Solved SMART recovery/HDD rogue

DGARR1 · Jun 21, 2012

Happened today system reported a HDD failure then Low and Behold SMART Recovery was there to help....HaHa...I knew it was bad news after a few steps (below0 and came right too you guys...HELP!

No programs listed Under 'All Programs'...I did unhide files so I can see they are still there and run the .exe(s)

Booting to safe mode causes a restart to normal login
Windows Repair hangs at loding files
Windows Restore Hangs at Initializing

Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.21.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dean.garrison :: GARRISON7 [administrator]
Protection: Disabled
6/21/2012 3:55:27 PM
mbam-log-2012-06-21 (15-55-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250633
Time elapsed: 5 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER log

NONE

DDS DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dean.garrison at 16:30:29 on 2012-06-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5522 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://zedworld.zeditsolutions.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX
\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [<NO NAME>]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: DefaultLogonDomain = zedIT
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: garrison7
Trusted Zone: zedit.com\zedworld
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.113.22 209.218.76.2
TCP: Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9}\65963796F6E63333 : DhcpNameServer = 192.168.113.22 209.218.76.2
TCP: Interfaces\{CD2094C8-9C58-4E71-B30D-D56425AD36F7} : DhcpNameServer = 192.168.113.22 209.218.76.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop
\IconPackager\iprepair.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [(Default)]
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop
\IconPackager\iprepair.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS
\stdcfltn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-
17 210784]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting
Services\ReportServer\bin\ReportingServicesService.exe [2010-4-3 2175328]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS
\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows
\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
[2012-6-1 138912]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS
\HECIx64.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server
\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS
\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows
\system32\drivers\nvhda64v.sys [?]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS
\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS
\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS
\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS
\lgandmodem64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys
[?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[2012-5-1 253088]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-19 89600]
S4 B1LicenseService;SAP Business One License Manager;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License
\B1License.exe [2012-3-27 3887104]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH
Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
S4 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host
Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
S4 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24
2279320]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows
\system32\IProsetMonitor.exe [?]
S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT
\jhi_service.exe [2011-2-23 212944]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-21 654408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe
[2010-4-3 59744]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-19
1997416]
S4 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-2-19 8192]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010
-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
[2010-11-25 219632]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
S4 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;C:\Program Files (x86)\SAP\Remote support platform for
SAP Business One\Service\BIN\AgentService.exe [2011-8-17 12800]
S4 SAPB1iDIProxy;SAP Business One DI Proxy Service;C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy
\SAPB1iDIProxy.exe [2012-5-24 249856]
S4 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;C:\Program Files (x86)\SAP\SAP Business One Integration
\DIProxy\SAPB1iDIProxy_Monitor.exe [2012-5-24 249856]
S4 SAPB1iEventSender;SAP Business One EventSender Service;C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender
\SAPB1iEventSender.exe [2012-5-24 249856]
S4 SBOBackUp;SAP Business One BackUp Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-3
-27 241664]
S4 SBOClientAgent;SAP Business One Client Agent;C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe [2012
-3-27 61440]
S4 SBODI_Server;SAP Business One DI Server;C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
[2012-3-27 733184]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
[2011-6-5 378472]
S4 SvcNEWTScanner;NEWTScanner Service;C:\Windows\SysWOW64\NEWTScannerSvc.exe [2012-6-20 78576]
S4 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
[2009-5-12 2440632]
S4 TAO_NT_Naming_Service;TAO NT Naming Service;C:\Program Files (x86)\SAP\SAP Business One ServerTools\License
\NT_Naming_Service.exe [2012-3-27 1388544]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]
S4 Tomcat6;SAP Business One Integration Service;C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin
\tomcat6.exe [2012-5-24 78336]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management
Engine Components\UNS\UNS.exe [2012-2-19 2656536]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
[2011-8-29 846448]
S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access
\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
S4 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-1-19 62184]
S4 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
.
=============== Created Last 30 ================
.
2012-06-21 22:53:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-
422C-AF4A-5090183FE82F}\offreg.dll
2012-06-21 21:22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 20:26:25 -------- d-----w- C:\Users\dean.garrison\AppData\Roaming\Malwarebytes
2012-06-21 20:26:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-21 20:26:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 20:08:16 -------- d-----w- C:\Program Files\HitmanPro
2012-06-21 20:08:12 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-21 19:47:47 -------- d-sh--w- C:\found.000
2012-06-21 18:20:25 253688 ---ha-w- C:\ProgramData\M8bNpuGd8Z7Nvx.exe
2012-06-21 17:40:38 344824 ---ha-w- C:\ProgramData\kGACsYrmPjUu.exe
2012-06-20 18:49:30 1784736 ---ha-w- C:\Windows\SysWow64\NEWT.dll
2012-06-20 18:48:59 269728 ---ha-w- C:\Windows\SysWow64\NEWTScan.exe
2012-06-20 18:48:55 82672 ---ha-w- C:\Windows\SysWow64\NEWTScannerCOM.exe
2012-06-20 18:48:52 78576 ---ha-w- C:\Windows\SysWow64\NEWTScannerSvc.exe
2012-06-19 15:05:00 9013136 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-
422C-AF4A-5090183FE82F}\mpengine.dll
2012-06-18 22:31:14 -------- d--h--w- C:\Program Files (x86)\Vision33 1D2V CRM Dashboard
2012-06-14 06:12:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 06:12:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 06:12:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 06:11:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 06:11:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 06:11:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 06:11:54 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 06:11:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-08 17:45:57 -------- d--h--w- C:\Users\dean.garrison\AppData\Roaming\SAP
2012-05-24 19:02:39 77824 ---ha-w- C:\Windows\SysWow64\LoadDotNetAssembly.dll
2012-05-24 19:02:39 13312 ---ha-w- C:\Windows\SysWow64\LoadDotNetAssembly.netmodule
2012-05-24 19:00:49 69632 ---ha-w- C:\Windows\SysWow64\B1iUtilitiesNative.dll
2012-05-24 16:21:38 -------- d--h--w- C:\Windows\SysWow64\BestPractices
2012-05-24 16:21:35 -------- d-----w- C:\Windows\System32\BestPractices
2012-05-24 16:04:06 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\ElevatedDiagnostics
2012-05-23 17:57:13 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\IsolatedStorage
2012-05-23 16:37:59 -------- d--h--w- C:\Users\dean.garrison\AppData\Local\assembly
.
==================== Find3M ====================
.
2012-05-24 19:01:26 86016 ---ha-w- C:\Windows\SysWow64\B1iTranslatorNative.dll
2012-05-24 19:01:25 61440 ----a-w- C:\Windows\System32\B1iUtilitiesNative64.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-01 16:04:45 70304 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 16:04:45 418464 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-18 23:30:15 89088 ----a-w- C:\Windows\System32\explorer.exe
2012-04-16 21:37:28 60304 ---ha-w- C:\Users\dean.garrison\g2mdlhlpx.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-28 20:28:03 834560 ----a-w- C:\Windows\System32\RpcTspUI.dll
2012-03-28 20:28:03 81408 ----a-w- C:\Windows\System32\CPHelper.dll
2012-03-28 20:28:03 718848 ----a-w- C:\Windows\System32\RpcTspX.tsp
2012-03-28 20:28:03 36864 ----a-w- C:\Windows\System32\TMSRegLib.dll
2012-03-28 20:28:03 261120 ----a-w- C:\Windows\System32\TAPIConverterX.dll
2012-03-28 20:28:03 195072 ----a-w- C:\Windows\System32\Reglib.dll
2012-03-28 20:28:03 144896 ----a-w- C:\Windows\System32\loglib.dll
2012-03-28 20:28:03 115200 ----a-w- C:\Windows\System32\STLogin.dll
2012-03-28 20:28:03 105984 ----a-w- C:\Windows\System32\STCLogin.exe
2012-03-28 19:03:13 172080 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-28 03:30:24 91648 ----a-w- C:\Windows\System32\LoadDotNetAssembly.dll
2012-03-28 03:30:24 13312 ----a-w- C:\Windows\System32\LoadDotNetAssembly.netmodule
2012-03-28 03:10:20 101888 ---ha-r- C:\Windows\SysWow64\VB6STKIT.DLL
.
============= FINISH: 16:30:49.27 ===============

DDS Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/27/2012 2:05:37 PM
System Uptime: 6/21/2012 3:49:40 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 032T9K
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz | CPU 1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 226.722 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 1863 GiB total, 1769.156 GiB free.
M: is NetworkDisk (NTFS) - 49 GiB total, 29.015 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP86: 6/12/2012 9:01:44 AM - Windows Update
RP87: 6/14/2012 3:00:25 AM - Windows Update
RP88: 6/19/2012 8:04:28 AM - Windows Update
RP89: 6/21/2012 11:39:55 AM - Windows Defender Checkpoint
RP90: 6/21/2012 12:12:40 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 3 (SP3)
AccelerometerP11
Adobe Reader X (10.1.3)
Android SDK Tools
ASAP Utilities
Belarc Advisor 8.2
Crystal Report 2008 Runtime SP3
Crystal Reports Basic 2008 for SAP Business One
CyberLink PowerDVD 9.5
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Webcam Central
DirectX 9 Runtime
DXB1
FileZilla Client 3.5.3
GoToMeeting 5.1.0.880
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IconPackager
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 7 Update 1
Jing
LG United Mobile Driver
LiveUpdate 3.3 (Symantec Corporation)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft_VC90_CRT_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Stereoscopic 3D Driver
O2Micro Flash Memory Card Windows Driver
PDFCreator
PhotoShowExpress
Rainmeter
Remote Support Platform for SAP Business One
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
SAP Business One - Microsoft Outlook Integration Server Installer
SAP Business One 8.8 SP1 - Copy Express
SAP Business One 8.8 SP2 - DATEV-FI Interface
SAP Business One Client
SAP Business One Client Agent
SAP Business One Crystal Report Integration Package
SAP Business One Data Transfer Workbench
SAP Business One DI API
SAP Business One integration DIProxy
SAP Business One integration EventSender
SAP Business One integration Server
SAP Business One Screen Painter
SAP Business One Server
SAP Business One Server Tools
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
ShoreTel Communicator
Skype™ 5.9
Sonic CinePlayer Decoder Pack
TeamViewer 7
tools-windows
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vision33 1D2V CRM Dashboard + 1.8.8.4
Vision33 1D2V Finance Charges + 1.8.8.2
Visual Studio Tools for the Office system 3.0 Runtime
VMware Player
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 3:35:05 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the
following error: The media is write protected.
6/21/2012 3:34:26 PM, Error: NetBT [4321] - The name "ZEDIT :1d" could not be registered on the interface
with IP address 192.168.113.143. The computer with the IP address 192.168.113.9 did not allow the name to be claimed
by this computer.
6/21/2012 3:31:26 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM
Base Services service which failed to start because of the following error: The operation completed successfully.
6/21/2012 3:29:08 PM, Error: Service Control Manager [7023] -
6/21/2012 3:29:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)
failed to load: AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt
Wanarpv6 WfpLwf ws2ifsl
6/21/2012 3:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store
Interface Service service which failed to start because of the following error: The dependency service or group
failed to start.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service
depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A
device attached to the system is not functioning.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB
MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency
service or group failed to start.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB
MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency
service or group failed to start.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the
Network Store Interface Service service which failed to start because of the following error: The dependency service
or group failed to start.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service
which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 3:28:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store
Interface Service service which failed to start because of the following error: The dependency service or group
failed to start.
6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the
Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached
to the system is not functioning.
6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on
the NSI proxy service driver. service which failed to start because of the following error: A device attached to the
system is not functioning.
6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The Intel(R) PROSet/Wireless ZeroConfig Service service
depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service
or group failed to start.
6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI
Support Driver service which failed to start because of the following error: A device attached to the system is not
functioning.
6/21/2012 3:28:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary
Function Driver for Winsock service which failed to start because of the following error: A device attached to the
system is not functioning.
6/21/2012 3:17:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/21/2012 3:15:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server
service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 3:06:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 3:06:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 3:06:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 3:06:40 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to
start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
6/21/2012 3:06:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 3:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/21/2012 3:06:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)
failed to load: discache eeCtrl spldr SRTSP SRTSPX Wanarpv6
6/21/2012 3:06:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
6/21/2012 2:44:05 PM, Error: Service Control Manager [7041] - The nvUpdatusService service was unable to log on as .
\UpdatusUser with the currently configured password due to the following error: Logon failure: the user has not been
granted the requested logon type at this computer. Service: nvUpdatusService Domain and account: .\UpdatusUser
This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a
service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this
computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in
the cluster. If you have already assigned this user right to the service account, and the user right appears to be
removed, check with your domain administrator to find out if a Group Policy object associated with this node might be
removing the right.
6/21/2012 2:44:05 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to
start due to the following error: The service did not start due to a logon failure.
6/21/2012 2:44:04 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector
service which failed to start because of the following error: The system cannot find the file specified.
6/21/2012 2:44:04 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the
following error: The system cannot find the file specified.
6/21/2012 2:12:11 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows
could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on
the current domain controller. b) Active Directory Replication Latency (an account created on another domain
controller has not replicated to the current domain controller).
6/21/2012 2:11:44 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows
could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure
on the current domain controller. b) Active Directory Replication Latency (an account created on another domain
controller has not replicated to the current domain controller).
6/21/2012 2:11:36 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event
Log service which failed to start because of the following error: The service cannot be started, either because it is
disabled or because it has no enabled devices associated with it.
6/20/2012 2:07:42 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
terminated unexpectedly. It has done this 1 time(s).
6/19/2012 9:24:05 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of
lack of network connectivity to a domain controller. This may be a transient condition. A success message would be
generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you
do not see a success message for several hours, then contact your administrator.
6/19/2012 7:56:37 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server
cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured:
The specified domain either does not exist or could not be contacted. .
6/19/2012 7:50:55 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain
controller in domain ZEDIT due to the following: There are currently no logon servers available to service the logon
request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the
problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/15/2012 9:19:08 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
terminated unexpectedly. It has done this 2 time(s).
6/15/2012 11:19:29 PM, Error: Service Control Manager [7034] - The SAP Business One DI Proxy Service service
terminated unexpectedly. It has done this 3 time(s).
6/14/2012 3:28:41 AM, Error: Service Control Manager [7031] - The SAP Business One Integration Service service
terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.
6/14/2012 12:40:00 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows
could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your
Domain Name System (DNS) is configured and working correctly.
6/14/2012 10:53:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while
waiting for the SAP Business One DI Server service to connect.
6/14/2012 10:53:32 PM, Error: Service Control Manager [7000] - The SAP Business One DI Server service failed to start
due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Jun 21, 2012

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

First of all you've been to this forum before so you should know very well that running any computer without an active AV program is a big NO-NO.
Secondly it's a very first step in our preliminaries to install some AV program if you don't have one.
You didn't comply because?

