Jump to content

Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Ok thanks! I was unable to download adwcleaner. Below is checkup.txt and the RK report. One thing that was strange is when I powered on this morning, I had an error dialog saying "there was a problem starting c:\users\username\appdata\local\temporary projects\microsoft_corporation\tfulef.dll". I checked the folder and it was created about the time the redirects started, but it was empty. Rogue killer deleted this directory in the registry keys. I didn't run any more AV / AT / fixes after the post yesterday. I haven't had a redirect or modifications to the browser history today.

________________________________________________________________________________

Security Check:

________________________________________________________________________________

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 30

Java version out of Date!

Adobe Flash Player 11.5.502.110

Mozilla Firefox (17.0)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malware Fixes SecurityCheck.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

________________________________________________________________________________

RogueKiller:

________________________________________________________________________________

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : andys [Admin rights]

Mode : Remove -- Date : 12/04/2012 09:40:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤

[RUN][NOTFOUND] HKCU\[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED

[RUN][NOTFOUND] HKUS\.DEFAULT[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED

[RUN][NOTFOUND] HKUS\S-1-5-19[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED

[RUN][NOTFOUND] HKUS\S-1-5-20[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED

[RUN][NOTFOUND] HKUS\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795[...]\Run : Microsoft_Corporation (rundll32.exe "C:\Users\andys\AppData\Local\Temporary Projects\Microsoft_Corporation\tfulef.dll",sf_commandW) -> DELETED

[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> DELETED

[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> DELETED

[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED

[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> DELETED

[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Programs +++++

--- User ---

[MBR] 3b79052cbee029cd2b5fa51c00149d00

[bSP] 51b4f6affb78eccd885944a1e473d73a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953765 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Data +++++

--- User ---

[MBR] 988b44882e7c96faecd36b7d75c63769

[bSP] 33e37a1db2528b53f4b2e3f50cbd49f0 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953864 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_12042012_02d0940.txt >>

RKreport[1]_S_12042012_02d0939.txt ; RKreport[2]_S_12042012_02d0940.txt ; RKreport[3]_D_12042012_02d0940.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Combofix went smooth. Everything seems fine now!

Combofix log:

ComboFix 12-12-04.01 - andys 12/04/2012 16:16:28.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6100 [GMT -5:00]

Running from: c:\users\andys\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\marks\g2mdlhlpx.exe

c:\users\TEMP\prfB402.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))

.

.

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\MSSQL$SQLEXPR12\AppData\Local\temp

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\marks\AppData\Local\temp

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-04 21:25 . 2012-12-04 21:25 -------- d-----w- c:\users\administrator\AppData\Local\temp

2012-12-03 19:21 . 2012-12-03 21:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-03 19:21 . 2012-12-03 19:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-30 20:33 . 2012-11-30 20:33 -------- d-----w- C:\found.000

2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\users\andys\AppData\Roaming\SUPERAntiSpyware.com

2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-30 18:46 . 2012-11-30 18:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-29 21:58 . 2012-11-29 21:58 -------- d-----w- c:\users\andys\AppData\Local\Apple Computer

2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----w- C:\FRST

2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\users\andys\AppData\Roaming\Malwarebytes

2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-29 15:01 . 2012-11-29 15:01 -------- d-----w- c:\programdata\Malwarebytes

2012-11-29 15:01 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-27 15:38 . 2012-11-28 14:23 -------- d-----w- c:\users\andys\AppData\Local\Temporary Projects

2012-11-16 21:35 . 2011-08-16 19:59 48512 ----a-w- c:\windows\system32\crdnmon.dll

2012-11-16 21:33 . 2012-11-16 21:33 -------- d-----w- C:\CardPrinter

2012-11-16 21:11 . 2012-11-16 21:33 -------- d-----w- c:\program files (x86)\Datacard Card Printers

2012-11-16 21:05 . 2012-11-16 21:05 -------- d-----w- c:\users\andys\AppData\Roaming\Hex-Rays

2012-11-16 21:04 . 2012-11-16 21:11 -------- d-----w- c:\program files (x86)\IDA Free

2012-11-15 08:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-15 08:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 08:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 08:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-15 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 14:04 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 14:04 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-13 19:56 . 2012-11-13 19:56 -------- d-----w- c:\users\andys\AppData\Local\Adobe

2012-11-13 16:34 . 2012-12-04 21:09 -------- d-----w- c:\users\andys\AppData\Roaming\Ditto

2012-11-13 16:34 . 2012-11-13 16:34 -------- d-----w- c:\program files\Ditto

2012-11-13 16:29 . 2012-11-13 16:29 -------- d-----w- c:\users\andys\AppData\Local\Macromedia

2012-11-12 15:12 . 2012-11-12 15:12 -------- d-----w- c:\users\andys\AppData\Local\ElevatedDiagnostics

2012-11-12 14:16 . 2012-11-12 14:16 -------- d-----w- c:\users\andys\reptool

2012-11-12 14:16 . 2012-11-12 14:16 -------- d-----w- c:\users\andys\eqlgroupmgr

2012-11-07 17:06 . 2012-11-07 17:06 -------- d-----w- c:\program files\Barracuda

2012-11-07 15:15 . 2012-11-07 15:15 -------- d-----w- c:\users\andys\AppData\Local\Mozilla

