboard
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShoreTel
    [2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scintilla Text Editor
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Business One
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integration solution for SAP Business One
    [2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    [2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    [2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
    [2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    [2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
    [2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASAP Utilities
    [2012/06/22 21:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
    [2012/06/22 21:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/06/22 21:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/06/22 21:23:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/22 21:23:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/22 21:23:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/22 21:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/22 21:22:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/22 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\desktop
    [2012/06/22 21:17:54 | 004,565,299 | R--- | C] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
    [2012/06/22 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\tdsskiller
    [2012/06/21 22:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
    [2012/06/21 16:30:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/06/21 16:30:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/06/21 16:01:45 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\Virus Fix
    [2012/06/21 14:22:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/21 13:54:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
    [2012/06/21 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Malwarebytes
    [2012/06/21 13:26:11 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/21 13:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/21 13:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/21 13:09:15 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2012/06/21 13:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/06/21 13:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/06/21 12:47:47 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/06/20 13:26:22 | 000,000,000 | -H-D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V CRM Dashboard
    [2012/06/20 11:49:30 | 001,784,736 | -H-- | C] (CPUID) -- C:\Windows\SysWow64\NEWT.dll
    [2012/06/20 11:48:59 | 000,269,728 | -H-- | C] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
    [2012/06/20 11:48:55 | 000,082,672 | -H-- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
    [2012/06/20 11:48:52 | 000,078,576 | -H-- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe
    [2012/06/18 15:31:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Vision33 1D2V CRM Dashboard
    [2012/06/08 10:45:57 | 000,000,000 | -H-D | C] -- C:\Users\dean.garrison\AppData\Roaming\SAP

    ========== Files - Modified Within 30 Days ==========

    [2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
    [2012/06/25 09:03:17 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/25 09:03:17 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/25 09:02:59 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/25 08:53:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/25 08:52:01 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/22 21:41:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/22 21:23:31 | 004,565,299 | R--- | M] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
    [2012/06/21 13:56:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
    [2012/06/21 13:26:11 | 000,001,135 | ---- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/21 11:20:40 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
    [2012/06/21 11:20:40 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
    [2012/06/21 11:20:39 | 000,000,681 | -H-- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/06/21 08:56:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\dev_hwid
    [2012/06/20 11:49:36 | 001,784,736 | -H-- | M] (CPUID) -- C:\Windows\SysWow64\NEWT.dll
    [2012/06/20 11:49:07 | 000,269,728 | -H-- | M] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
    [2012/06/20 11:48:58 | 000,082,672 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
    [2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe
    [2012/06/19 13:58:15 | 000,001,998 | -H-- | M] () -- C:\Users\dean.garrison\Documents\Default.rdp
    [2012/06/18 14:07:54 | 000,002,663 | -H-- | M] () -- C:\Users\Public\Documents\Signature.pdf
    [2012/06/14 11:57:00 | 000,000,459 | -H-- | M] () -- C:\Users\dean.garrison\Documents\ChatLog TurboTire _ iCharge Config _ Dean 2012_06_14 11_57.rtf
    [2012/06/14 03:26:03 | 000,355,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/14 03:08:19 | 001,058,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/14 03:08:19 | 000,846,188 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/14 03:08:19 | 000,193,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/05/30 14:18:57 | 000,000,497 | -H-- | M] () -- C:\Users\dean.garrison\Documents\ChatLog SQL Training 2012_05_30 14_18.rtf
    [2012/05/30 09:19:27 | 000,516,552 | ---- | M] () -- C:\bar.emf
    [2012/05/30 09:19:25 | 000,336,896 | -H-- | M] () -- C:\Users\Public\Documents\Venn.vsd
    [2012/05/30 06:54:53 | 000,134,656 | -H-- | M] () -- C:\Users\Public\Documents\Before.vsd