Is it same computer as here: https://www.techspot.com/community/topics/ie-browser-links-result-in-random-redirects.179501/ ?

DGARR1 · Jun 22, 2012

Broni said:
Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

First of all you've been to this forum before so you should know very well that running any computer without an active AV program is a big NO-NO.
Secondly it's a very first step in our preliminaries to install some AV program if you don't have one.
You didn't comply because?

Is it same computer as here: https://www.techspot.com/community/topics/ie-browser-links-result-in-random-redirects.179501/ ?

I have to appologize...1st it is not the same computer, second I did a clean boot, (using msconfig) to only start windows services so my AV was not on (Norton 360)....also thinking about it it might have skewed the results I posted.....:-(

//Dean

Broni · Jun 22, 2012

Reboot computer normally (not clean boot).

Disable "word wrap" in Notepad as some logs are harder to read.

============================================================

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

=======================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

DGARR1 · Jun 22, 2012

sorry not Norton 360 Symantec Endpoint and it is going crazy now.....Here are the logs

//DEAN

BootKit Remover:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`d5800000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

aswMBR Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 21:47:48
-----------------------------
21:47:48.868 OS Version: Windows x64 6.1.7601 Service Pack 1
21:47:48.868 Number of processors: 8 586 0x2A07
21:47:48.870 ComputerName: GARRISON7 UserName:
21:48:01.645 Initialize success
21:48:07.358 AVAST engine defs: 12062101
21:48:30.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:30.226 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 8
21:48:30.245 Disk 0 MBR read successfully
21:48:30.251 Disk 0 MBR scan
21:48:30.263 Disk 0 Windows 7 default MBR code
21:48:30.270 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:48:30.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11568 MB offset 81920
21:48:30.309 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465322 MB offset 23773184
21:48:30.350 Disk 0 scanning C:\Windows\system32\drivers
21:48:44.164 Service scanning
21:49:18.606 Modules scanning
21:49:18.623 Disk 0 trace - called modules:
21:49:18.651 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:49:18.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009607790]
21:49:18.676 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800951ecb0]
21:49:18.686 5 stdcfltn.sys[fffff88001b40d12] -> nt!IofCallDriver -> [0xfffffa80077a04c0]
21:49:18.692 7 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077a5050]
21:49:32.654 AVAST engine scan C:\Windows
21:49:45.452 AVAST engine scan C:\Windows\system32
21:55:09.453 AVAST engine scan C:\Windows\system32\drivers
21:55:25.705 AVAST engine scan C:\Users\dean.garrison
22:05:52.121 AVAST engine scan C:\ProgramData
22:06:36.018 Scan finished successfully
22:08:42.719 Disk 0 MBR has been saved successfully to "C:\Users\dean.garrison\Desktop\Virus Fix\MBR.dat"
22:08:42.723 The log file has been saved successfully to "C:\Users\dean.garrison\Desktop\Virus Fix\aswMBR.txt"

Broni · Jun 22, 2012

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

DGARR1 · Jun 22, 2012

16:12:12.0332 9112 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

16:12:12.0884 9112 ============================================================

16:12:12.0884 9112 Current date / time: 2012/06/22 16:12:12.0884

16:12:12.0884 9112 SystemInfo:

16:12:12.0884 9112

16:12:12.0884 9112 OS Version: 6.1.7601 ServicePack: 1.0

16:12:12.0884 9112 Product type: Workstation

16:12:12.0884 9112 ComputerName: GARRISON7

16:12:12.0885 9112 UserName: dean.garrison

16:12:12.0885 9112 Windows directory: C:\Windows

16:12:12.0885 9112 System windows directory: C:\Windows

16:12:12.0885 9112 Running under WOW64

16:12:12.0885 9112 Processor architecture: Intel x64

16:12:12.0885 9112 Number of processors: 8

16:12:12.0885 9112 Page size: 0x1000

16:12:12.0885 9112 Boot type: Normal boot

16:12:12.0885 9112 ============================================================

16:12:13.0525 9112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:12:13.0548 9112 ============================================================

16:12:13.0548 9112 \Device\Harddisk0\DR0:

16:12:13.0548 9112 MBR partitions:

16:12:13.0548 9112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1698000

16:12:13.0548 9112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16AC000, BlocksNum 0x38CD5030

16:12:13.0548 9112 ============================================================

16:12:13.0572 9112 C: <-> \Device\Harddisk0\DR0\Partition1

16:12:13.0572 9112 ============================================================

16:12:13.0572 9112 Initialize success

16:12:13.0572 9112 ============================================================

16:12:15.0781 6028 ============================================================

16:12:15.0781 6028 Scan started

16:12:15.0781 6028 Mode: Manual;

16:12:15.0781 6028 ============================================================

16:12:16.0118 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:12:16.0140 6028 1394ohci - ok

16:12:16.0168 6028 Acceler (1575a815c27789061f34b4f55ae0b5c3) C:\Windows\system32\DRIVERS\accelern.sys

16:12:16.0169 6028 Acceler - ok

16:12:16.0202 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:12:16.0210 6028 ACPI - ok

16:12:16.0223 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:12:16.0232 6028 AcpiPmi - ok

16:12:16.0340 6028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:12:16.0341 6028 AdobeARMservice - ok

16:12:16.0478 6028 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:12:16.0485 6028 AdobeFlashPlayerUpdateSvc - ok

16:12:16.0529 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

16:12:16.0574 6028 adp94xx - ok

16:12:16.0631 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

16:12:16.0660 6028 adpahci - ok

16:12:16.0694 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

16:12:16.0711 6028 adpu320 - ok

16:12:16.0734 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

16:12:16.0736 6028 AeLookupSvc - ok

16:12:16.0795 6028 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

16:12:16.0797 6028 AESTFilters - ok

16:12:16.0860 6028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

16:12:16.0883 6028 AFD - ok

16:12:16.0919 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:12:16.0938 6028 agp440 - ok

16:12:16.0958 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

16:12:16.0960 6028 ALG - ok

16:12:16.0975 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:12:16.0987 6028 aliide - ok

16:12:16.0997 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:12:17.0018 6028 amdide - ok

16:12:17.0044 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

16:12:17.0060 6028 AmdK8 - ok

16:12:17.0073 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

16:12:17.0079 6028 AmdPPM - ok

16:12:17.0097 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:12:17.0117 6028 amdsata - ok

16:12:17.0150 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

16:12:17.0181 6028 amdsbs - ok

16:12:17.0200 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:12:17.0200 6028 amdxata - ok

16:12:17.0295 6028 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\Windows\system32\DRIVERS\lgandbus64.sys

16:12:17.0311 6028 Andbus - ok

16:12:17.0355 6028 AndDiag (6487376cbbf73c7f72ba4f48162c7501) C:\Windows\system32\DRIVERS\lganddiag64.sys

16:12:17.0374 6028 AndDiag - ok

16:12:17.0391 6028 AndGps (31c0b1139f5c893084c15b2436c9acd5) C:\Windows\system32\DRIVERS\lgandgps64.sys

16:12:17.0408 6028 AndGps - ok

16:12:17.0424 6028 ANDModem (3927a2b72fcbcd05b38ae3a6f69203eb) C:\Windows\system32\DRIVERS\lgandmodem64.sys

16:12:17.0441 6028 ANDModem - ok

16:12:17.0465 6028 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys

16:12:17.0471 6028 androidusb - ok

16:12:17.0526 6028 ApfiltrService (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys

16:12:17.0532 6028 ApfiltrService - ok

16:12:17.0628 6028 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

16:12:17.0632 6028 AppHostSvc - ok

16:12:17.0676 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:12:17.0694 6028 AppID - ok

16:12:17.0734 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

16:12:17.0737 6028 AppIDSvc - ok

16:12:17.0775 6028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

16:12:17.0779 6028 Appinfo - ok

16:12:17.0822 6028 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

16:12:17.0829 6028 AppMgmt - ok

16:12:17.0859 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

16:12:17.0879 6028 arc - ok

16:12:17.0898 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

16:12:17.0913 6028 arcsas - ok

16:12:18.0010 6028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:12:18.0058 6028 aspnet_state - ok

16:12:18.0079 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:12:18.0084 6028 AsyncMac - ok

16:12:18.0111 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:12:18.0117 6028 atapi - ok

16:12:18.0185 6028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:12:18.0205 6028 AudioEndpointBuilder - ok

16:12:18.0217 6028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:12:18.0225 6028 AudioSrv - ok

16:12:18.0283 6028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

16:12:18.0287 6028 AxInstSV - ok

16:12:18.0345 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

16:12:18.0389 6028 b06bdrv - ok

16:12:18.0633 6028 B1LicenseService (32d4d66d38bca36ad30371ea78dd39ea) C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe

16:12:18.0761 6028 B1LicenseService - ok

16:12:18.0864 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:12:18.0907 6028 b57nd60a - ok

16:12:18.0951 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

16:12:18.0955 6028 BDESVC - ok

16:12:18.0973 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:12:18.0976 6028 Beep - ok

16:12:19.0057 6028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

16:12:19.0082 6028 BFE - ok

16:12:19.0160 6028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

16:12:19.0184 6028 BITS - ok

16:12:19.0236 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:12:19.0248 6028 blbdrive - ok

16:12:19.0294 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:12:19.0298 6028 bowser - ok

16:12:19.0315 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

16:12:19.0329 6028 BrFiltLo - ok

16:12:19.0334 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

16:12:19.0345 6028 BrFiltUp - ok

16:12:19.0377 6028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

16:12:19.0382 6028 Browser - ok

16:12:19.0414 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:12:19.0441 6028 Brserid - ok

16:12:19.0451 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:12:19.0468 6028 BrSerWdm - ok

16:12:19.0473 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:12:19.0478 6028 BrUsbMdm - ok

16:12:19.0483 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:12:19.0488 6028 BrUsbSer - ok

16:12:19.0499 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

16:12:19.0505 6028 BTHMODEM - ok

16:12:19.0537 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

16:12:19.0541 6028 bthserv - ok

16:12:19.0655 6028 ccEvtMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

16:12:19.0657 6028 ccEvtMgr - ok

16:12:19.0674 6028 ccSetMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

16:12:19.0676 6028 ccSetMgr - ok

16:12:19.0711 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:12:19.0717 6028 cdfs - ok

16:12:19.0740 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

16:12:19.0747 6028 cdrom - ok

16:12:19.0782 6028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:12:19.0786 6028 CertPropSvc - ok

16:12:19.0799 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

16:12:19.0815 6028 circlass - ok

16:12:19.0856 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:12:19.0865 6028 CLFS - ok

16:12:19.0937 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:12:19.0985 6028 clr_optimization_v2.0.50727_32 - ok

16:12:20.0041 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:12:20.0061 6028 clr_optimization_v2.0.50727_64 - ok

16:12:20.0113 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:12:20.0118 6028 clr_optimization_v4.0.30319_32 - ok

16:12:20.0151 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:12:20.0156 6028 clr_optimization_v4.0.30319_64 - ok

16:12:20.0193 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:12:20.0195 6028 CmBatt - ok

16:12:20.0211 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:12:20.0228 6028 cmdide - ok

16:12:20.0280 6028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

16:12:20.0301 6028 CNG - ok

16:12:20.0324 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:12:20.0325 6028 Compbatt - ok

16:12:20.0353 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:12:20.0356 6028 CompositeBus - ok

16:12:20.0371 6028 COMSysApp - ok

16:12:20.0393 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

16:12:20.0411 6028 crcdisk - ok

16:12:20.0502 6028 Credential Vault Host Control Service (d8e4f20bd26d8dca4cb67a796d7eec84) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