2012-11-07 15:15 . 2012-11-29 19:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-11-05 19:51 . 2012-11-26 20:24 -------- d-----w- c:\users\andys\AppData\Roaming\Avigilon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 08:01 . 2009-12-31 22:15 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-08 13:29 . 2012-04-12 13:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-08 13:29 . 2011-05-17 12:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-04 17:23 . 2012-10-23 16:12 2249392 ----a-w- c:\windows\system32\rmconfig.EXE

2012-10-25 22:29 . 2012-10-25 22:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-18 07:05 . 2012-10-17 17:44 182208 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-10-18 07:04 . 2012-09-07 18:51 561792 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2012-10-18 07:02 . 2012-09-07 14:17 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-10-16 08:38 . 2012-11-28 07:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 07:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 07:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 21:09 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-10-11 21:08 . 2009-08-18 15:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-10-09 04:27 . 2012-08-15 07:27 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-10-02 20:25 . 2009-12-31 23:54 233120 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-09-27 14:14 . 2012-09-27 14:14 136784 ----a-w- c:\windows\SysWow64\atashost.exe

2012-09-27 14:14 . 2012-09-27 14:14 223312 ----a-w- c:\windows\SysWow64\atsckernel.exe

2012-09-14 19:19 . 2012-10-10 12:14 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-13 11:14 . 2012-10-15 12:49 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-09-13 11:13 . 2012-09-13 11:13 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-09-13 11:13 . 2012-10-15 12:49 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-09-13 11:13 . 2012-09-13 11:13 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-09-13 11:13 . 2012-09-13 11:13 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-09 1717872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\andys\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

.

c:\users\andys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-9-7 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-9-12 4679672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]

R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.21746.0.sys [x]

R3 FileZillaServer;FileZillaServer;p:\xampp\FileZillaFTP\FileZillaServer.exe [2012-05-11 632320]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-14 1436424]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 ser2attr;Tripp Lite USB to Serial port;c:\windows\system32\DRIVERS\ser2attr64.sys [2009-11-16 96256]

R3 SiriuswareUpdate;SiriuswareUpdate;c:\program files (x86)\Siriusware\SiriuswareUpdate.exe [2011-08-17 39968]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPR12;SQL Server Agent (SQLEXPR12);c:\program files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 438360]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-13 119640]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 Apache2.4;Apache2.4;p:\xampp\apache\bin\httpd.exe [2012-06-06 22016]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-09-27 136784]

S2 bbagent;Barracuda Backup Agent;c:\program files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe [2012-11-07 55808]

S2 MSSQL$SQLEXPR12;SQL Server (SQLEXPR12);c:\program files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\sqlservr.exe [2012-02-11 206424]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SonicWALLCDPAgent;SonicWALL CDP Agent Service;c:\program files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe [2009-05-21 35328]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-26 138912]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 14:21]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 14:21]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304Core.job

- c:\users\marks\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 15:21]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304UA.job

- c:\users\marks\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 15:21]

.

2012-12-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.42.8 192.168.42.45

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://catermate/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=003qbt24xm5zppzdjihwctzx&ControlID=c89f4bf62c6b49b29de559a8ed36cbb0&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.229.44.162:8081/activex/AMC.cab

DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://bbremote.dynalias.com:4000/user/TSBnwCam.CAB

FF - ProfilePath - c:\users\andys\AppData\Roaming\Mozilla\Firefox\Profiles\v85fksaf.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-Symantec Antvirus

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-04 16:40:49

ComboFix-quarantined-files.txt 2012-12-04 21:40

.

Pre-Run: 920,825,946,112 bytes free

Post-Run: 920,793,124,864 bytes free

.

- - End Of File - - 1C6AF707D35CE874E1C5797E7F645189

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Ok I ran those tools; results are below. It could be coincidence, but it seems as if the problem goes away when I'm browsing the malwarebytes forum and comes back when I haven't been there for a few minutes, as if it knows that I'm aware. IE also started occasionally locking up if I have more than one window open. The second window just goes transaprent and shows whatever screen is behind it. I can move it around with the title bar and it closes, but occasionally it takes a few minutes. It's an intel core i7 with 8 gigs of ram, so it's not just being slow.

TDSSKiller:

17:25:58.0840 5364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:25:59.0105 5364 ============================================================

17:25:59.0105 5364 Current date / time: 2012/12/05 17:25:59.0105

17:25:59.0105 5364 SystemInfo:

17:25:59.0105 5364

17:25:59.0105 5364 OS Version: 6.1.7601 ServicePack: 1.0

17:25:59.0105 5364 Product type: Workstation

17:25:59.0105 5364 ComputerName: POSADMIN_DESKTO

17:25:59.0105 5364 UserName: andys

17:25:59.0105 5364 Windows directory: C:\Windows

17:25:59.0105 5364 System windows directory: C:\Windows

17:25:59.0105 5364 Running under WOW64

17:25:59.0105 5364 Processor architecture: Intel x64

17:25:59.0105 5364 Number of processors: 8

17:25:59.0105 5364 Page size: 0x1000

17:25:59.0105 5364 Boot type: Normal boot

17:25:59.0105 5364 ============================================================

17:25:59.0776 5364 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:25:59.0776 5364 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:25:59.0792 5364 ============================================================

17:25:59.0792 5364 \Device\Harddisk0\DR0:

17:25:59.0792 5364 MBR partitions:

17:25:59.0792 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:25:59.0792 5364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D2800

17:25:59.0792 5364 \Device\Harddisk1\DR1:

17:25:59.0792 5364 MBR partitions:

17:25:59.0792 5364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704000

17:25:59.0792 5364 ============================================================

17:25:59.0823 5364 C: <-> \Device\Harddisk0\DR0\Partition2

17:26:00.0322 5364 P: <-> \Device\Harddisk1\DR1\Partition1

17:26:00.0322 5364 ============================================================

17:26:00.0322 5364 Initialize success

17:26:00.0322 5364 ============================================================

17:26:14.0097 5492 ============================================================

17:26:14.0097 5492 Scan started

17:26:14.0097 5492 Mode: Manual;

17:26:14.0097 5492 ============================================================

17:26:14.0674 5492 ================ Scan system memory ========================

17:26:14.0674 5492 System memory - ok

17:26:14.0674 5492 ================ Scan services =============================

17:26:14.0768 5492 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

17:26:14.0768 5492 !SASCORE - ok

17:26:14.0939 5492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:26:14.0939 5492 1394ohci - ok

17:26:14.0971 5492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:26:14.0971 5492 ACPI - ok

17:26:15.0017 5492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:26:15.0049 5492 AcpiPmi - ok

17:26:15.0111 5492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:26:15.0158 5492 adp94xx - ok

17:26:15.0173 5492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:26:15.0205 5492 adpahci - ok

17:26:15.0220 5492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:26:15.0236 5492 adpu320 - ok

17:26:15.0267 5492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:26:15.0267 5492 AeLookupSvc - ok

17:26:15.0314 5492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:26:15.0329 5492 AFD - ok

17:26:15.0361 5492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:26:15.0376 5492 agp440 - ok

17:26:15.0423 5492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:26:15.0439 5492 ALG - ok

17:26:15.0454 5492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:26:15.0470 5492 aliide - ok

17:26:15.0517 5492 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:26:15.0517 5492 AMD External Events Utility - ok

17:26:15.0548 5492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

17:26:15.0563 5492 amdide - ok

17:26:15.0579 5492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:26:15.0595 5492 AmdK8 - ok

17:26:15.0797 5492 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:26:15.0953 5492 amdkmdag - ok

17:26:15.0985 5492 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:26:15.0985 5492 amdkmdap - ok

17:26:16.0000 5492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:26:16.0016 5492 AmdPPM - ok

17:26:16.0047 5492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:26:16.0063 5492 amdsata - ok

17:26:16.0109 5492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:26:16.0109 5492 amdsbs - ok

17:26:16.0125 5492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:26:16.0125 5492 amdxata - ok

17:26:16.0203 5492 [ 44EE9285880603E2C7550541EA698D8D ] Apache2.4 P:\xampp\apache\bin\httpd.exe

17:26:16.0203 5492 Apache2.4 - ok

17:26:16.0281 5492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

17:26:16.0297 5492 AppID - ok

17:26:16.0328 5492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:26:16.0375 5492 AppIDSvc - ok

17:26:16.0390 5492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:26:16.0390 5492 Appinfo - ok

17:26:16.0515 5492 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:26:16.0515 5492 Apple Mobile Device - ok

17:26:16.0577 5492 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

17:26:16.0577 5492 AppMgmt - ok

17:26:16.0609 5492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:26:16.0640 5492 arc - ok

17:26:16.0655 5492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:26:16.0687 5492 arcsas - ok

17:26:16.0796 5492 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:26:16.0827 5492 aspnet_state - ok

17:26:16.0858 5492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:26:16.0858 5492 AsyncMac - ok

17:26:16.0889 5492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

17:26:16.0889 5492 atapi - ok

17:26:17.0030 5492 [ 5A5DC741689E6E289FC6BA794B8B8E58 ] atashost C:\Windows\SysWOW64\atashost.exe

17:26:17.0030 5492 atashost - ok

17:26:17.0077 5492 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

17:26:17.0092 5492 AtiHDAudioService - ok

17:26:17.0123 5492 [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

17:26:17.0123 5492 AtiHdmiService - ok

17:26:17.0295 5492 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:26:17.0326 5492 atikmdag - ok

17:26:17.0373 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:26:17.0373 5492 AudioEndpointBuilder - ok

17:26:17.0388 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:26:17.0388 5492 AudioSrv - ok

17:26:17.0420 5492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:26:17.0451 5492 AxInstSV - ok

17:26:17.0498 5492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:26:17.0529 5492 b06bdrv - ok

17:26:17.0560 5492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:26:17.0591 5492 b57nd60a - ok

17:26:17.0716 5492 [ EC33F6D3595ADAD025E90EA2C666609A ] bbagent C:\Program Files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe

17:26:17.0716 5492 bbagent - ok

17:26:17.0747 5492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:26:17.0747 5492 BDESVC - ok

17:26:17.0763 5492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:26:17.0763 5492 Beep - ok

17:26:17.0825 5492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

17:26:17.0825 5492 BFE - ok

17:26:17.0872 5492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

17:26:17.0966 5492 BITS - ok

17:26:17.0966 5492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:26:17.0966 5492 blbdrive - ok

17:26:18.0028 5492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:26:18.0044 5492 Bonjour Service - ok

17:26:18.0059 5492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:26:18.0059 5492 bowser - ok

17:26:18.0075 5492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:26:18.0090 5492 BrFiltLo - ok

17:26:18.0090 5492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:26:18.0122 5492 BrFiltUp - ok