    ========== Files Created - No Company Name ==========

    [2012/06/22 21:26:09 | 000,002,653 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    [2012/06/22 21:26:09 | 000,001,714 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
    [2012/06/22 21:26:04 | 000,002,441 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/06/22 21:26:04 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/06/22 21:26:04 | 000,001,326 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/06/22 21:26:04 | 000,001,210 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/06/22 21:26:04 | 000,001,176 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012/06/22 21:23:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/22 21:23:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/22 21:23:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/22 21:23:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/22 21:23:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/21 13:26:11 | 000,001,135 | ---- | C] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/21 11:20:40 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
    [2012/06/21 11:20:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
    [2012/06/21 11:20:39 | 000,000,681 | -H-- | C] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/06/18 14:07:54 | 000,002,663 | -H-- | C] () -- C:\Users\Public\Documents\Signature.pdf
    [2012/06/14 11:57:00 | 000,000,459 | -H-- | C] () -- C:\Users\dean.garrison\Documents\ChatLog TurboTire _ iCharge Config _ Dean 2012_06_14 11_57.rtf
    [2012/05/30 14:18:57 | 000,000,497 | -H-- | C] () -- C:\Users\dean.garrison\Documents\ChatLog SQL Training 2012_05_30 14_18.rtf
    [2012/05/30 09:19:25 | 000,336,896 | -H-- | C] () -- C:\Users\Public\Documents\Venn.vsd
    [2012/05/30 06:54:56 | 000,516,552 | ---- | C] () -- C:\bar.emf
    [2012/05/30 06:54:52 | 000,134,656 | -H-- | C] () -- C:\Users\Public\Documents\Before.vsd
    [2012/05/24 12:02:39 | 000,077,824 | -H-- | C] () -- C:\Windows\SysWow64\LoadDotNetAssembly.dll
    [2012/04/18 16:46:31 | 000,035,048 | -H-- | C] () -- C:\Users\dean.garrison\AppData\Roaming\UserOrb.bmp
    [2012/04/16 12:14:03 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/04/13 11:10:20 | 000,000,664 | RHS- | C] () -- C:\Users\dean.garrison\ntuser.pol
    [2012/03/27 16:37:16 | 000,007,592 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/02/19 11:42:27 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/02/19 11:42:27 | 000,218,304 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/02/19 11:42:26 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/02/19 11:42:26 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/02/19 11:42:25 | 013,906,944 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/02/19 10:29:04 | 000,080,368 | -H-- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
    [2012/02/19 10:24:33 | 000,008,192 | -H-- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011/05/16 12:31:44 | 000,008,592 | -H-- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2011/02/10 07:33:46 | 000,996,520 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/08/19 16:18:20 | 001,008,640 | -H-- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

    ========== LOP Check ==========

    [2012/04/24 07:59:44 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\ASAP Utilities
    [2012/05/03 11:07:32 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\Business Objects
    [2012/05/09 13:49:41 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\FileZilla
    [2012/04/13 13:50:09 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\Rainmeter
    [2012/06/08 10:45:57 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\SAP
    [2012/04/16 09:52:17 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\ShoreWare Client
    [2012/05/01 12:28:12 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\TeamViewer
    [2009/07/13 22:08:49 | 000,031,912 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/05/30 09:19:27 | 000,516,552 | ---- | M] () -- C:\bar.emf
    [2012/06/22 21:45:41 | 000,025,811 | ---- | M] () -- C:\ComboFix.txt
    [2012/02/19 11:55:50 | 000,035,481 | RH-- | M] () -- C:\dell.sdr
    [2012/06/25 08:52:01 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/06/25 08:52:24 | 4170,080,255 | -HS- | M] () -- C:\pagefile.sys
    [2012/06/21 14:23:07 | 000,159,192 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_14.21.03_log.txt
    [2012/06/21 15:10:13 | 000,312,304 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_15.07.29_log.txt
    [2012/06/22 17:07:36 | 000,152,804 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_22.06.2012_16.12.12_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/04/13 13:41:40 | 000,000,221 | -HS- | M] () -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/21 13:56:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
    [2012/06/22 21:23:31 | 004,565,299 | R--- | M] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
    [2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/25 09:02:59 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/25 08:53:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/13 22:08:49 | 000,031,912 | -H-- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/06/25 09:00:12 | 000,008,192 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/06/25 09:00:12 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/05/15 09:04:16 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb00001.log
    [2012/03/27 16:37:19 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/03/27 16:37:19 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/05/03 10:59:25 | 000,000,436 | -HS- | M] () -- C:\Users\dean.garrison\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/06/21 11:20:40 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
    [2012/06/21 11:20:40 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
    [2012/04/16 09:15:48 | 000,007,592 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >
    < End of report >
  14. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    OTL Extras logfile created on: 6/25/2012 9:22:22 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\dean.garrison\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.88 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 63.00% Memory free
    15.77 Gb Paging File | 12.19 Gb Available in Paging File | 77.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.42 Gb Total Space | 227.05 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 1769.16 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
    Drive M: | 49.42 Gb Total Space | 29.02 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