16:12:20.0533 6028 Credential Vault Host Control Service - ok

16:12:20.0548 6028 Credential Vault Host Storage (ec31c9a4d1059e599dd1dbb50b84f278) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

16:12:20.0551 6028 Credential Vault Host Storage - ok

16:12:20.0578 6028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

16:12:20.0584 6028 CryptSvc - ok

16:12:20.0640 6028 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

16:12:20.0660 6028 CSC - ok

16:12:20.0705 6028 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

16:12:20.0732 6028 CscService - ok

16:12:20.0763 6028 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys

16:12:20.0769 6028 CtClsFlt - ok

16:12:20.0795 6028 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

16:12:20.0796 6028 CVirtA - ok

16:12:20.0960 6028 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

16:12:20.0994 6028 CVPND - ok

16:12:21.0082 6028 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

16:12:21.0087 6028 CVPNDRVA - ok

16:12:21.0160 6028 cvusbdrv (afd403048b1753eb4225ca476f663350) C:\Windows\system32\Drivers\cvusbdrv.sys

16:12:21.0161 6028 cvusbdrv - ok

16:12:21.0212 6028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:12:21.0235 6028 DcomLaunch - ok

16:12:21.0287 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

16:12:21.0296 6028 defragsvc - ok

16:12:21.0448 6028 DFEPService (b85201f1aae97cd58fde0db18120f924) c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

16:12:21.0513 6028 DFEPService - ok

16:12:21.0654 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:12:21.0657 6028 DfsC - ok

16:12:21.0700 6028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

16:12:21.0716 6028 Dhcp - ok

16:12:21.0737 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:12:21.0739 6028 discache - ok

16:12:21.0775 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

16:12:21.0779 6028 Disk - ok

16:12:21.0806 6028 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

16:12:21.0824 6028 dmvsc - ok

16:12:21.0852 6028 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

16:12:21.0855 6028 DNE - ok

16:12:21.0888 6028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

16:12:21.0895 6028 Dnscache - ok

16:12:21.0934 6028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

16:12:21.0942 6028 dot3svc - ok

16:12:21.0964 6028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

16:12:21.0971 6028 DPS - ok

16:12:21.0993 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:12:22.0007 6028 drmkaud - ok

16:12:22.0082 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:12:22.0086 6028 DXGKrnl - ok

16:12:22.0125 6028 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys

16:12:22.0127 6028 e1cexpress - ok

16:12:22.0143 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

16:12:22.0145 6028 EapHost - ok

16:12:22.0291 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

16:12:22.0432 6028 ebdrv - ok

16:12:22.0544 6028 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:12:22.0551 6028 eeCtrl - ok

16:12:22.0620 6028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

16:12:22.0623 6028 EFS - ok

16:12:22.0695 6028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

16:12:22.0719 6028 ehRecvr - ok

16:12:22.0750 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

16:12:22.0754 6028 ehSched - ok

16:12:22.0824 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

16:12:22.0882 6028 elxstor - ok

16:12:23.0015 6028 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:12:23.0018 6028 EraserUtilRebootDrv - ok

16:12:23.0024 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:12:23.0039 6028 ErrDev - ok

16:12:23.0082 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

16:12:23.0097 6028 EventSystem - ok

16:12:23.0242 6028 EvtEng (5c08b9a2baaec1f33c2d50fd166deebb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

16:12:23.0296 6028 EvtEng - ok

16:12:23.0450 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:12:23.0474 6028 exfat - ok

16:12:23.0496 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:12:23.0503 6028 fastfat - ok

16:12:23.0568 6028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

16:12:23.0592 6028 Fax - ok

16:12:23.0602 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

16:12:23.0618 6028 fdc - ok

16:12:23.0637 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

16:12:23.0640 6028 fdPHost - ok

16:12:23.0650 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

16:12:23.0651 6028 FDResPub - ok

16:12:23.0663 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:12:23.0666 6028 FileInfo - ok

16:12:23.0676 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:12:23.0679 6028 Filetrace - ok

16:12:23.0686 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

16:12:23.0702 6028 flpydisk - ok

16:12:23.0720 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:12:23.0724 6028 FltMgr - ok

16:12:23.0787 6028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

16:12:23.0817 6028 FontCache - ok

16:12:23.0877 6028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:12:23.0898 6028 FontCache3.0.0.0 - ok

16:12:23.0943 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:12:23.0947 6028 FsDepends - ok

16:12:23.0979 6028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

16:12:23.0981 6028 Fs_Rec - ok

16:12:24.0016 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:12:24.0023 6028 fvevol - ok

16:12:24.0043 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

16:12:24.0062 6028 gagp30kx - ok

16:12:24.0124 6028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

16:12:24.0143 6028 gpsvc - ok

16:12:24.0206 6028 HBtnKey (0e485f2c759f155170da9f35354034e9) C:\Windows\system32\drivers\HBtnKey.sys

16:12:24.0223 6028 HBtnKey - ok

16:12:24.0258 6028 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

16:12:24.0259 6028 hcmon - ok

16:12:24.0276 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:12:24.0282 6028 hcw85cir - ok

16:12:24.0307 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:12:24.0311 6028 HDAudBus - ok

16:12:24.0319 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

16:12:24.0333 6028 HidBatt - ok

16:12:24.0348 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

16:12:24.0355 6028 HidBth - ok

16:12:24.0359 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

16:12:24.0370 6028 HidIr - ok

16:12:24.0392 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

16:12:24.0396 6028 hidserv - ok

16:12:24.0424 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

16:12:24.0439 6028 HidUsb - ok

16:12:24.0477 6028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

16:12:24.0482 6028 hkmsvc - ok

16:12:24.0504 6028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

16:12:24.0513 6028 HomeGroupListener - ok

16:12:24.0544 6028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

16:12:24.0551 6028 HomeGroupProvider - ok

16:12:24.0575 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:12:24.0592 6028 HpSAMD - ok

16:12:24.0629 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:12:24.0651 6028 HTTP - ok

16:12:24.0668 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:12:24.0669 6028 hwpolicy - ok

16:12:24.0698 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:12:24.0703 6028 i8042prt - ok

16:12:24.0752 6028 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

16:12:24.0759 6028 iaStor - ok

16:12:24.0786 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:12:24.0800 6028 iaStorV - ok

16:12:24.0891 6028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:12:24.0952 6028 idsvc - ok

16:12:25.0533 6028 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys

16:12:25.0718 6028 igfx - ok

16:12:25.0825 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

16:12:25.0839 6028 iirsp - ok

16:12:25.0897 6028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

16:12:25.0929 6028 IKEEXT - ok

16:12:25.0975 6028 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

16:12:25.0989 6028 Impcd - ok

16:12:26.0054 6028 Intel(R) PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe

16:12:26.0062 6028 Intel(R) PROSet Monitoring Service - ok

16:12:26.0098 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:12:26.0115 6028 intelide - ok

16:12:26.0139 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:12:26.0141 6028 intelppm - ok

16:12:26.0172 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

16:12:26.0174 6028 IPBusEnum - ok

16:12:26.0189 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:12:26.0196 6028 IpFilterDriver - ok

16:12:26.0216 6028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

16:12:26.0222 6028 iphlpsvc - ok

16:12:26.0231 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:12:26.0237 6028 IPMIDRV - ok

16:12:26.0256 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:12:26.0275 6028 IPNAT - ok

16:12:26.0289 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:12:26.0291 6028 IRENUM - ok

16:12:26.0299 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:12:26.0305 6028 isapnp - ok

16:12:26.0320 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

16:12:26.0331 6028 iScsiPrt - ok

16:12:26.0403 6028 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

16:12:26.0410 6028 jhi_service - ok

16:12:26.0438 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:12:26.0439 6028 kbdclass - ok

16:12:26.0462 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

16:12:26.0484 6028 kbdhid - ok

16:12:26.0515 6028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:12:26.0516 6028 KeyIso - ok

16:12:26.0530 6028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

16:12:26.0534 6028 KSecDD - ok

16:12:26.0551 6028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

16:12:26.0556 6028 KSecPkg - ok

16:12:26.0571 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:12:26.0574 6028 ksthunk - ok

16:12:26.0612 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

16:12:26.0665 6028 KtmRm - ok

16:12:26.0718 6028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

16:12:26.0728 6028 LanmanServer - ok

16:12:26.0758 6028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

16:12:26.0765 6028 LanmanWorkstation - ok

16:12:26.0947 6028 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

16:12:27.0100 6028 LiveUpdate - ok

16:12:27.0194 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:12:27.0197 6028 lltdio - ok

16:12:27.0234 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

16:12:27.0278 6028 lltdsvc - ok

16:12:27.0295 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

16:12:27.0300 6028 lmhosts - ok

16:12:27.0398 6028 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

16:12:27.0403 6028 LMS - ok

16:12:27.0437 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

16:12:27.0455 6028 LSI_FC - ok

16:12:27.0465 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

16:12:27.0472 6028 LSI_SAS - ok

16:12:27.0478 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

16:12:27.0484 6028 LSI_SAS2 - ok

16:12:27.0499 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

16:12:27.0516 6028 LSI_SCSI - ok

16:12:27.0548 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:12:27.0553 6028 luafv - ok

16:12:27.0564 6028 MBAMProtector - ok

16:12:27.0627 6028 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:12:27.0654 6028 MBAMService - ok

16:12:27.0722 6028 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

16:12:27.0727 6028 mcdbus - ok

16:12:27.0763 6028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

16:12:27.0781 6028 Mcx2Svc - ok

16:12:27.0802 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

16:12:27.0808 6028 megasas - ok

16:12:27.0829 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

16:12:27.0861 6028 MegaSR - ok

16:12:27.0882 6028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

16:12:27.0884 6028 MEIx64 - ok

16:12:27.0908 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:12:27.0913 6028 MMCSS - ok

16:12:27.0929 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:12:27.0946 6028 Modem - ok

16:12:27.0977 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:12:27.0978 6028 monitor - ok

16:12:27.0997 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:12:27.0999 6028 mouclass - ok

16:12:28.0023 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:12:28.0040 6028 mouhid - ok

16:12:28.0063 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:12:28.0065 6028 mountmgr - ok

16:12:28.0082 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:12:28.0106 6028 mpio - ok

16:12:28.0123 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:12:28.0125 6028 mpsdrv - ok

16:12:28.0182 6028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

16:12:28.0214 6028 MpsSvc - ok

16:12:28.0237 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:12:28.0259 6028 MRxDAV - ok

16:12:28.0289 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:12:28.0291 6028 mrxsmb - ok

16:12:28.0314 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:12:28.0322 6028 mrxsmb10 - ok

16:12:28.0343 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:12:28.0348 6028 mrxsmb20 - ok

16:12:28.0374 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:12:28.0387 6028 msahci - ok

16:12:28.0412 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:12:28.0434 6028 msdsm - ok

16:12:28.0462 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

16:12:28.0471 6028 MSDTC - ok

16:12:28.0574 6028 MsDtsServer100 (f7a0ba64036ea2b3dfb569e4dc9986e7) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

16:12:28.0581 6028 MsDtsServer100 - ok

16:12:28.0594 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:12:28.0596 6028 Msfs - ok

16:12:28.0630 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:12:28.0633 6028 mshidkmdf - ok

16:12:28.0655 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:12:28.0657 6028 msisadrv - ok

16:12:28.0691 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

16:12:28.0713 6028 MSiSCSI - ok

16:12:28.0716 6028 msiserver - ok

16:12:28.0732 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:12:28.0738 6028 MSKSSRV - ok

16:12:28.0751 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:12:28.0766 6028 MSPCLOCK - ok

16:12:28.0777 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:12:28.0791 6028 MSPQM - ok

16:12:28.0819 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:12:28.0824 6028 MsRPC - ok

16:12:28.0844 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

16:12:28.0846 6028 mssmbios - ok

16:12:28.0915 6028 MSSQLFDLauncher (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

16:12:28.0916 6028 MSSQLFDLauncher - ok

16:12:28.0929 6028 MSSQLSERVER - ok

16:12:28.0993 6028 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

16:12:29.0011 6028 MSSQLServerADHelper100 - ok

16:12:29.0075 6028 MSSQLServerOLAPService - ok

16:12:29.0111 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:12:29.0126 6028 MSTEE - ok

16:12:29.0138 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

16:12:29.0154 6028 MTConfig - ok

16:12:29.0167 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:12:29.0167 6028 Mup - ok

16:12:29.0212 6028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

16:12:29.0233 6028 napagent - ok

16:12:29.0266 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:12:29.0283 6028 NativeWifiP - ok

16:12:29.0392 6028 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120621.018\ENG64.SYS

16:12:29.0411 6028 NAVENG - ok

16:12:29.0515 6028 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120621.018\EX64.SYS

16:12:29.0536 6028 NAVEX15 - ok

16:12:29.0680 6028 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

16:12:29.0710 6028 NDIS - ok

16:12:29.0739 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:12:29.0756 6028 NdisCap - ok

16:12:29.0780 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:12:29.0783 6028 NdisTapi - ok

16:12:29.0796 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:12:29.0800 6028 Ndisuio - ok