17:26:18.0137 5492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:26:18.0153 5492 BridgeMP - ok

17:26:18.0184 5492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

17:26:18.0184 5492 Browser - ok

17:26:18.0215 5492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:26:18.0231 5492 Brserid - ok

17:26:18.0246 5492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:26:18.0262 5492 BrSerWdm - ok

17:26:18.0262 5492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:26:18.0278 5492 BrUsbMdm - ok

17:26:18.0293 5492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:26:18.0309 5492 BrUsbSer - ok

17:26:18.0324 5492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:26:18.0340 5492 BTHMODEM - ok

17:26:18.0387 5492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:26:18.0387 5492 bthserv - ok

17:26:18.0402 5492 catchme - ok

17:26:18.0480 5492 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

17:26:18.0480 5492 ccEvtMgr - ok

17:26:18.0480 5492 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

17:26:18.0480 5492 ccSetMgr - ok

17:26:18.0527 5492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:26:18.0527 5492 cdfs - ok

17:26:18.0590 5492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:26:18.0636 5492 cdrom - ok

17:26:18.0668 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

17:26:18.0683 5492 CertPropSvc - ok

17:26:18.0699 5492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:26:18.0699 5492 circlass - ok

17:26:18.0730 5492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:26:18.0730 5492 CLFS - ok

17:26:18.0839 5492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:26:18.0886 5492 clr_optimization_v2.0.50727_32 - ok

17:26:18.0902 5492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:26:18.0902 5492 clr_optimization_v2.0.50727_64 - ok

17:26:19.0058 5492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:26:19.0058 5492 clr_optimization_v4.0.30319_32 - ok

17:26:19.0104 5492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:26:19.0120 5492 clr_optimization_v4.0.30319_64 - ok

17:26:19.0136 5492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:26:19.0151 5492 CmBatt - ok

17:26:19.0182 5492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:26:19.0198 5492 cmdide - ok

17:26:19.0229 5492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

17:26:19.0229 5492 CNG - ok

17:26:19.0276 5492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:26:19.0276 5492 Compbatt - ok

17:26:19.0323 5492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:26:19.0323 5492 CompositeBus - ok

17:26:19.0323 5492 COMSysApp - ok

17:26:19.0354 5492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:26:19.0370 5492 crcdisk - ok

17:26:19.0416 5492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:26:19.0416 5492 CryptSvc - ok

17:26:19.0463 5492 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

17:26:19.0463 5492 CSC - ok

17:26:19.0494 5492 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

17:26:19.0510 5492 CscService - ok

17:26:19.0526 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:26:19.0526 5492 DcomLaunch - ok

17:26:19.0557 5492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:26:19.0588 5492 defragsvc - ok

17:26:19.0619 5492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:26:19.0619 5492 DfsC - ok

17:26:19.0650 5492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

17:26:19.0650 5492 Dhcp - ok

17:26:19.0666 5492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:26:19.0666 5492 discache - ok

17:26:19.0682 5492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:26:19.0682 5492 Disk - ok

17:26:19.0713 5492 DisplayLinkUsbPort - ok

17:26:19.0744 5492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:26:19.0744 5492 Dnscache - ok

17:26:19.0775 5492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:26:19.0806 5492 dot3svc - ok

17:26:19.0838 5492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

17:26:19.0838 5492 DPS - ok

17:26:19.0884 5492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:26:19.0884 5492 drmkaud - ok

17:26:19.0931 5492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:26:19.0947 5492 DXGKrnl - ok

17:26:19.0962 5492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:26:19.0962 5492 EapHost - ok

17:26:20.0040 5492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:26:20.0103 5492 ebdrv - ok

17:26:20.0165 5492 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:26:20.0165 5492 eeCtrl - ok

17:26:20.0196 5492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

17:26:20.0196 5492 EFS - ok

17:26:20.0274 5492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:26:20.0384 5492 ehRecvr - ok

17:26:20.0399 5492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:26:20.0415 5492 ehSched - ok

17:26:20.0477 5492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:26:20.0477 5492 elxstor - ok

17:26:20.0524 5492 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:26:20.0524 5492 EraserUtilRebootDrv - ok

17:26:20.0555 5492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:26:20.0571 5492 ErrDev - ok

17:26:20.0602 5492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:26:20.0618 5492 EventSystem - ok

17:26:20.0649 5492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:26:20.0664 5492 exfat - ok

17:26:20.0680 5492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:26:20.0711 5492 fastfat - ok

17:26:20.0758 5492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

17:26:20.0774 5492 Fax - ok

17:26:20.0805 5492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:26:20.0836 5492 fdc - ok

17:26:20.0852 5492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:26:20.0852 5492 fdPHost - ok

17:26:20.0867 5492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:26:20.0867 5492 FDResPub - ok

17:26:20.0883 5492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:26:20.0883 5492 FileInfo - ok

17:26:20.0898 5492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:26:20.0898 5492 Filetrace - ok

17:26:20.0945 5492 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZillaServer P:\xampp\FileZillaFTP\FileZillaServer.exe

17:26:21.0039 5492 FileZillaServer - ok

17:26:21.0179 5492 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:26:21.0257 5492 FLEXnet Licensing Service - ok

17:26:21.0335 5492 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

17:26:21.0382 5492 FLEXnet Licensing Service 64 - ok

17:26:21.0398 5492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:26:21.0413 5492 flpydisk - ok

17:26:21.0444 5492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:26:21.0444 5492 FltMgr - ok