    Computer Name: GARRISON7 | User Name: dean.garrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00CE5826-4E73-43B1-AAFC-BF795C322182}" = rport=1723 | protocol=6 | dir=out | app=system |
    "{391569B9-C8E1-43A9-9945-915E9B864787}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3A9011DE-B901-47EA-8835-E51D47F701E1}" = lport=1443 | protocol=17 | dir=in | name=sqlinudp |
    "{48545B7D-5DCF-4A78-B83A-4209E4D53DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4C918DA3-32B1-4249-B398-1F76E259C143}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{586300C4-A538-4FDF-B7CB-959651D01AC4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{58BF514D-1F1F-4125-B9BD-0F430B5597BD}" = rport=1443 | protocol=6 | dir=out | name=sqlouttcp |
    "{6360E92E-2244-427E-94C6-D1831369EA1A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6A191A98-A1DD-488B-9CE0-8096DADDEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{751B9EF5-E021-4854-A767-3B8747135101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{75268025-CF64-4AF8-95A8-B6A9C1005A37}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7C9BA7A8-E5E3-443D-BA08-4DFFD2B0D044}" = rport=445 | protocol=6 | dir=out | app=system |
    "{989A1DA3-7DFB-4090-9554-EDE950311224}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9B5959DC-A90F-4EF7-A7C0-DC085FA24B1C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A13382C6-FCC7-4619-865A-6809D242BBF3}" = lport=1443 | protocol=6 | dir=in | name=sqlintcp |
    "{A1857A5D-E56B-41AB-A244-A2D407E7A63E}" = rport=1443 | protocol=17 | dir=out | name=sqloutudp |
    "{B8521BC7-F673-4F49-8E6F-5B8E71D64ED8}" = rport=1701 | protocol=17 | dir=out | app=system |
    "{BDE245DC-14E4-4EE9-B051-534C883AF062}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
    "{BEAA6C17-8823-4B7A-98FE-5DB1C6D911E0}" = lport=1701 | protocol=17 | dir=in | app=system |
    "{E75496B6-48C7-4AFB-8B99-6550F0CE097F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{EA140D3C-CF12-445D-AAD9-58B27443950E}" = lport=3389 | protocol=6 | dir=in | app=system |
    "{EA9BD20B-576B-4296-A557-0396DFDCA2FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F96EB7A7-48FA-4484-939E-0EFA2D4B7B4C}" = lport=1723 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03ADDA16-FB1A-461A-8665-81E79ADB4017}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{174086CF-1ADB-451F-9F3B-DA35B18F03E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{251CCB8D-24CA-4064-B92B-B0BB48FF5290}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
    "{25F726C4-FC9C-48A7-BFB1-520EBF22CF16}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{2B896BEC-CBD1-4716-AFAE-EBDC851946A6}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{3802829D-29C6-4726-AE82-3956EE7CB73F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "{3CC5661D-503F-4C64-ACE8-002477060022}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{3D839594-43B8-4E9E-A3CF-8E0B79172FED}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{45A988FD-50F8-48DA-B0E0-77C5A4054122}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{45FDB2C9-55A9-4933-A752-2679BAAC9D78}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
    "{4DB7E5FE-55FC-46B9-BCC9-7136DC3B0467}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{561DFCFA-0142-4EF6-A66E-9006B74FD828}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{58D5CC98-1E8F-4AFD-B25B-3FE54A717A69}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{6350D8AB-DB70-4CFE-882F-0CF798FBED22}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{63F6CA4E-6141-49ED-B5D8-98AC945E09AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{749DB6F7-FD14-427F-ADD3-9DA1DF8AB52A}" = protocol=47 | dir=out | app=system |
    "{7D38753D-E463-4DCB-9689-8797E4A8503E}" = protocol=47 | dir=in | app=system |
    "{9B3CCFAC-5554-48AB-8503-8B49CE9D2E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{9E7613A8-303B-482B-848E-4663A69A005B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{A4E20EFC-089E-4563-85AF-D0FA6B70D27F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{BF7B6F67-4DE9-4C97-A736-7002F8EBF9DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BFC01BE3-91F8-4433-ADE4-C26146E340E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D4410F26-8CE4-452C-9E05-01624F9A5820}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{6639A1F8-7ADA-473E-BD3D-683F5CDE092A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{89441FAB-96C3-49CA-BB9B-8546AAF73D4C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{D84777C4-D208-4618-85B0-0F9E36152C44}C:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe |
    "UDP Query User{29CF61EF-9C92-42BD-A60E-1A02A5590D35}C:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe |
    "UDP Query User{698202D6-594A-4F2E-BB2A-35C1C9767449}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{7BFB57C6-36CE-409B-996D-87B3F65D23B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
    "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3B76DD2A-E834-4F32-A8EA-B29A0C128BA0}" = Dell ControlVault Host Components Installer 64 bit
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
    "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi Software
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
    "{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 SP1 Integration Services
    "{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
    "{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}" = Microsoft Sync Services for ADO.NET v2.0 (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
    "{8E29A06B-3189-4BB0-AF4D-00397DC3C4A5}" = SciTE Text Editor
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 SP1 Integration Services
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.83
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "HitmanPro36" = HitmanPro 3.6
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "ProInst" = Intel PROSet Wireless
    "PROSetDX" = Intel(R) Network Connections 16.5.2.0
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports Basic 2008 for SAP Business One
    "{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP2 - DATEV-FI Interface
    "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "{1525BCD6-E7E7-4F2F-BCF6-5692443898C7}" = ShoreTel Communicator
    "{1628A2E2-07CC-4995-B3E8-9ABE9F5189D9}" = SAP Business One Client Agent
    "{21154571-0542-425D-947B-E5180980AB94}" = SAP Business One Server Tools
    "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{411B1683-95B6-4AA2-BF6F-C72CB6BD3A77}" = SAP Business One Crystal Report Integration Package
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7338BAAF-E281-4F00-96DC-7136C3A80C9B}" = SAP Business One integration Server
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{77C0A13F-6916-4A47-B0F6-7BFF9AE43DD5}" = SAP Business One integration DIProxy
    "{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
    "{7BA03320-C23E-44EF-ABA2-79768FD277EC}" = SAP Business One 8.8 SP1 - Copy Express
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B5ED17CC-F74C-4F08-AC19-F84C50B9B32D}" = SAP Business One Screen Painter
    "{BCFBFA9D-4CFE-44ED-B2EF-9DE261B46F52}" = SAP Business One integration EventSender
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Report 2008 Runtime SP3
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D54E0121-A6C2-4DC2-A55E-7C92270A0802}" = DXB1
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
    "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Android SDK Tools" = Android SDK Tools
    "ASAP Utilities_is1" = ASAP Utilities
    "Belarc Advisor" = Belarc Advisor 8.2
    "Dell Webcam Central" = Dell Webcam Central
    "FileZilla Client" = FileZilla Client 3.5.3
    "IconPackager" = IconPackager
    "InstallShield_{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP2 - DATEV-FI Interface
    "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{21154571-0542-425D-947B-E5180980AB94}" = SAP Business One Server Tools
    "InstallShield_{411B1683-95B6-4AA2-BF6F-C72CB6BD3A77}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
    "InstallShield_{6FA3A5F0-5E8D-4257-BAF2-1501F3D76DC7}" = SAP Business One Crystal Report Integration Package
    "InstallShield_{7338BAAF-E281-4F00-96DC-7136C3A80C9B}" = SAP Business One integration Server
    "InstallShield_{77C0A13F-6916-4A47-B0F6-7BFF9AE43DD5}" = SAP Business One integration DIProxy
    "InstallShield_{7BA03320-C23E-44EF-ABA2-79768FD277EC}" = SAP Business One 8.8 SP1 - Copy Express
    "InstallShield_{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "InstallShield_{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
    "InstallShield_{BCFBFA9D-4CFE-44ED-B2EF-9DE261B46F52}" = SAP Business One integration EventSender
    "InstallShield_{D54E0121-A6C2-4DC2-A55E-7C92270A0802}" = SAP Business One Data Transfer Workbench
    "InstallShield_{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
    "InstallShield_{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Rainmeter" = Rainmeter
    "SAP Business One Screen Painter" = SAP Business One Screen Painter
    "STANDARD" = Microsoft Office Standard 2007
    "TeamViewer 7" = TeamViewer 7
    "Vision33 1D2V CRM Dashboard_is1" = Vision33 1D2V CRM Dashboard + 1.8.8.4
    "Vision33 1D2V Finance Charges_is1" = Vision33 1D2V Finance Charges + 1.8.8.2
    "VISPRO" = Microsoft Office Visio Professional 2007
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VMware_Player" = VMware Player
    "XobniMain" = Xobni