16:12:29.0819 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:12:29.0825 6028 NdisWan - ok

16:12:29.0838 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:12:29.0841 6028 NDProxy - ok

16:12:29.0859 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:12:29.0861 6028 NetBIOS - ok

16:12:29.0885 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:12:29.0891 6028 NetBT - ok

16:12:29.0916 6028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:12:29.0917 6028 Netlogon - ok

16:12:29.0958 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

16:12:29.0964 6028 Netman - ok

16:12:30.0038 6028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:12:30.0041 6028 NetMsmqActivator - ok

16:12:30.0048 6028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:12:30.0051 6028 NetPipeActivator - ok

16:12:30.0089 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

16:12:30.0111 6028 netprofm - ok

16:12:30.0120 6028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:12:30.0123 6028 NetTcpActivator - ok

16:12:30.0130 6028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:12:30.0133 6028 NetTcpPortSharing - ok

16:12:30.0186 6028 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

16:12:30.0196 6028 netvsc - ok

16:12:30.0509 6028 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

16:12:30.0654 6028 NETwNs64 - ok

16:12:30.0743 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

16:12:30.0762 6028 nfrd960 - ok

16:12:30.0812 6028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

16:12:30.0818 6028 NlaSvc - ok

16:12:30.0826 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:12:30.0826 6028 Npfs - ok

16:12:30.0830 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

16:12:30.0832 6028 nsi - ok

16:12:30.0837 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:12:30.0838 6028 nsiproxy - ok

16:12:30.0924 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:12:30.0955 6028 Ntfs - ok

16:12:31.0029 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:12:31.0031 6028 Null - ok

16:12:31.0064 6028 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

16:12:31.0088 6028 NVHDA - ok

16:12:31.0566 6028 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:12:31.0616 6028 nvlddmkm - ok

16:12:31.0683 6028 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys

16:12:31.0684 6028 nvpciflt - ok

16:12:31.0722 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:12:31.0745 6028 nvraid - ok

16:12:31.0769 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:12:31.0787 6028 nvstor - ok

16:12:31.0852 6028 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe

16:12:31.0892 6028 NVSvc - ok

16:12:32.0019 6028 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

16:12:32.0126 6028 nvUpdatusService - ok

16:12:32.0217 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:12:32.0224 6028 nv_agp - ok

16:12:32.0259 6028 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe

16:12:32.0260 6028 O2FLASH - ok

16:12:32.0270 6028 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys

16:12:32.0270 6028 O2MDFRDR - ok

16:12:32.0283 6028 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\drivers\O2MDRw7x64.sys

16:12:32.0290 6028 O2MDRRDR - ok

16:12:32.0352 6028 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe

16:12:32.0355 6028 O2SDIOAssist - ok

16:12:32.0375 6028 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys

16:12:32.0377 6028 O2SDJRDR - ok

16:12:32.0481 6028 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:12:32.0540 6028 odserv - ok

16:12:32.0568 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:12:32.0575 6028 ohci1394 - ok

16:12:32.0623 6028 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:12:32.0670 6028 ose - ok

16:12:32.0703 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:12:32.0708 6028 p2pimsvc - ok

16:12:32.0742 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

16:12:32.0764 6028 p2psvc - ok

16:12:32.0800 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:12:32.0804 6028 Parport - ok

16:12:32.0840 6028 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

16:12:32.0845 6028 partmgr - ok

16:12:32.0872 6028 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys

16:12:32.0874 6028 PBADRV - ok

16:12:32.0894 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

16:12:32.0902 6028 PcaSvc - ok

16:12:32.0931 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:12:32.0936 6028 pci - ok

16:12:32.0962 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:12:32.0979 6028 pciide - ok

16:12:33.0006 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

16:12:33.0033 6028 pcmcia - ok

16:12:33.0048 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:12:33.0049 6028 pcw - ok

16:12:33.0087 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:12:33.0115 6028 PEAUTH - ok

16:12:33.0202 6028 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

16:12:33.0279 6028 PeerDistSvc - ok

16:12:33.0360 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

16:12:33.0364 6028 PerfHost - ok

16:12:33.0510 6028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

16:12:33.0564 6028 pla - ok

16:12:33.0615 6028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

16:12:33.0637 6028 PlugPlay - ok

16:12:33.0657 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

16:12:33.0663 6028 PNRPAutoReg - ok

16:12:33.0695 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:12:33.0702 6028 PNRPsvc - ok

16:12:33.0751 6028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

16:12:33.0772 6028 PolicyAgent - ok

16:12:33.0803 6028 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll

16:12:33.0811 6028 Power - ok

16:12:33.0872 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:12:33.0876 6028 PptpMiniport - ok

16:12:33.0894 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

16:12:33.0911 6028 Processor - ok

16:12:33.0947 6028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

16:12:33.0956 6028 ProfSvc - ok

16:12:33.0985 6028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:12:33.0987 6028 ProtectedStorage - ok

16:12:34.0008 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:12:34.0013 6028 Psched - ok

16:12:34.0044 6028 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

16:12:34.0045 6028 PxHlpa64 - ok

16:12:34.0110 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

16:12:34.0206 6028 ql2300 - ok

16:12:34.0306 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

16:12:34.0325 6028 ql40xx - ok

16:12:34.0362 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

16:12:34.0371 6028 QWAVE - ok

16:12:34.0390 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:12:34.0392 6028 QWAVEdrv - ok

16:12:34.0403 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:12:34.0410 6028 RasAcd - ok

16:12:34.0435 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:12:34.0437 6028 RasAgileVpn - ok

16:12:34.0458 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

16:12:34.0464 6028 RasAuto - ok

16:12:34.0487 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:12:34.0492 6028 Rasl2tp - ok

16:12:34.0532 6028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

16:12:34.0548 6028 RasMan - ok

16:12:34.0571 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:12:34.0575 6028 RasPppoe - ok

16:12:34.0604 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:12:34.0608 6028 RasSstp - ok

16:12:34.0632 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:12:34.0640 6028 rdbss - ok

16:12:34.0653 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:12:34.0656 6028 rdpbus - ok

16:12:34.0665 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:12:34.0668 6028 RDPCDD - ok

16:12:34.0708 6028 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

16:12:34.0714 6028 RDPDR - ok

16:12:34.0741 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:12:34.0744 6028 RDPENCDD - ok

16:12:34.0761 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:12:34.0764 6028 RDPREFMP - ok

16:12:34.0809 6028 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

16:12:34.0816 6028 RDPWD - ok

16:12:34.0842 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:12:34.0848 6028 rdyboost - ok

16:12:34.0929 6028 RegSrvc (f90cc59135f2945a6ebb1670a7bbd8b3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

16:12:34.0958 6028 RegSrvc - ok

16:12:34.0992 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

16:12:34.0998 6028 RemoteAccess - ok

16:12:35.0026 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

16:12:35.0030 6028 RemoteRegistry - ok

16:12:35.0201 6028 ReportServer (c48163f4c29540abdb272d50dfb76280) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

16:12:35.0263 6028 ReportServer - ok

16:12:35.0402 6028 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

16:12:35.0477 6028 RoxMediaDB12OEM - ok

16:12:35.0523 6028 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

16:12:35.0529 6028 RoxWatch12 - ok

16:12:35.0613 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

DGARR1 · Jun 22, 2012

16:12:35.0619 6028 RpcEptMapper - ok

16:12:35.0645 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

16:12:35.0648 6028 RpcLocator - ok

16:12:35.0690 6028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:12:35.0700 6028 RpcSs - ok

16:12:35.0753 6028 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys

16:12:35.0780 6028 RsFx0151 - ok

16:12:35.0810 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:12:35.0813 6028 rspndr - ok

16:12:35.0834 6028 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

16:12:35.0849 6028 s3cap - ok

16:12:35.0877 6028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:12:35.0878 6028 SamSs - ok

16:12:35.0994 6028 SAP Business One RSP Agent Service (f9b59b015d8c5f58fca30b2d860d0ada) C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe

16:12:35.0995 6028 SAP Business One RSP Agent Service - ok

16:12:36.0064 6028 SAPB1iDIProxy - ok

16:12:36.0072 6028 SAPB1iDIProxy_Monitor - ok

16:12:36.0119 6028 SAPB1iEventSender - ok

16:12:36.0171 6028 SBOBackUp (63ab7ec49a2e652431d1bc6f75ea4f30) C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe

16:12:36.0220 6028 SBOBackUp - ok

16:12:36.0273 6028 SBOClientAgent (5ab418e0c2ff003a5cdd0c6ec7837885) C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe

16:12:36.0273 6028 SBOClientAgent - ok

16:12:36.0318 6028 SBODI_Server (88d81cbe5cdc1d9d41c0787b7fa72b5f) C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe

16:12:36.0341 6028 SBODI_Server - ok

16:12:36.0358 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:12:36.0377 6028 sbp2port - ok

16:12:36.0407 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

16:12:36.0416 6028 SCardSvr - ok

16:12:36.0437 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:12:36.0438 6028 scfilter - ok

16:12:36.0481 6028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

16:12:36.0518 6028 Schedule - ok

16:12:36.0537 6028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:12:36.0540 6028 SCPolicySvc - ok

16:12:36.0563 6028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

16:12:36.0567 6028 SDRSVC - ok

16:12:36.0607 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:12:36.0610 6028 secdrv - ok

16:12:36.0623 6028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

16:12:36.0629 6028 seclogon - ok

16:12:36.0794 6028 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe

16:12:36.0957 6028 SecureStorageService - ok

16:12:37.0062 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

16:12:37.0068 6028 SENS - ok

16:12:37.0086 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

16:12:37.0091 6028 SensrSvc - ok

16:12:37.0131 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

16:12:37.0148 6028 Serenum - ok

16:12:37.0167 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

16:12:37.0184 6028 Serial - ok

16:12:37.0208 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

16:12:37.0224 6028 sermouse - ok

16:12:37.0251 6028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

16:12:37.0253 6028 SessionEnv - ok

16:12:37.0256 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:12:37.0262 6028 sffdisk - ok

16:12:37.0275 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:12:37.0290 6028 sffp_mmc - ok

16:12:37.0297 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:12:37.0304 6028 sffp_sd - ok

16:12:37.0307 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

16:12:37.0312 6028 sfloppy - ok

16:12:37.0346 6028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

16:12:37.0363 6028 SharedAccess - ok

16:12:37.0396 6028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

16:12:37.0417 6028 ShellHWDetection - ok

16:12:37.0429 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

16:12:37.0446 6028 SiSRaid2 - ok

16:12:37.0455 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

16:12:37.0461 6028 SiSRaid4 - ok

16:12:37.0540 6028 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

16:12:37.0543 6028 SkypeUpdate - ok

16:12:37.0567 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:12:37.0587 6028 Smb - ok

16:12:37.0749 6028 SmcService (8316eb68c09b53135e717ff464180913) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

16:12:37.0844 6028 SmcService - ok

16:12:37.0900 6028 SNAC (7baaa607b3d6b9f6180a3f1746bf1a6a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

16:12:37.0948 6028 SNAC - ok

16:12:38.0035 6028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

16:12:38.0040 6028 SNMPTRAP - ok

16:12:38.0068 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:12:38.0070 6028 spldr - ok

16:12:38.0109 6028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

16:12:38.0132 6028 Spooler - ok

16:12:38.0293 6028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

16:12:38.0382 6028 sppsvc - ok

16:12:38.0442 6028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

16:12:38.0448 6028 sppuinotify - ok

16:12:38.0512 6028 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:12:38.0519 6028 SQLBrowser - ok

16:12:38.0599 6028 SQLSERVERAGENT (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

16:12:38.0622 6028 SQLSERVERAGENT - ok

16:12:38.0686 6028 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:12:38.0691 6028 SQLWriter - ok

16:12:38.0758 6028 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS

16:12:38.0765 6028 SRTSP - ok

16:12:38.0805 6028 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS

16:12:38.0856 6028 SRTSPL - ok

16:12:38.0878 6028 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS

16:12:38.0895 6028 SRTSPX - ok

16:12:38.0937 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:12:38.0957 6028 srv - ok

16:12:38.0991 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:12:39.0011 6028 srv2 - ok

16:12:39.0038 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:12:39.0044 6028 srvnet - ok

16:12:39.0089 6028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

16:12:39.0098 6028 SSDPSRV - ok

16:12:39.0122 6028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

16:12:39.0128 6028 SstpSvc - ok

16:12:39.0199 6028 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

16:12:39.0206 6028 STacSV - ok

16:12:39.0229 6028 stdcfltn (e4ea2412fb1b8aee33667a9cc6d456a4) C:\Windows\system32\DRIVERS\stdcfltn.sys

16:12:39.0231 6028 stdcfltn - ok

16:12:39.0295 6028 Stereo Service (479321c119b54d7f13a91e16cf7c2e9a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