17:26:21.0491 5492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

17:26:21.0507 5492 FontCache - ok

17:26:21.0554 5492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:26:21.0569 5492 FontCache3.0.0.0 - ok

17:26:21.0600 5492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:26:21.0616 5492 FsDepends - ok

17:26:21.0663 5492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:26:21.0663 5492 Fs_Rec - ok

17:26:21.0694 5492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:26:21.0710 5492 fvevol - ok

17:26:21.0741 5492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:26:21.0772 5492 gagp30kx - ok

17:26:21.0803 5492 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:26:21.0803 5492 GEARAspiWDM - ok

17:26:21.0866 5492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

17:26:21.0866 5492 gpsvc - ok

17:26:21.0944 5492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:26:21.0944 5492 gupdate - ok

17:26:21.0975 5492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:26:21.0975 5492 gupdatem - ok

17:26:22.0006 5492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:26:22.0022 5492 hcw85cir - ok

17:26:22.0068 5492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:26:22.0068 5492 HdAudAddService - ok

17:26:22.0115 5492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:26:22.0115 5492 HDAudBus - ok

17:26:22.0131 5492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:26:22.0162 5492 HidBatt - ok

17:26:22.0178 5492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:26:22.0193 5492 HidBth - ok

17:26:22.0240 5492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:26:22.0256 5492 HidIr - ok

17:26:22.0271 5492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

17:26:22.0271 5492 hidserv - ok

17:26:22.0318 5492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:26:22.0318 5492 HidUsb - ok

17:26:22.0365 5492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:26:22.0380 5492 hkmsvc - ok

17:26:22.0412 5492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:26:22.0443 5492 HomeGroupListener - ok

17:26:22.0490 5492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:26:22.0490 5492 HomeGroupProvider - ok

17:26:22.0536 5492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:26:22.0568 5492 HpSAMD - ok

17:26:22.0583 5492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:26:22.0599 5492 HTTP - ok

17:26:22.0614 5492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:26:22.0614 5492 hwpolicy - ok

17:26:22.0630 5492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:26:22.0630 5492 i8042prt - ok

17:26:22.0708 5492 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

17:26:22.0708 5492 IAANTMON - ok

17:26:22.0755 5492 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:26:22.0755 5492 iaStor - ok

17:26:22.0786 5492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:26:22.0802 5492 iaStorV - ok

17:26:22.0864 5492 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:26:22.0895 5492 IDriverT - ok

17:26:22.0958 5492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:26:23.0020 5492 idsvc - ok

17:26:23.0036 5492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:26:23.0067 5492 iirsp - ok

17:26:23.0114 5492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

17:26:23.0129 5492 IKEEXT - ok

17:26:23.0160 5492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

17:26:23.0192 5492 intelide - ok

17:26:23.0223 5492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:26:23.0223 5492 intelppm - ok

17:26:23.0254 5492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:26:23.0254 5492 IPBusEnum - ok

17:26:23.0270 5492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:26:23.0285 5492 IpFilterDriver - ok

17:26:23.0316 5492 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:26:23.0332 5492 iphlpsvc - ok

17:26:23.0363 5492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:26:23.0379 5492 IPMIDRV - ok

17:26:23.0394 5492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:26:23.0410 5492 IPNAT - ok

17:26:23.0441 5492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:26:23.0441 5492 IRENUM - ok

17:26:23.0472 5492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:26:23.0488 5492 isapnp - ok

17:26:23.0519 5492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:26:23.0535 5492 iScsiPrt - ok

17:26:23.0566 5492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:26:23.0566 5492 kbdclass - ok

17:26:23.0597 5492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:26:23.0597 5492 kbdhid - ok

17:26:23.0613 5492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

17:26:23.0628 5492 KeyIso - ok

17:26:23.0660 5492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:26:23.0660 5492 KSecDD - ok

17:26:23.0706 5492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:26:23.0706 5492 KSecPkg - ok

17:26:23.0722 5492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:26:23.0722 5492 ksthunk - ok

17:26:23.0753 5492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:26:23.0800 5492 KtmRm - ok

17:26:23.0831 5492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

17:26:23.0831 5492 LanmanServer - ok

17:26:23.0862 5492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:26:23.0862 5492 LanmanWorkstation - ok

17:26:23.0956 5492 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

17:26:23.0987 5492 LiveUpdate - ok

17:26:23.0987 5492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:26:24.0003 5492 lltdio - ok

17:26:24.0018 5492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:26:24.0050 5492 lltdsvc - ok

17:26:24.0065 5492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:26:24.0065 5492 lmhosts - ok

17:26:24.0081 5492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:26:24.0112 5492 LSI_FC - ok

17:26:24.0143 5492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:26:24.0143 5492 LSI_SAS - ok

17:26:24.0159 5492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:26:24.0174 5492 LSI_SAS2 - ok

17:26:24.0174 5492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:26:24.0190 5492 LSI_SCSI - ok

17:26:24.0206 5492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:26:24.0206 5492 luafv - ok

17:26:24.0252 5492 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

17:26:24.0252 5492 mcdbus - ok

17:26:24.0268 5492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:26:24.0284 5492 Mcx2Svc - ok

17:26:24.0362 5492 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

17:26:24.0362 5492 MDM - ok

17:26:24.0377 5492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:26:24.0393 5492 megasas - ok

17:26:24.0424 5492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:26:24.0518 5492 MegaSR - ok