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/25/2012 11:56:06 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 5/25/2012 12:59:37 PM | Computer Name = garrison7.zedIT.com | Source = Application Error | ID = 1000
    Description = Faulting application name: SAPB1iEventSender.exe, version: 1.0.0.2,
    time stamp: 0x4f7206b1 Faulting module name: jvm.dll, version: 1.6.0.7, time stamp:
    0x4dcf44ca Exception code: 0xc0000005 Fault offset: 0x001f60f2 Faulting process id:
    0x204 Faulting application start time: 0x01cd3a96714fd76a Faulting application path:
    C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe
    Faulting
    module path: C:\Program Files (x86)\SAP\SAP Business One Integration\sapjre_6_32\jre\bin\server\jvm.dll
    Report
    Id: 022e4518-a68b-11e1-b1ea-005056c00008

    Error - 5/25/2012 7:48:50 PM | Computer Name = garrison7.zedIT.com | Source = Application Error | ID = 1000
    Description = Faulting application name: SAP Business One.exe, version: 8.82.67.0,
    time stamp: 0x4f721100 Faulting module name: ole32.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc24 Faulting
    process id: 0x2770 Faulting application start time: 0x01cd3ab117d456d5 Faulting application
    path: C:\Program Files (x86)\SAP\SAP Business One\SAP Business One.exe Faulting
    module path: C:\Windows\syswow64\ole32.dll Report Id: 2cae333c-a6c4-11e1-b1ea-005056c00008

    Error - 5/25/2012 8:38:19 PM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
    Description =

    Error - 5/25/2012 8:39:58 PM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 5/26/2012 12:28:30 AM | Computer Name = garrison7.zedIT.com | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 5/29/2012 11:21:59 AM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
    Description =

    Error - 5/29/2012 11:23:38 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 5/30/2012 9:57:35 AM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
    Description =

    Error - 5/30/2012 9:58:28 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    [ System Events ]
    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The Netlogon service depends on the Workstation service which failed
    to start because of the following error: %%1068

    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The IP Helper service depends on the Network Store Interface Service
    service which failed to start because of the following error: %%1068

    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
    Buffering Sub Sysytem service which failed to start because of the following error:
    %%31

    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
    Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
    Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness service depends on the Network Store
    Interface Service service which failed to start because of the following error:
    %%1068

    Error - 6/21/2012 6:29:00 PM | Computer Name = garrison7.zedIT.com | Source = DCOM | ID = 10005
    Description =

    Error - 6/21/2012 6:29:00 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt
    Wanarpv6
    WfpLwf
    ws2ifsl

    Error - 6/21/2012 6:29:08 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7023
    Description = The Windows Modules Installer service terminated with the following
    error: %%16405

    Error - 6/21/2012 6:31:26 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    You didn't say:
    [​IMG]

    ===========================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
      O15 - HKCU\..Trusted Domains: garrison7 ([]https in Trusted sites)
      O15 - HKCU\..Trusted Domains: zedit.com ([zedworld] https in Trusted sites)
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
      [2012/06/21 11:20:39 | 000,000,681 | -H-- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garrison7\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zedit.com\zedworld\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: dean.garrison
    ->Temp folder emptied: 25858101 bytes
    ->Temporary Internet Files folder emptied: 71382904 bytes
    ->Java cache emptied: 353581 bytes
    ->Flash cache emptied: 121707 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: michael.tava
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 220111 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95897 bytes
    RecycleBin emptied: 13229 bytes