16:12:39.0299 6028 Stereo Service - ok

16:12:39.0321 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

16:12:39.0339 6028 stexstor - ok

16:12:39.0379 6028 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys

16:12:39.0401 6028 STHDA - ok

16:12:39.0465 6028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

16:12:39.0491 6028 stisvc - ok

16:12:39.0563 6028 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

16:12:39.0591 6028 stllssvr - ok

16:12:39.0609 6028 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

16:12:39.0613 6028 StorSvc - ok

16:12:39.0634 6028 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

16:12:39.0640 6028 storvsc - ok

16:12:39.0745 6028 SvcNEWTScanner (23684ca0561953adde66dd4e5e0734f0) C:\Windows\SysWOW64\NEWTScannerSvc.exe

16:12:39.0749 6028 SvcNEWTScanner - ok

16:12:39.0777 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

16:12:39.0778 6028 swenum - ok

16:12:39.0826 6028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

16:12:39.0851 6028 swprv - ok

16:12:40.0005 6028 Symantec AntiVirus (da035c6cd2684e3160b9d0a66176814c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

16:12:40.0015 6028 Symantec AntiVirus - ok

16:12:40.0141 6028 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

16:12:40.0155 6028 SymEvent - ok

16:12:40.0187 6028 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

16:12:40.0193 6028 SynthVid - ok

16:12:40.0288 6028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

16:12:40.0330 6028 SysMain - ok

16:12:40.0411 6028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

16:12:40.0417 6028 TabletInputService - ok

16:12:40.0534 6028 TAO_NT_Naming_Service (299f5e12100b47de68f8dbc4cbda345c) C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe

16:12:40.0585 6028 TAO_NT_Naming_Service - ok

16:12:40.0681 6028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

16:12:40.0698 6028 TapiSrv - ok

16:12:40.0720 6028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

16:12:40.0724 6028 TBS - ok

16:12:40.0856 6028 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

16:12:40.0934 6028 Tcpip - ok

16:12:41.0081 6028 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

16:12:41.0091 6028 TCPIP6 - ok

16:12:41.0149 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:12:41.0152 6028 tcpipreg - ok

16:12:41.0275 6028 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

16:12:41.0404 6028 tcsd_win32.exe - ok

16:12:41.0626 6028 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

16:12:41.0707 6028 TdmService - ok

16:12:41.0793 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:12:41.0808 6028 TDPIPE - ok

16:12:41.0836 6028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

16:12:41.0839 6028 TDTCP - ok

16:12:41.0860 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:12:41.0864 6028 tdx - ok

16:12:42.0019 6028 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

16:12:42.0030 6028 TeamViewer7 - ok

16:12:42.0107 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

16:12:42.0109 6028 TermDD - ok

16:12:42.0167 6028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

16:12:42.0191 6028 TermService - ok

16:12:42.0204 6028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

16:12:42.0206 6028 Themes - ok

16:12:42.0228 6028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:12:42.0231 6028 THREADORDER - ok

16:12:42.0343 6028 Tomcat6 (adad1371f9d555c82258cc9f719e7647) C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe

16:12:42.0345 6028 Tomcat6 - ok

16:12:42.0371 6028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

16:12:42.0375 6028 TrkWks - ok

16:12:42.0413 6028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

16:12:42.0416 6028 TrustedInstaller - ok

16:12:42.0452 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:12:42.0455 6028 tssecsrv - ok

16:12:42.0476 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:12:42.0484 6028 TsUsbFlt - ok

16:12:42.0498 6028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

16:12:42.0514 6028 TsUsbGD - ok

16:12:42.0538 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:12:42.0540 6028 tunnel - ok

16:12:42.0546 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

16:12:42.0552 6028 uagp35 - ok

16:12:42.0572 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:12:42.0588 6028 udfs - ok

16:12:42.0609 6028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

16:12:42.0615 6028 UI0Detect - ok

16:12:42.0627 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:12:42.0634 6028 uliagpkx - ok

16:12:42.0647 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

16:12:42.0650 6028 umbus - ok

16:12:42.0666 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

16:12:42.0683 6028 UmPass - ok

16:12:42.0720 6028 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

16:12:42.0727 6028 UmRdpService - ok

16:12:42.0916 6028 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

16:12:42.0975 6028 UNS - ok

16:12:43.0011 6028 UnsignedThemes (8f387a1cc015a3f5020700c657a0fc85) C:\Windows\UnsignedThemesSvc.exe

16:12:43.0012 6028 UnsignedThemes - ok

16:12:43.0094 6028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

16:12:43.0110 6028 upnphost - ok

16:12:43.0158 6028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

16:12:43.0177 6028 usbaudio - ok

16:12:43.0212 6028 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

16:12:43.0215 6028 usbccgp - ok

16:12:43.0241 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:12:43.0254 6028 usbcir - ok

16:12:43.0270 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

16:12:43.0273 6028 usbehci - ok

16:12:43.0312 6028 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

16:12:43.0330 6028 usbhub - ok

16:12:43.0364 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

16:12:43.0380 6028 usbohci - ok

16:12:43.0401 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

16:12:43.0408 6028 usbprint - ok

16:12:43.0426 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:12:43.0444 6028 USBSTOR - ok

16:12:43.0471 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

16:12:43.0477 6028 usbuhci - ok

16:12:43.0511 6028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

16:12:43.0517 6028 usbvideo - ok

16:12:43.0546 6028 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys

16:12:43.0548 6028 uxpatch - ok

16:12:43.0574 6028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

16:12:43.0577 6028 UxSms - ok

16:12:43.0596 6028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:12:43.0596 6028 VaultSvc - ok

16:12:43.0615 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:12:43.0617 6028 vdrvroot - ok

16:12:43.0655 6028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

16:12:43.0678 6028 vds - ok

16:12:43.0693 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:12:43.0705 6028 vga - ok

16:12:43.0722 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:12:43.0725 6028 VgaSave - ok

16:12:43.0743 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:12:43.0762 6028 vhdmp - ok

16:12:43.0785 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:12:43.0797 6028 viaide - ok

16:12:43.0858 6028 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

16:12:43.0862 6028 VMAuthdService - ok

16:12:43.0886 6028 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

16:12:43.0902 6028 VMBusHID - ok

16:12:43.0943 6028 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

16:12:43.0947 6028 vmci - ok

16:12:43.0978 6028 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys

16:12:43.0979 6028 vmkbd - ok

16:12:43.0992 6028 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

16:12:43.0994 6028 VMnetAdapter - ok

16:12:44.0010 6028 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

16:12:44.0012 6028 VMnetBridge - ok

16:12:44.0018 6028 VMnetDHCP - ok

16:12:44.0038 6028 VMnetuserif (b6a3766c3e99fb1f6663c6b4b7c3f3a1) C:\Windows\system32\drivers\vmnetuserif.sys

16:12:44.0040 6028 VMnetuserif - ok

16:12:44.0052 6028 VMparport (72d35825bb1b94c158e2332dd6bb2a98) C:\Windows\system32\drivers\VMparport.sys

16:12:44.0054 6028 VMparport - ok

16:12:44.0084 6028 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys

16:12:44.0102 6028 vmusb - ok

16:12:44.0190 6028 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

16:12:44.0215 6028 VMUSBArbService - ok

16:12:44.0224 6028 VMware NAT Service - ok

16:12:44.0243 6028 vmx86 (e53cad9b1fa901ca2046501ee88f9cef) C:\Windows\system32\drivers\vmx86.sys

16:12:44.0244 6028 vmx86 - ok

16:12:44.0270 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:12:44.0274 6028 volmgr - ok

16:12:44.0307 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:12:44.0322 6028 volmgrx - ok

16:12:44.0348 6028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:12:44.0364 6028 volsnap - ok

16:12:44.0395 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

16:12:44.0416 6028 vsmraid - ok

16:12:44.0504 6028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

16:12:44.0562 6028 VSS - ok

16:12:44.0652 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:12:44.0655 6028 vwifibus - ok

16:12:44.0688 6028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:12:44.0691 6028 vwififlt - ok

16:12:44.0733 6028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

16:12:44.0755 6028 W32Time - ok

16:12:44.0826 6028 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

16:12:44.0846 6028 W3SVC - ok

16:12:44.0866 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

16:12:44.0888 6028 WacomPen - ok

16:12:44.0915 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:12:44.0918 6028 WANARP - ok

16:12:44.0920 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:12:44.0920 6028 Wanarpv6 - ok

16:12:44.0951 6028 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

16:12:44.0957 6028 WAS - ok

16:12:45.0104 6028 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

16:12:45.0167 6028 Wave Authentication Manager Service - ok

16:12:45.0331 6028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

16:12:45.0367 6028 wbengine - ok

16:12:45.0424 6028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

16:12:45.0428 6028 WbioSrvc - ok

16:12:45.0452 6028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

16:12:45.0473 6028 wcncsvc - ok

16:12:45.0494 6028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

16:12:45.0500 6028 WcsPlugInService - ok

16:12:45.0545 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

16:12:45.0560 6028 Wd - ok

16:12:45.0595 6028 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

16:12:45.0605 6028 WDC_SAM - ok

16:12:45.0646 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:12:45.0667 6028 Wdf01000 - ok

16:12:45.0696 6028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:12:45.0702 6028 WdiServiceHost - ok

16:12:45.0706 6028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:12:45.0711 6028 WdiSystemHost - ok

16:12:45.0738 6028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

16:12:45.0754 6028 WebClient - ok

16:12:45.0780 6028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

16:12:45.0791 6028 Wecsvc - ok

16:12:45.0814 6028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

16:12:45.0821 6028 wercplsupport - ok

16:12:45.0844 6028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

16:12:45.0850 6028 WerSvc - ok

16:12:45.0903 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:12:45.0905 6028 WfpLwf - ok

16:12:45.0920 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:12:45.0939 6028 WIMMount - ok

16:12:45.0963 6028 WinDefend - ok

16:12:45.0967 6028 WinHttpAutoProxySvc - ok

16:12:46.0028 6028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

16:12:46.0036 6028 Winmgmt - ok

16:12:46.0150 6028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

16:12:46.0218 6028 WinRM - ok

16:12:46.0324 6028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

16:12:46.0327 6028 WinUsb - ok

16:12:46.0381 6028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

16:12:46.0409 6028 Wlansvc - ok

16:12:46.0441 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:12:46.0441 6028 WmiAcpi - ok

16:12:46.0486 6028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

16:12:46.0493 6028 wmiApSrv - ok

16:12:46.0528 6028 WMPNetworkSvc - ok

16:12:46.0601 6028 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

16:12:46.0629 6028 WMZuneComm - ok

16:12:46.0662 6028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

16:12:46.0665 6028 WPCSvc - ok

16:12:46.0686 6028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

16:12:46.0694 6028 WPDBusEnum - ok

16:12:46.0721 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:12:46.0723 6028 ws2ifsl - ok

16:12:46.0740 6028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

16:12:46.0747 6028 wscsvc - ok

16:12:46.0753 6028 WSearch - ok

16:12:46.0873 6028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

16:12:46.0941 6028 wuauserv - ok

16:12:47.0035 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:12:47.0040 6028 WudfPf - ok

16:12:47.0062 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:12:47.0068 6028 WUDFRd - ok

16:12:47.0089 6028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

16:12:47.0096 6028 wudfsvc - ok

16:12:47.0125 6028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

16:12:47.0143 6028 WwanSvc - ok

16:12:47.0223 6028 XobniService (12f9ead58e8ca6c8377b0e61766c5a12) C:\Program Files (x86)\Xobni\XobniService.exe

16:12:47.0225 6028 XobniService - ok

16:12:47.0352 6028 ZcfgSvc7 (b87e12317928739e22d2e3acc7ccac80) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

16:12:47.0383 6028 ZcfgSvc7 - ok

16:12:47.0708 6028 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

16:12:47.0971 6028 ZuneNetworkSvc - ok

16:12:48.0045 6028 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

16:12:48.0098 6028 ZuneWlanCfgSvc - ok

16:12:48.0144 6028 MBR (0x1B8) (d7ad5aa31a559120c3ba48fd0a1b1636) \Device\Harddisk0\DR0

16:12:48.0339 6028 \Device\Harddisk0\DR0 - ok

16:12:48.0346 6028 Boot (0x1200) (f878749b4bd0877960827c7652e1edec) \Device\Harddisk0\DR0\Partition0

16:12:48.0350 6028 \Device\Harddisk0\DR0\Partition0 - ok

16:12:48.0372 6028 Boot (0x1200) (363520809edb43fc12e302101fa68d9c) \Device\Harddisk0\DR0\Partition1