17:26:24.0549 5492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:26:24.0549 5492 MMCSS - ok

17:26:24.0564 5492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:26:24.0580 5492 Modem - ok

17:26:24.0596 5492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:26:24.0596 5492 monitor - ok

17:26:24.0627 5492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:26:24.0627 5492 mouclass - ok

17:26:24.0642 5492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:26:24.0642 5492 mouhid - ok

17:26:24.0689 5492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:26:24.0689 5492 mountmgr - ok

17:26:24.0752 5492 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:26:24.0767 5492 MozillaMaintenance - ok

17:26:24.0798 5492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:26:24.0814 5492 mpio - ok

17:26:24.0830 5492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:26:24.0830 5492 mpsdrv - ok

17:26:24.0876 5492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:26:24.0876 5492 MpsSvc - ok

17:26:24.0908 5492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:26:24.0923 5492 MRxDAV - ok

17:26:24.0954 5492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:26:24.0954 5492 mrxsmb - ok

17:26:25.0001 5492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:26:25.0001 5492 mrxsmb10 - ok

17:26:25.0017 5492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:26:25.0017 5492 mrxsmb20 - ok

17:26:25.0048 5492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:26:25.0064 5492 msahci - ok

17:26:25.0095 5492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:26:25.0110 5492 msdsm - ok

17:26:25.0142 5492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:26:25.0157 5492 MSDTC - ok

17:26:25.0204 5492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:26:25.0204 5492 Msfs - ok

17:26:25.0235 5492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:26:25.0235 5492 mshidkmdf - ok

17:26:25.0266 5492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:26:25.0266 5492 msisadrv - ok

17:26:25.0298 5492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:26:25.0313 5492 MSiSCSI - ok

17:26:25.0329 5492 msiserver - ok

17:26:25.0344 5492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:26:25.0360 5492 MSKSSRV - ok

17:26:25.0376 5492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:26:25.0376 5492 MSPCLOCK - ok

17:26:25.0391 5492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:26:25.0407 5492 MSPQM - ok

17:26:25.0438 5492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:26:25.0438 5492 MsRPC - ok

17:26:25.0454 5492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:26:25.0454 5492 mssmbios - ok

17:26:25.0578 5492 [ CC609B669A9FA7176A3CB7222A4047F3 ] MSSQL$SQLEXPR12 c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\sqlservr.exe

17:26:25.0578 5492 MSSQL$SQLEXPR12 - ok

17:26:25.0641 5492 MSSQL$SQLEXPRESS - ok

17:26:25.0688 5492 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

17:26:25.0703 5492 MSSQLServerADHelper100 - ok

17:26:25.0750 5492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:26:25.0750 5492 MSTEE - ok

17:26:25.0781 5492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:26:25.0781 5492 MTConfig - ok

17:26:25.0859 5492 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

17:26:25.0859 5492 MTsensor - ok

17:26:25.0890 5492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:26:25.0890 5492 Mup - ok

17:26:25.0953 5492 mysql - ok

17:26:26.0015 5492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

17:26:26.0015 5492 napagent - ok

17:26:26.0046 5492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:26:26.0046 5492 NativeWifiP - ok

17:26:26.0171 5492 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121205.002\ENG64.SYS

17:26:26.0171 5492 NAVENG - ok

17:26:26.0249 5492 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121205.002\EX64.SYS

17:26:26.0265 5492 NAVEX15 - ok

17:26:26.0312 5492 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:26:26.0327 5492 NDIS - ok

17:26:26.0343 5492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:26:26.0374 5492 NdisCap - ok

17:26:26.0405 5492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:26:26.0405 5492 NdisTapi - ok

17:26:26.0436 5492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:26:26.0452 5492 Ndisuio - ok

17:26:26.0483 5492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:26:26.0483 5492 NdisWan - ok

17:26:26.0514 5492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:26:26.0514 5492 NDProxy - ok

17:26:26.0530 5492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:26:26.0530 5492 NetBIOS - ok

17:26:26.0577 5492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:26:26.0577 5492 NetBT - ok

17:26:26.0592 5492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

17:26:26.0592 5492 Netlogon - ok

17:26:26.0624 5492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:26:26.0624 5492 Netman - ok

17:26:26.0670 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:26:26.0686 5492 NetMsmqActivator - ok

17:26:26.0686 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:26:26.0686 5492 NetPipeActivator - ok

17:26:26.0717 5492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:26:26.0717 5492 netprofm - ok

17:26:26.0717 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:26:26.0717 5492 NetTcpActivator - ok

17:26:26.0733 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:26:26.0733 5492 NetTcpPortSharing - ok

17:26:26.0764 5492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:26:26.0764 5492 nfrd960 - ok

17:26:26.0811 5492 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:26:26.0811 5492 NlaSvc - ok

17:26:26.0873 5492 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys

17:26:26.0873 5492 NPF - ok

17:26:26.0889 5492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:26:26.0889 5492 Npfs - ok

17:26:26.0889 5492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:26:26.0904 5492 nsi - ok

17:26:26.0904 5492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:26:26.0904 5492 nsiproxy - ok

17:26:26.0982 5492 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:26:27.0014 5492 Ntfs - ok

17:26:27.0045 5492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:26:27.0045 5492 Null - ok

17:26:27.0076 5492 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

17:26:27.0076 5492 nusb3hub - ok

17:26:27.0092 5492 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:26:27.0092 5492 nusb3xhc - ok