    Total Files Cleaned = 94.00 mb


    [EMPTYJAVA]

    User: All Users

    User: dean.garrison
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: michael.tava
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: dean.garrison
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: michael.tava

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06252012_184320
    Files\Folders moved on Reboot...
    C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
    C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-6368.log moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\1044 not found!
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\5192 not found!
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\5348 not found!
    PendingFileRenameOperations files...
    File C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/06/25 18:47:32 | 000,003,602 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
    File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-6368.log not found!
    File C:\Windows\temp\hsperfdata_garrison7$\1044 not found!
    File C:\Windows\temp\hsperfdata_garrison7$\5192 not found!
    File C:\Windows\temp\hsperfdata_garrison7$\5348 not found!
    Registry entries deleted on Reboot...
  17. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 7 Update 1
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
  18. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by dean.garrison (administrator) on 25-06-2012 at 18:54:37
    Running from "C:\Users\dean.garrison\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  19. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\21.06.2012_14.21.03\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
  20. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    the computer seems to be running fine...
    I did get my ALL Programs back via a post I found!

    I am also going to use MS Essentials when we are done here. I am not a fan of Symantec crap...the last computer I posted for help here ran the same thing...my home PCs run MS Essentials and no issues..

    //DEAN
  21. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  22. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: dean.garrison
    ->Temp folder emptied: 7104793 bytes
    ->Temporary Internet Files folder emptied: 45958948 bytes
    ->Java cache emptied: 103886 bytes
    ->Flash cache emptied: 4615 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: michael.tava
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 1061878 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 312458 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
    RecycleBin emptied: 4216 bytes

    Total Files Cleaned = 52.00 mb


    [EMPTYFLASH]

    User: All Users

    User: dean.garrison
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: michael.tava

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: dean.garrison
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: michael.tava
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.0 log created on 06282012_124321
    Files\Folders moved on Reboot...
    File\Folder C:\Users\dean.garrison\AppData\Local\Temp\hsperfdata_dean.garrison\5464 not found!
    C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\dean.garrison\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[1].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[2].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\ms[1].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6ZTIEO4\read[1].htm not found!
    C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\default[1].htm moved successfully.
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[1].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[2].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[3].htm not found!
    C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\home3[1].htm moved successfully.
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUE70VOH\clkurl=;ord=1990616673[1].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91CUHQAU\clkurl=;ord=1990616673[1].htm not found!
    File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NQEMYF7\impsc[1].htm not found!
    C:\Windows\temp\vmware-SYSTEM\vmauthd.log moved successfully.
    C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4780.log moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\4696 not found!
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\6120 not found!
    File\Folder C:\Windows\temp\hsperfdata_garrison7$\8512 not found!
    PendingFileRenameOperations files...
    File C:\Users\dean.garrison\AppData\Local\Temp\hsperfdata_dean.garrison\5464 not found!
    File C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\dean.garrison\AppData\Local\Temp\FXSTIFFDebugLogFile.txt not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[2].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\ms[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6ZTIEO4\read[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\default[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[2].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[3].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\home3[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUE70VOH\clkurl=;ord=1990616673[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91CUHQAU\clkurl=;ord=1990616673[1].htm not found!
    File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NQEMYF7\impsc[1].htm not found!
    File C:\Windows\temp\vmware-SYSTEM\vmauthd.log not found!
    File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4780.log not found!
    File C:\Windows\temp\hsperfdata_garrison7$\4696 not found!
    File C:\Windows\temp\hsperfdata_garrison7$\6120 not found!
    File C:\Windows\temp\hsperfdata_garrison7$\8512 not found!
    Registry entries deleted on Reboot...
  23. Broni

    Broni Malware Annihilator Posts: 46,765   +254

  24. DGARR1

    DGARR1 TS Rookie Topic Starter Posts: 30

    It is doing great Thanks!
  25. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.