16:12:48.0376 6028 \Device\Harddisk0\DR0\Partition1 - ok

16:12:48.0377 6028 ============================================================

16:12:48.0377 6028 Scan finished

16:12:48.0377 6028 ============================================================

16:12:48.0384 3720 Detected object count: 0

16:12:48.0384 3720 Actual detected object count: 0

Broni · Jun 22, 2012

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

DGARR1 · Jun 23, 2012

ComboFix 12-06-23.01 - dean.garrison 06/22/2012 21:24:42.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.4823 [GMT -7:00]
Running from: c:\users\dean.garrison\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kGACsYrmPjUu.exe
c:\programdata\M8bNpuGd8Z7Nvx
c:\programdata\M8bNpuGd8Z7Nvx.exe
c:\users\dean.garrison\AppData\Local\assembly\tmp
c:\users\dean.garrison\g2mdlhlpx.exe
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-21 21:22 . 2012-06-21 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\users\dean.garrison\AppData\Roaming\Malwarebytes
2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 20:26 . 2012-06-21 20:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 20:08 . 2012-06-21 20:09 -------- d-----w- c:\program files\HitmanPro
2012-06-21 20:08 . 2012-06-21 20:09 -------- d-----w- c:\programdata\HitmanPro
2012-06-21 19:47 . 2012-06-21 19:47 -------- d-----w- C:\found.000
2012-06-20 18:49 . 2012-06-20 18:49 1784736 ---ha-w- c:\windows\SysWow64\NEWT.dll
2012-06-20 18:48 . 2012-06-20 18:49 269728 ---ha-w- c:\windows\SysWow64\NEWTScan.exe
2012-06-20 18:48 . 2012-06-20 18:48 82672 ---ha-w- c:\windows\SysWow64\NEWTScannerCOM.exe
2012-06-20 18:48 . 2012-06-20 18:48 78576 ---ha-w- c:\windows\SysWow64\NEWTScannerSvc.exe
2012-06-19 15:05 . 2012-05-31 04:04 9013136 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AD082FE-B08B-422C-AF4A-5090183FE82F}\mpengine.dll
2012-06-18 22:31 . 2012-06-18 22:31 -------- d--h--w- c:\program files (x86)\Vision33 1D2V CRM Dashboard
2012-06-14 06:12 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 06:12 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 06:12 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 06:11 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 06:11 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 06:11 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 06:11 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 06:11 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-08 17:45 . 2012-06-08 17:45 -------- d--h--w- c:\users\dean.garrison\AppData\Roaming\SAP
2012-05-24 19:02 . 2012-03-28 03:30 77824 ---ha-w- c:\windows\SysWow64\LoadDotNetAssembly.dll
2012-05-24 19:02 . 2012-03-28 03:30 13312 ---ha-w- c:\windows\SysWow64\LoadDotNetAssembly.netmodule
2012-05-24 19:00 . 2012-05-24 19:01 69632 ---ha-w- c:\windows\SysWow64\B1iUtilitiesNative.dll
2012-05-24 16:21 . 2012-05-24 16:21 -------- d--h--w- c:\windows\SysWow64\BestPractices
2012-05-24 16:21 . 2012-05-24 16:21 -------- d-----w- c:\windows\system32\BestPractices
2012-05-24 16:04 . 2012-05-24 16:04 -------- d--h--w- c:\users\dean.garrison\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 19:01 . 2012-05-22 23:17 86016 ---ha-w- c:\windows\SysWow64\B1iTranslatorNative.dll
2012-05-24 19:01 . 2012-04-17 01:18 61440 ----a-w- c:\windows\system32\B1iUtilitiesNative64.dll
2012-05-01 16:04 . 2012-05-01 16:04 418464 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 16:04 . 2012-02-19 17:08 70304 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 23:30 . 2012-04-18 23:30 89088 ----a-w- c:\windows\system32\explorer.exe
2012-03-30 11:35 . 2012-05-11 19:00 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 20:28 . 2012-03-28 20:29 834560 ----a-w- c:\windows\system32\RpcTspUI.dll
2012-03-28 20:28 . 2012-03-28 20:29 81408 ----a-w- c:\windows\system32\CPHelper.dll
2012-03-28 20:28 . 2012-03-28 20:29 718848 ----a-w- c:\windows\system32\RpcTspX.tsp
2012-03-28 20:28 . 2012-03-28 20:29 36864 ----a-w- c:\windows\system32\TMSRegLib.dll
2012-03-28 20:28 . 2012-03-28 20:29 261120 ----a-w- c:\windows\system32\TAPIConverterX.dll
2012-03-28 20:28 . 2012-03-28 20:29 195072 ----a-w- c:\windows\system32\Reglib.dll
2012-03-28 20:28 . 2012-03-28 20:29 144896 ----a-w- c:\windows\system32\loglib.dll
2012-03-28 20:28 . 2012-03-28 20:29 115200 ----a-w- c:\windows\system32\STLogin.dll
2012-03-28 20:28 . 2012-03-28 20:29 105984 ----a-w- c:\windows\system32\STCLogin.exe
2012-03-28 19:03 . 2012-03-28 19:03 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-28 03:30 . 2012-05-22 23:17 13312 ----a-w- c:\windows\system32\LoadDotNetAssembly.netmodule
2012-03-28 03:30 . 2012-03-28 03:30 91648 ----a-w- c:\windows\system32\LoadDotNetAssembly.dll
2012-03-28 03:10 . 2012-03-28 03:10 101888 ---ha-r- c:\windows\SysWow64\VB6STKIT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" [2012-04-16 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SAP Business One ServerTools"="c:\program files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe" [2012-03-28 331776]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2012-3-28 5120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"dontdisplaylockeduserid"= 1 (0x1)
"HideFastUserSwitching"= 0 (0x0)
"DefaultLogonDomain"= zedIT
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SBOBackUp;SAP Business One BackUp Service;c:\program files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe [2012-03-28 241664]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 B1LicenseService;SAP Business One License Manager;c:\program files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe [2012-03-28 3887104]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-04-03 2175328]
S2 SAP Business One RSP Agent Service;SAP Business One RSP Agent Service;c:\program files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe [2011-08-17 12800]
S2 SAPB1iDIProxy;SAP Business One DI Proxy Service;c:\program files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe [2012-03-28 249856]
S2 SAPB1iDIProxy_Monitor;SAP Business One DI Proxy Service Monitor;c:\program files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe [2012-03-28 249856]
S2 SAPB1iEventSender;SAP Business One EventSender Service;c:\program files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe [2012-03-28 249856]
S2 SBOClientAgent;SAP Business One Client Agent;c:\program files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe [2012-03-28 61440]
S2 SBODI_Server;SAP Business One DI Server;c:\program files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe [2012-03-28 733184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 SvcNEWTScanner;NEWTScanner Service;c:\windows\SysWOW64\NEWTScannerSvc.exe [2012-06-20 78576]
S2 TAO_NT_Naming_Service;TAO NT Naming Service;c:\program files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe [2012-03-28 1388544]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 Tomcat6;SAP Business One Integration Service;c:\program files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe [2012-03-28 78336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2012-01-20 62184]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 16:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 23:46 139128 ---ha-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 23:46 139128 ---ha-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"combofix"="c:\combofix\CF17729.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://zedworld.zeditsolutions.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: garrison7
Trusted Zone: zedit.com\zedworld
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: NameServer = 192.168.112.16,192.168.112.124
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Shoreline Communications\ShoreWare Client\STCLogin.exe
c:\program files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
c:\program files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-22 21:45:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 04:45
.
Pre-Run: 243,693,604,864 bytes free
Post-Run: 243,718,348,800 bytes free
.
- - End Of File - - A90D07400BAB16D006C82AD33C2FCDA9

Broni · Jun 23, 2012

Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DGARR1 · Jun 25, 2012

OTL logfile created on: 6/25/2012 9:22:22 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\dean.garrison\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 63.00% Memory free
15.77 Gb Paging File | 12.19 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.42 Gb Total Space | 227.05 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1769.16 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
Drive M: | 49.42 Gb Total Space | 29.02 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: GARRISON7 | User Name: dean.garrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
PRC - [2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWOW64\NEWTScannerSvc.exe
PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
PRC - [2012/04/16 14:38:10 | 000,039,816 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/27 22:30:42 | 003,887,104 | -H-- | M] () -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe
PRC - [2012/03/27 22:00:56 | 000,733,184 | -H-- | M] (SAP Ltd.) -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe
PRC - [2012/03/27 21:59:40 | 000,331,776 | -H-- | M] (SAP Ltd.) -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe
PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe
PRC - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe
PRC - [2012/03/27 20:10:48 | 001,388,544 | -H-- | M] () -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe
PRC - [2012/03/19 04:38:47 | 007,357,824 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 04:38:47 | 002,666,880 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 04:29:38 | 000,106,368 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/19 20:03:30 | 000,062,184 | -H-- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2011/11/13 22:42:54 | 000,354,416 | -H-- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/11/13 22:42:52 | 000,433,264 | -H-- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/11/13 20:49:40 | 000,079,872 | -H-- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011/08/08 20:46:06 | 002,656,536 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 20:46:04 | 000,325,912 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/07/25 08:43:18 | 000,686,704 | -H-- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/06/05 06:31:30 | 000,378,472 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/04 14:42:24 | 000,081,920 | -H-- | M] (ShoreTel, Inc.) -- C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\STCLogin.exe
PRC - [2011/02/23 23:10:24 | 000,212,944 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | -H-- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 15:55:28 | 000,087,336 | -H-- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/08/13 18:25:08 | 000,223,848 | -H-- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/05/12 22:14:50 | 000,050,616 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/05/12 22:12:36 | 002,440,632 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2003/04/18 19:06:26 | 000,008,192 | -H-- | M] () -- c:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/25 08:43:18 | 000,686,704 | -H-- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/24 21:44:02 | 000,375,280 | -H-- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | -H-- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/24 15:17:34 | 002,279,320 | -H-- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/07/01 12:52:32 | 001,600,000 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2011/05/27 16:46:56 | 003,792,240 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 14:42:08 | 002,154,888 | -H-- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/05/13 09:10:44 | 001,043,872 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 09:10:44 | 000,036,768 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/01/25 02:57:18 | 000,296,448 | -H-- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R)
SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) [Auto | Running] -- C:\Windows\SysWOW64\NEWTScannerSvc.exe -- (SvcNEWTScanner)
SRV - [2012/05/01 09:04:45 | 000,253,088 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 10:37:38 | 000,158,856 | RH-- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/27 22:32:34 | 000,061,440 | -H-- | M] (SAP) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe -- (SBOClientAgent)
SRV - [2012/03/27 22:30:42 | 003,887,104 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\B1License.exe -- (B1LicenseService)
SRV - [2012/03/27 22:00:56 | 000,733,184 | -H-- | M] (SAP Ltd.) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\DI_Server\B1DI_Server.exe -- (SBODI_Server)
SRV - [2012/03/27 21:59:54 | 000,241,664 | -H-- | M] (SAP Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\BackUp\B1backUp.exe -- (SBOBackUp)
SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe -- (SAPB1iEventSender)
SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy_Monitor.exe -- (SAPB1iDIProxy_Monitor)
SRV - [2012/03/27 20:30:22 | 000,249,856 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\DIProxy\SAPB1iDIProxy.exe -- (SAPB1iDIProxy)
SRV - [2012/03/27 20:30:04 | 000,078,336 | -H-- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One Integration\B1iServer\Tomcat\bin\tomcat6.exe -- (Tomcat6)
SRV - [2012/03/27 20:10:48 | 001,388,544 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\SAP\SAP Business One ServerTools\License\NT_Naming_Service.exe -- (TAO_NT_Naming_Service)
SRV - [2012/03/19 04:38:47 | 002,666,880 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/19 20:03:30 | 000,062,184 | -H-- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/11/13 22:42:54 | 000,354,416 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/11/13 22:42:52 | 000,433,264 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/11/13 20:49:40 | 000,079,872 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/29 21:11:04 | 000,846,448 | -H-- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/17 01:47:32 | 000,012,800 | -H-- | M] (SAP) [Auto | Running] -- C:\Program Files (x86)\SAP\Remote support platform for SAP Business One\Service\BIN\AgentService.exe -- (SAP Business One RSP Agent Service)
SRV - [2011/08/08 20:46:06 | 002,656,536 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/08/08 20:46:04 | 000,325,912 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/06/05 08:22:00 | 001,997,416 | -H-- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/05 06:31:30 | 000,378,472 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 23:10:24 | 000,212,944 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/02/17 08:08:52 | 001,633,280 | -H-- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 04:34:18 | 000,219,632 | -H-- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/23 12:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 22:12:36 | 002,440,632 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:56:52 | 003,098,440 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:28 | 000,387,400 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2003/04/18 19:06:26 | 000,008,192 | -H-- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/28 12:03:13 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 11:53:02 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/19 11:53:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/11/13 22:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/11/13 22:43:30 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/11/13 22:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/11/13 22:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/11/13 20:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/11/13 20:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/08/29 21:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 21:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 13:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/22 13:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/07/19 15:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)
DRV:64bit: - [2011/07/15 22:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/17 19:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/05 08:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/26 11:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 13:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/10 03:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/23 14:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/25 02:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 15:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 13:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/21 12:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/02 16:19:30 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/08/02 16:19:28 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/08/02 16:19:24 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/08/02 16:19:24 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/08/02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010/07/21 12:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/16 15:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/04 13:07:56 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/03/04 13:07:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/03/04 13:07:54 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/05/30 01:00:00 | 000,484,512 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/30 01:00:00 | 000,138,912 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 01:00:00 | 002,068,600 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120624.008\ex64.sys -- (NAVEX15)
DRV - [2012/05/15 01:00:00 | 000,120,440 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120624.008\eng64.sys -- (NAVENG)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/04 13:07:56 | 000,480,304 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:56 | 000,032,304 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/03/04 13:07:54 | 000,441,904 | -H-- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/02/24 18:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B46D353-06C6-41E9-9985-DC042811E0DD}
IE:64bit: - HKLM\..\SearchScopes\{3B46D353-06C6-41E9-9985-DC042811E0DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3B46D353-06C6-41E9-9985-DC042811E0DD}
IE - HKLM\..\SearchScopes\{3B46D353-06C6-41E9-9985-DC042811E0DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://zedworld.zeditsolutions.com/
IE - HKCU\..\SearchScopes,DefaultScope = {15FB76D0-A139-4866-945C-863D17359F4A}
IE - HKCU\..\SearchScopes\{15FB76D0-A139-4866-945C-863D17359F4A}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/06/22 21:41:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SAP Business One ServerTools] C:\Program Files (x86)\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe (SAP Ltd.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = zedIT
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
O15 - HKCU\..Trusted Domains: garrison7 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: zedit.com ([zedworld] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab (Microsoft Office Template and Media Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.113.22 209.218.76.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zedIT.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: Domain = zedIT.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A91AE1-CB1A-4771-8D1E-463A52F55361}: NameServer = 192.168.112.16,192.168.112.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5FE1A6-0B02-4115-A601-CB5AAD68A8B9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD2094C8-9C58-4E71-B30D-D56425AD36F7}: DhcpNameServer = 192.168.113.22 209.218.76.2
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/09 07:58:32 | 000,000,067 | -H-- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/05/18 14:47:24 | 000,000,000 | ---- | M] () - M:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