17:26:27.0154 5492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:26:27.0170 5492 nvraid - ok

17:26:27.0201 5492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:26:27.0216 5492 nvstor - ok

17:26:27.0248 5492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:26:27.0263 5492 nv_agp - ok

17:26:27.0326 5492 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:26:27.0372 5492 odserv - ok

17:26:27.0419 5492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:26:27.0435 5492 ohci1394 - ok

17:26:27.0466 5492 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:26:27.0528 5492 ose - ok

17:26:27.0560 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:26:27.0591 5492 p2pimsvc - ok

17:26:27.0653 5492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:26:27.0653 5492 p2psvc - ok

17:26:27.0700 5492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:26:27.0716 5492 Parport - ok

17:26:27.0731 5492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:26:27.0731 5492 partmgr - ok

17:26:27.0747 5492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:26:27.0747 5492 PcaSvc - ok

17:26:27.0778 5492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

17:26:27.0778 5492 pci - ok

17:26:27.0840 5492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

17:26:27.0840 5492 pciide - ok

17:26:27.0872 5492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:26:27.0903 5492 pcmcia - ok

17:26:27.0918 5492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:26:27.0918 5492 pcw - ok

17:26:27.0950 5492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:26:27.0965 5492 PEAUTH - ok

17:26:28.0028 5492 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:26:28.0074 5492 PeerDistSvc - ok

17:26:28.0215 5492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:26:28.0230 5492 PerfHost - ok

17:26:28.0277 5492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

17:26:28.0308 5492 pla - ok

17:26:28.0355 5492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:26:28.0355 5492 PlugPlay - ok

17:26:28.0402 5492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:26:28.0433 5492 PNRPAutoReg - ok

17:26:28.0449 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:26:28.0449 5492 PNRPsvc - ok

17:26:28.0480 5492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:26:28.0542 5492 PolicyAgent - ok

17:26:28.0558 5492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:26:28.0558 5492 Power - ok

17:26:28.0589 5492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:26:28.0589 5492 PptpMiniport - ok

17:26:28.0605 5492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:26:28.0620 5492 Processor - ok

17:26:28.0652 5492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:26:28.0652 5492 ProfSvc - ok

17:26:28.0667 5492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:26:28.0667 5492 ProtectedStorage - ok

17:26:28.0698 5492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:26:28.0698 5492 Psched - ok

17:26:28.0745 5492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:26:28.0823 5492 ql2300 - ok

17:26:28.0839 5492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:26:28.0870 5492 ql40xx - ok

17:26:28.0901 5492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:26:28.0917 5492 QWAVE - ok

17:26:28.0932 5492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:26:28.0948 5492 QWAVEdrv - ok

17:26:28.0979 5492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:26:28.0995 5492 RasAcd - ok

17:26:29.0026 5492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:26:29.0026 5492 RasAgileVpn - ok

17:26:29.0042 5492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:26:29.0057 5492 RasAuto - ok

17:26:29.0073 5492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:26:29.0088 5492 Rasl2tp - ok

17:26:29.0088 5492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

17:26:29.0088 5492 RasMan - ok

17:26:29.0120 5492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:26:29.0120 5492 RasPppoe - ok

17:26:29.0120 5492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:26:29.0120 5492 RasSstp - ok

17:26:29.0166 5492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:26:29.0166 5492 rdbss - ok

17:26:29.0182 5492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:26:29.0182 5492 rdpbus - ok

17:26:29.0213 5492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:26:29.0213 5492 RDPCDD - ok

17:26:29.0244 5492 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:26:29.0244 5492 RDPDR - ok

17:26:29.0260 5492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:26:29.0260 5492 RDPENCDD - ok

17:26:29.0260 5492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:26:29.0276 5492 RDPREFMP - ok

17:26:29.0322 5492 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

17:26:29.0322 5492 RdpVideoMiniport - ok

17:26:29.0354 5492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:26:29.0354 5492 RDPWD - ok

17:26:29.0385 5492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:26:29.0385 5492 rdyboost - ok

17:26:29.0432 5492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:26:29.0432 5492 RemoteAccess - ok

17:26:29.0463 5492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:26:29.0463 5492 RemoteRegistry - ok

17:26:29.0510 5492 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe

17:26:29.0541 5492 rpcapd - ok

17:26:29.0556 5492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:26:29.0556 5492 RpcEptMapper - ok

17:26:29.0603 5492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:26:29.0603 5492 RpcLocator - ok

17:26:29.0634 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

17:26:29.0650 5492 RpcSs - ok

17:26:29.0712 5492 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys

17:26:29.0744 5492 RsFx0105 - ok

17:26:29.0775 5492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:26:29.0775 5492 rspndr - ok

17:26:29.0822 5492 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

17:26:29.0837 5492 RTL8167 - ok

17:26:29.0853 5492 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

17:26:29.0868 5492 s3cap - ok

17:26:29.0884 5492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

17:26:29.0884 5492 SamSs - ok

17:26:29.0931 5492 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

17:26:29.0931 5492 SASDIFSV - ok

17:26:29.0946 5492 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

17:26:29.0946 5492 SASKUTIL - ok

17:26:29.0978 5492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:26:29.0993 5492 sbp2port - ok

17:26:30.0102 5492 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

17:26:30.0102 5492 SBSDWSCService - ok

17:26:30.0134 5492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:26:30.0165 5492 SCardSvr - ok