DGARR1 · Jun 25, 2012

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 09:20:18 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
[2012/06/25 08:54:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/06/22 21:41:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/22 21:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V Finance Charges
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V CRM Dashboard
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShoreTel
[2012/06/22 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scintilla Text Editor
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Business One
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/22 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integration solution for SAP Business One
[2012/06/22 21:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012/06/22 21:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASAP Utilities
[2012/06/22 21:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/06/22 21:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/22 21:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/22 21:23:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 21:23:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 21:23:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 21:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 21:22:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\desktop
[2012/06/22 21:17:54 | 004,565,299 | R--- | C] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
[2012/06/22 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\tdsskiller
[2012/06/21 22:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2012/06/21 16:30:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/21 16:30:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/21 16:01:45 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\Desktop\Virus Fix
[2012/06/21 14:22:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/21 13:54:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
[2012/06/21 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Malwarebytes
[2012/06/21 13:26:11 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 13:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/21 13:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/21 13:09:15 | 000,000,000 | ---D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/06/21 13:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/21 13:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/21 12:47:47 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/20 13:26:22 | 000,000,000 | -H-D | C] -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vision33 1D2V CRM Dashboard
[2012/06/20 11:49:30 | 001,784,736 | -H-- | C] (CPUID) -- C:\Windows\SysWow64\NEWT.dll
[2012/06/20 11:48:59 | 000,269,728 | -H-- | C] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
[2012/06/20 11:48:55 | 000,082,672 | -H-- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
[2012/06/20 11:48:52 | 000,078,576 | -H-- | C] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe
[2012/06/18 15:31:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Vision33 1D2V CRM Dashboard
[2012/06/08 10:45:57 | 000,000,000 | -H-D | C] -- C:\Users\dean.garrison\AppData\Roaming\SAP

========== Files - Modified Within 30 Days ==========

[2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe
[2012/06/25 09:03:17 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 09:03:17 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 09:02:59 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 08:53:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 08:52:01 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 21:41:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/22 21:23:31 | 004,565,299 | R--- | M] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
[2012/06/21 13:56:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
[2012/06/21 13:26:11 | 000,001,135 | ---- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 11:20:40 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
[2012/06/21 11:20:40 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
[2012/06/21 11:20:39 | 000,000,681 | -H-- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/21 08:56:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\dev_hwid
[2012/06/20 11:49:36 | 001,784,736 | -H-- | M] (CPUID) -- C:\Windows\SysWow64\NEWT.dll
[2012/06/20 11:49:07 | 000,269,728 | -H-- | M] (Komodo Laboratories LLC (www.KomodoLabs.com)) -- C:\Windows\SysWow64\NEWTScan.exe
[2012/06/20 11:48:58 | 000,082,672 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerCOM.exe
[2012/06/20 11:48:55 | 000,078,576 | -H-- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWow64\NEWTScannerSvc.exe
[2012/06/19 13:58:15 | 000,001,998 | -H-- | M] () -- C:\Users\dean.garrison\Documents\Default.rdp
[2012/06/18 14:07:54 | 000,002,663 | -H-- | M] () -- C:\Users\Public\Documents\Signature.pdf
[2012/06/14 11:57:00 | 000,000,459 | -H-- | M] () -- C:\Users\dean.garrison\Documents\ChatLog TurboTire _ iCharge Config _ Dean 2012_06_14 11_57.rtf
[2012/06/14 03:26:03 | 000,355,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:08:19 | 001,058,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:08:19 | 000,846,188 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 03:08:19 | 000,193,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/30 14:18:57 | 000,000,497 | -H-- | M] () -- C:\Users\dean.garrison\Documents\ChatLog SQL Training 2012_05_30 14_18.rtf
[2012/05/30 09:19:27 | 000,516,552 | ---- | M] () -- C:\bar.emf
[2012/05/30 09:19:25 | 000,336,896 | -H-- | M] () -- C:\Users\Public\Documents\Venn.vsd
[2012/05/30 06:54:53 | 000,134,656 | -H-- | M] () -- C:\Users\Public\Documents\Before.vsd

========== Files Created - No Company Name ==========

[2012/06/22 21:26:09 | 000,002,653 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012/06/22 21:26:09 | 000,001,714 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/06/22 21:26:04 | 000,002,441 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/22 21:26:04 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/22 21:26:04 | 000,001,326 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/22 21:26:04 | 000,001,210 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/06/22 21:26:04 | 000,001,176 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/06/22 21:23:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 21:23:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 21:23:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 21:23:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 21:23:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/21 13:26:11 | 000,001,135 | ---- | C] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 11:20:40 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
[2012/06/21 11:20:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
[2012/06/21 11:20:39 | 000,000,681 | -H-- | C] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/18 14:07:54 | 000,002,663 | -H-- | C] () -- C:\Users\Public\Documents\Signature.pdf
[2012/06/14 11:57:00 | 000,000,459 | -H-- | C] () -- C:\Users\dean.garrison\Documents\ChatLog TurboTire _ iCharge Config _ Dean 2012_06_14 11_57.rtf
[2012/05/30 14:18:57 | 000,000,497 | -H-- | C] () -- C:\Users\dean.garrison\Documents\ChatLog SQL Training 2012_05_30 14_18.rtf
[2012/05/30 09:19:25 | 000,336,896 | -H-- | C] () -- C:\Users\Public\Documents\Venn.vsd
[2012/05/30 06:54:56 | 000,516,552 | ---- | C] () -- C:\bar.emf
[2012/05/30 06:54:52 | 000,134,656 | -H-- | C] () -- C:\Users\Public\Documents\Before.vsd
[2012/05/24 12:02:39 | 000,077,824 | -H-- | C] () -- C:\Windows\SysWow64\LoadDotNetAssembly.dll
[2012/04/18 16:46:31 | 000,035,048 | -H-- | C] () -- C:\Users\dean.garrison\AppData\Roaming\UserOrb.bmp
[2012/04/16 12:14:03 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/13 11:10:20 | 000,000,664 | RHS- | C] () -- C:\Users\dean.garrison\ntuser.pol
[2012/03/27 16:37:16 | 000,007,592 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/19 11:42:27 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/19 11:42:27 | 000,218,304 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/19 11:42:26 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/19 11:42:26 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/19 11:42:25 | 013,906,944 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/19 10:29:04 | 000,080,368 | -H-- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012/02/19 10:24:33 | 000,008,192 | -H-- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/05/16 12:31:44 | 000,008,592 | -H-- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/02/10 07:33:46 | 000,996,520 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/19 16:18:20 | 001,008,640 | -H-- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

========== LOP Check ==========

[2012/04/24 07:59:44 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\ASAP Utilities
[2012/05/03 11:07:32 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\Business Objects
[2012/05/09 13:49:41 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\FileZilla
[2012/04/13 13:50:09 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\Rainmeter
[2012/06/08 10:45:57 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\SAP
[2012/04/16 09:52:17 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\ShoreWare Client
[2012/05/01 12:28:12 | 000,000,000 | -H-D | M] -- C:\Users\dean.garrison\AppData\Roaming\TeamViewer
[2009/07/13 22:08:49 | 000,031,912 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/05/30 09:19:27 | 000,516,552 | ---- | M] () -- C:\bar.emf
[2012/06/22 21:45:41 | 000,025,811 | ---- | M] () -- C:\ComboFix.txt
[2012/02/19 11:55:50 | 000,035,481 | RH-- | M] () -- C:\dell.sdr
[2012/06/25 08:52:01 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/06/25 08:52:24 | 4170,080,255 | -HS- | M] () -- C:\pagefile.sys
[2012/06/21 14:23:07 | 000,159,192 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_14.21.03_log.txt
[2012/06/21 15:10:13 | 000,312,304 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_15.07.29_log.txt
[2012/06/22 17:07:36 | 000,152,804 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_22.06.2012_16.12.12_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/13 13:41:40 | 000,000,221 | -HS- | M] () -- C:\Users\dean.garrison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/21 13:56:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\dean.garrison\Desktop\aswMBR.exe
[2012/06/22 21:23:31 | 004,565,299 | R--- | M] (Swearware) -- C:\Users\dean.garrison\Desktop\ComboFix.exe
[2012/06/25 09:20:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\dean.garrison\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/25 09:02:59 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 08:53:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/13 22:08:49 | 000,031,912 | -H-- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/06/25 09:00:12 | 000,008,192 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/06/25 09:00:12 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/05/15 09:04:16 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edb00001.log
[2012/03/27 16:37:19 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/03/27 16:37:19 | 001,048,576 | -H-- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/05/03 10:59:25 | 000,000,436 | -HS- | M] () -- C:\Users\dean.garrison\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/06/21 11:20:40 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvx
[2012/06/21 11:20:40 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-M8bNpuGd8Z7Nvxr
[2012/04/16 09:15:48 | 000,007,592 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >
< End of report >

DGARR1 · Jun 25, 2012

OTL Extras logfile created on: 6/25/2012 9:22:22 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\dean.garrison\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 63.00% Memory free
15.77 Gb Paging File | 12.19 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.42 Gb Total Space | 227.05 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1769.16 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
Drive M: | 49.42 Gb Total Space | 29.02 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: GARRISON7 | User Name: dean.garrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CE5826-4E73-43B1-AAFC-BF795C322182}" = rport=1723 | protocol=6 | dir=out | app=system |
"{391569B9-C8E1-43A9-9945-915E9B864787}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A9011DE-B901-47EA-8835-E51D47F701E1}" = lport=1443 | protocol=17 | dir=in | name=sqlinudp |
"{48545B7D-5DCF-4A78-B83A-4209E4D53DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4C918DA3-32B1-4249-B398-1F76E259C143}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{586300C4-A538-4FDF-B7CB-959651D01AC4}" = lport=139 | protocol=6 | dir=in | app=system |
"{58BF514D-1F1F-4125-B9BD-0F430B5597BD}" = rport=1443 | protocol=6 | dir=out | name=sqlouttcp |
"{6360E92E-2244-427E-94C6-D1831369EA1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A191A98-A1DD-488B-9CE0-8096DADDEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{751B9EF5-E021-4854-A767-3B8747135101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75268025-CF64-4AF8-95A8-B6A9C1005A37}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C9BA7A8-E5E3-443D-BA08-4DFFD2B0D044}" = rport=445 | protocol=6 | dir=out | app=system |
"{989A1DA3-7DFB-4090-9554-EDE950311224}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B5959DC-A90F-4EF7-A7C0-DC085FA24B1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A13382C6-FCC7-4619-865A-6809D242BBF3}" = lport=1443 | protocol=6 | dir=in | name=sqlintcp |
"{A1857A5D-E56B-41AB-A244-A2D407E7A63E}" = rport=1443 | protocol=17 | dir=out | name=sqloutudp |
"{B8521BC7-F673-4F49-8E6F-5B8E71D64ED8}" = rport=1701 | protocol=17 | dir=out | app=system |
"{BDE245DC-14E4-4EE9-B051-534C883AF062}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{BEAA6C17-8823-4B7A-98FE-5DB1C6D911E0}" = lport=1701 | protocol=17 | dir=in | app=system |
"{E75496B6-48C7-4AFB-8B99-6550F0CE097F}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA140D3C-CF12-445D-AAD9-58B27443950E}" = lport=3389 | protocol=6 | dir=in | app=system |
"{EA9BD20B-576B-4296-A557-0396DFDCA2FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F96EB7A7-48FA-4484-939E-0EFA2D4B7B4C}" = lport=1723 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ADDA16-FB1A-461A-8665-81E79ADB4017}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{174086CF-1ADB-451F-9F3B-DA35B18F03E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{251CCB8D-24CA-4064-B92B-B0BB48FF5290}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{25F726C4-FC9C-48A7-BFB1-520EBF22CF16}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{2B896BEC-CBD1-4716-AFAE-EBDC851946A6}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{3802829D-29C6-4726-AE82-3956EE7CB73F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{3CC5661D-503F-4C64-ACE8-002477060022}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{3D839594-43B8-4E9E-A3CF-8E0B79172FED}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{45A988FD-50F8-48DA-B0E0-77C5A4054122}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{45FDB2C9-55A9-4933-A752-2679BAAC9D78}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{4DB7E5FE-55FC-46B9-BCC9-7136DC3B0467}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{561DFCFA-0142-4EF6-A66E-9006B74FD828}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{58D5CC98-1E8F-4AFD-B25B-3FE54A717A69}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{6350D8AB-DB70-4CFE-882F-0CF798FBED22}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{63F6CA4E-6141-49ED-B5D8-98AC945E09AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{749DB6F7-FD14-427F-ADD3-9DA1DF8AB52A}" = protocol=47 | dir=out | app=system |
"{7D38753D-E463-4DCB-9689-8797E4A8503E}" = protocol=47 | dir=in | app=system |
"{9B3CCFAC-5554-48AB-8503-8B49CE9D2E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9E7613A8-303B-482B-848E-4663A69A005B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A4E20EFC-089E-4563-85AF-D0FA6B70D27F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{BF7B6F67-4DE9-4C97-A736-7002F8EBF9DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BFC01BE3-91F8-4433-ADE4-C26146E340E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D4410F26-8CE4-452C-9E05-01624F9A5820}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6639A1F8-7ADA-473E-BD3D-683F5CDE092A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{89441FAB-96C3-49CA-BB9B-8546AAF73D4C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D84777C4-D208-4618-85B0-0F9E36152C44}C:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe |
"UDP Query User{29CF61EF-9C92-42BD-A60E-1A02A5590D35}C:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sap\sap business one integration\sapjre_6_32\jre\bin\java.exe |
"UDP Query User{698202D6-594A-4F2E-BB2A-35C1C9767449}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7BFB57C6-36CE-409B-996D-87B3F65D23B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B76DD2A-E834-4F32-A8EA-B29A0C128BA0}" = Dell ControlVault Host Components Installer 64 bit
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 SP1 Integration Services
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}" = Microsoft Sync Services for ADO.NET v2.0 (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{8E29A06B-3189-4BB0-AF4D-00397DC3C4A5}" = SciTE Text Editor
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 SP1 Integration Services
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.83
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports Basic 2008 for SAP Business One
"{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP2 - DATEV-FI Interface
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{1525BCD6-E7E7-4F2F-BCF6-5692443898C7}" = ShoreTel Communicator
"{1628A2E2-07CC-4995-B3E8-9ABE9F5189D9}" = SAP Business One Client Agent
"{21154571-0542-425D-947B-E5180980AB94}" = SAP Business One Server Tools
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{411B1683-95B6-4AA2-BF6F-C72CB6BD3A77}" = SAP Business One Crystal Report Integration Package
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7338BAAF-E281-4F00-96DC-7136C3A80C9B}" = SAP Business One integration Server
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C0A13F-6916-4A47-B0F6-7BFF9AE43DD5}" = SAP Business One integration DIProxy
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{7BA03320-C23E-44EF-ABA2-79768FD277EC}" = SAP Business One 8.8 SP1 - Copy Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B5ED17CC-F74C-4F08-AC19-F84C50B9B32D}" = SAP Business One Screen Painter
"{BCFBFA9D-4CFE-44ED-B2EF-9DE261B46F52}" = SAP Business One integration EventSender
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Report 2008 Runtime SP3
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D54E0121-A6C2-4DC2-A55E-7C92270A0802}" = DXB1
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Android SDK Tools" = Android SDK Tools
"ASAP Utilities_is1" = ASAP Utilities
"Belarc Advisor" = Belarc Advisor 8.2
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.5.3
"IconPackager" = IconPackager
"InstallShield_{09553952-C194-4245-833A-C9CAF31A49B0}" = SAP Business One 8.8 SP2 - DATEV-FI Interface
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{21154571-0542-425D-947B-E5180980AB94}" = SAP Business One Server Tools
"InstallShield_{411B1683-95B6-4AA2-BF6F-C72CB6BD3A77}" = SAP Business One Crystal Report Integration Package
"InstallShield_{4E75CC14-A855-4A6D-890E-8248F0113D42}" = SAP Business One - Microsoft Outlook Integration Server Installer
"InstallShield_{6FA3A5F0-5E8D-4257-BAF2-1501F3D76DC7}" = SAP Business One Crystal Report Integration Package
"InstallShield_{7338BAAF-E281-4F00-96DC-7136C3A80C9B}" = SAP Business One integration Server
"InstallShield_{77C0A13F-6916-4A47-B0F6-7BFF9AE43DD5}" = SAP Business One integration DIProxy
"InstallShield_{7BA03320-C23E-44EF-ABA2-79768FD277EC}" = SAP Business One 8.8 SP1 - Copy Express
"InstallShield_{889991FA-CE9B-42A9-A8DA-228219FA65AC}" = SAP Business One Client
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{A9951634-D832-4E61-938F-51171322965F}" = Remote Support Platform for SAP Business One
"InstallShield_{BCFBFA9D-4CFE-44ED-B2EF-9DE261B46F52}" = SAP Business One integration EventSender
"InstallShield_{D54E0121-A6C2-4DC2-A55E-7C92270A0802}" = SAP Business One Data Transfer Workbench
"InstallShield_{E30C5D6E-D6D2-465D-96E0-FB94CB2BB14D}" = SAP Business One DI API
"InstallShield_{FA9408EB-5B35-415C-8176-7DC428D7DDCE}" = SAP Business One Server
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Rainmeter" = Rainmeter
"SAP Business One Screen Painter" = SAP Business One Screen Painter
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 7" = TeamViewer 7
"Vision33 1D2V CRM Dashboard_is1" = Vision33 1D2V CRM Dashboard + 1.8.8.4
"Vision33 1D2V Finance Charges_is1" = Vision33 1D2V Finance Charges + 1.8.8.2
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VMware_Player" = VMware Player
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2012 11:56:06 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 5/25/2012 12:59:37 PM | Computer Name = garrison7.zedIT.com | Source = Application Error | ID = 1000
Description = Faulting application name: SAPB1iEventSender.exe, version: 1.0.0.2,
time stamp: 0x4f7206b1 Faulting module name: jvm.dll, version: 1.6.0.7, time stamp:
0x4dcf44ca Exception code: 0xc0000005 Fault offset: 0x001f60f2 Faulting process id:
0x204 Faulting application start time: 0x01cd3a96714fd76a Faulting application path:
C:\Program Files (x86)\SAP\SAP Business One Integration\EventSender\SAPB1iEventSender.exe
Faulting
module path: C:\Program Files (x86)\SAP\SAP Business One Integration\sapjre_6_32\jre\bin\server\jvm.dll
Report
Id: 022e4518-a68b-11e1-b1ea-005056c00008

Error - 5/25/2012 7:48:50 PM | Computer Name = garrison7.zedIT.com | Source = Application Error | ID = 1000
Description = Faulting application name: SAP Business One.exe, version: 8.82.67.0,
time stamp: 0x4f721100 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc24 Faulting
process id: 0x2770 Faulting application start time: 0x01cd3ab117d456d5 Faulting application
path: C:\Program Files (x86)\SAP\SAP Business One\SAP Business One.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: 2cae333c-a6c4-11e1-b1ea-005056c00008

Error - 5/25/2012 8:38:19 PM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2012 8:39:58 PM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 5/26/2012 12:28:30 AM | Computer Name = garrison7.zedIT.com | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 5/29/2012 11:21:59 AM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
Description =

Error - 5/29/2012 11:23:38 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 5/30/2012 9:57:35 AM | Computer Name = garrison7.zedIT.com | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2012 9:58:28 AM | Computer Name = garrison7.zedIT.com | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

[ System Events ]
Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The Netlogon service depends on the Workstation service which failed
to start because of the following error: %%1068

Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The IP Helper service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 6/21/2012 6:28:59 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 6/21/2012 6:29:00 PM | Computer Name = garrison7.zedIT.com | Source = DCOM | ID = 10005
Description =

Error - 6/21/2012 6:29:00 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error - 6/21/2012 6:29:08 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 6/21/2012 6:31:26 PM | Computer Name = garrison7.zedIT.com | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

< End of report >

Broni · Jun 25, 2012

You didn't say:

How is computer doing?

===========================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15:64bit: - ..Trusted Domains: zedit.com ([zedworld] https in Local intranet)
O15 - HKCU\..Trusted Domains: garrison7 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: zedit.com ([zedworld] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
[2012/06/21 11:20:39 | 000,000,681 | -H-- | M] () -- C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

DGARR1 · Jun 26, 2012

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garrison7\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zedit.com\zedworld\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
C:\Users\dean.garrison\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: dean.garrison
->Temp folder emptied: 25858101 bytes
->Temporary Internet Files folder emptied: 71382904 bytes
->Java cache emptied: 353581 bytes
->Flash cache emptied: 121707 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: michael.tava
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 220111 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95897 bytes
RecycleBin emptied: 13229 bytes

Total Files Cleaned = 94.00 mb

[EMPTYJAVA]

User: All Users

User: dean.garrison
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: michael.tava
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: dean.garrison
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: michael.tava

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.53.0 log created on 06252012_184320
Files\Folders moved on Reboot...
C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-6368.log moved successfully.
File\Folder C:\Windows\temp\hsperfdata_garrison7$\1044 not found!
File\Folder C:\Windows\temp\hsperfdata_garrison7$\5192 not found!
File\Folder C:\Windows\temp\hsperfdata_garrison7$\5348 not found!
PendingFileRenameOperations files...
File C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/06/25 18:47:32 | 000,003,602 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-6368.log not found!
File C:\Windows\temp\hsperfdata_garrison7$\1044 not found!
File C:\Windows\temp\hsperfdata_garrison7$\5192 not found!
File C:\Windows\temp\hsperfdata_garrison7$\5348 not found!
Registry entries deleted on Reboot...

DGARR1 · Jun 26, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 7 Update 1
Out of date Java installed!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

DGARR1 · Jun 26, 2012

Farbar Service Scanner Version: 25-06-2012 01
Ran by dean.garrison (administrator) on 25-06-2012 at 18:54:37
Running from "C:\Users\dean.garrison\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

DGARR1 · Jun 26, 2012

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.06.2012_14.21.03\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined

DGARR1 · Jun 26, 2012

the computer seems to be running fine...
I did get my ALL Programs back via a post I found!

I am also going to use MS Essentials when we are done here. I am not a fan of Symantec crap...the last computer I posted for help here ran the same thing...my home PCs run MS Essentials and no issues..

//DEAN

Broni · Jun 26, 2012

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=======================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

DGARR1 · Jun 28, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: dean.garrison
->Temp folder emptied: 7104793 bytes
->Temporary Internet Files folder emptied: 45958948 bytes
->Java cache emptied: 103886 bytes
->Flash cache emptied: 4615 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: michael.tava
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1061878 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312458 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 4216 bytes

Total Files Cleaned = 52.00 mb

[EMPTYFLASH]

User: All Users

User: dean.garrison
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: michael.tava

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: dean.garrison
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: michael.tava
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06282012_124321
Files\Folders moved on Reboot...
File\Folder C:\Users\dean.garrison\AppData\Local\Temp\hsperfdata_dean.garrison\5464 not found!
C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\dean.garrison\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[1].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[2].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\ms[1].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6ZTIEO4\read[1].htm not found!
C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\default[1].htm moved successfully.
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[1].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[2].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[3].htm not found!
C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\home3[1].htm moved successfully.
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUE70VOH\clkurl=;ord=1990616673[1].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91CUHQAU\clkurl=;ord=1990616673[1].htm not found!
File\Folder C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NQEMYF7\impsc[1].htm not found!
C:\Windows\temp\vmware-SYSTEM\vmauthd.log moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4780.log moved successfully.
File\Folder C:\Windows\temp\hsperfdata_garrison7$\4696 not found!
File\Folder C:\Windows\temp\hsperfdata_garrison7$\6120 not found!
File\Folder C:\Windows\temp\hsperfdata_garrison7$\8512 not found!
PendingFileRenameOperations files...
File C:\Users\dean.garrison\AppData\Local\Temp\hsperfdata_dean.garrison\5464 not found!
File C:\Users\dean.garrison\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\dean.garrison\AppData\Local\Temp\FXSTIFFDebugLogFile.txt not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\displayad[2].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZPBSZPK\ms[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6ZTIEO4\read[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\default[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[2].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\displayad[3].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGONK694\home3[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUE70VOH\clkurl=;ord=1990616673[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91CUHQAU\clkurl=;ord=1990616673[1].htm not found!
File C:\Users\dean.garrison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NQEMYF7\impsc[1].htm not found!
File C:\Windows\temp\vmware-SYSTEM\vmauthd.log not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4780.log not found!
File C:\Windows\temp\hsperfdata_garrison7$\4696 not found!
File C:\Windows\temp\hsperfdata_garrison7$\6120 not found!
File C:\Windows\temp\hsperfdata_garrison7$\8512 not found!
Registry entries deleted on Reboot...

Broni · Jun 28, 2012

13. Please, let me know, how your computer is doing.

DGARR1 · Jul 2, 2012

It is doing great Thanks!

Broni · Jul 2, 2012

Way to go!!

Good luck and stay safe

Solved SMART recovery/HDD rogue

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Similar threads