17:26:30.0196 5492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:26:30.0212 5492 scfilter - ok

17:26:30.0274 5492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

17:26:30.0290 5492 Schedule - ok

17:26:30.0290 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:26:30.0290 5492 SCPolicySvc - ok

17:26:30.0305 5492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:26:30.0305 5492 SDRSVC - ok

17:26:30.0336 5492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:26:30.0336 5492 secdrv - ok

17:26:30.0352 5492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

17:26:30.0352 5492 seclogon - ok

17:26:30.0383 5492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

17:26:30.0383 5492 SENS - ok

17:26:30.0399 5492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:26:30.0430 5492 SensrSvc - ok

17:26:30.0477 5492 [ 52F0A1375A81A2F193BEE97CA085F7FD ] ser2attr C:\Windows\system32\DRIVERS\ser2attr64.sys

17:26:30.0508 5492 ser2attr - ok

17:26:30.0539 5492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:26:30.0539 5492 Serenum - ok

17:26:30.0586 5492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:26:30.0586 5492 Serial - ok

17:26:30.0617 5492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:26:30.0617 5492 sermouse - ok

17:26:30.0648 5492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:26:30.0648 5492 SessionEnv - ok

17:26:30.0680 5492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:26:30.0680 5492 sffdisk - ok

17:26:30.0695 5492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:26:30.0695 5492 sffp_mmc - ok

17:26:30.0711 5492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:26:30.0711 5492 sffp_sd - ok

17:26:30.0726 5492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:26:30.0726 5492 sfloppy - ok

17:26:30.0773 5492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:26:30.0789 5492 SharedAccess - ok

17:26:30.0804 5492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:26:30.0820 5492 ShellHWDetection - ok

17:26:30.0882 5492 [ F5EDD95D3B912510661CFDF580ECC1D4 ] SiriuswareUpdate C:\Program Files (x86)\Siriusware\SiriuswareUpdate.exe

17:26:30.0882 5492 SiriuswareUpdate - ok

17:26:30.0914 5492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:26:30.0929 5492 SiSRaid2 - ok

17:26:30.0929 5492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:26:30.0945 5492 SiSRaid4 - ok

17:26:30.0976 5492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:26:30.0992 5492 Smb - ok

17:26:31.0116 5492 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

17:26:31.0148 5492 SmcService - ok

17:26:31.0179 5492 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

17:26:31.0179 5492 SNAC - ok

17:26:31.0210 5492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:26:31.0210 5492 SNMPTRAP - ok

17:26:31.0241 5492 [ C8E09D169361D12909574981BED28116 ] SonicWALLCDPAgent C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe

17:26:31.0241 5492 SonicWALLCDPAgent - ok

17:26:31.0288 5492 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys

17:26:31.0288 5492 speedfan - ok

17:26:31.0304 5492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:26:31.0304 5492 spldr - ok

17:26:31.0350 5492 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:26:31.0366 5492 Spooler - ok

17:26:31.0460 5492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

17:26:31.0475 5492 sppsvc - ok

17:26:31.0491 5492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:26:31.0491 5492 sppuinotify - ok

17:26:31.0600 5492 [ EAE151AFDB0B58736C01DAD5AD4A18DF ] SQLAgent$SQLEXPR12 c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPR12\MSSQL\Binn\SQLAGENT.EXE

17:26:31.0709 5492 SQLAgent$SQLEXPR12 - ok

17:26:31.0818 5492 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

17:26:31.0834 5492 SQLAgent$SQLEXPRESS - ok

17:26:31.0881 5492 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

17:26:31.0896 5492 SQLBrowser - ok

17:26:31.0943 5492 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

17:26:31.0943 5492 SQLWriter - ok

17:26:31.0990 5492 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS

17:26:31.0990 5492 SRTSP - ok

17:26:32.0021 5492 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS

17:26:32.0084 5492 SRTSPL - ok

17:26:32.0099 5492 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS

17:26:32.0099 5492 SRTSPX - ok

17:26:32.0130 5492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

17:26:32.0130 5492 srv - ok

17:26:32.0162 5492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:26:32.0162 5492 srv2 - ok

17:26:32.0193 5492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:26:32.0193 5492 srvnet - ok

17:26:32.0224 5492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:26:32.0255 5492 SSDPSRV - ok

17:26:32.0271 5492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:26:32.0271 5492 SstpSvc - ok

17:26:32.0318 5492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:26:32.0333 5492 stexstor - ok

17:26:32.0364 5492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

17:26:32.0380 5492 stisvc - ok

17:26:32.0411 5492 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

17:26:32.0411 5492 storflt - ok

17:26:32.0458 5492 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

17:26:32.0458 5492 storvsc - ok

17:26:32.0489 5492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:26:32.0489 5492 swenum - ok

17:26:32.0536 5492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:26:32.0583 5492 swprv - ok

17:26:32.0645 5492 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

17:26:32.0676 5492 Symantec AntiVirus - ok

17:26:32.0708 5492 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:26:32.0708 5492 SymEvent - ok

17:26:32.0739 5492 Synth3dVsc - ok

17:26:32.0801 5492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

17:26:32.0817 5492 SysMain - ok

17:26:32.0864 5492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:26:32.0895 5492 TabletInputService - ok

17:26:32.0910 5492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:26:32.0910 5492 TapiSrv - ok

17:26:32.0942 5492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:26:32.0957 5492 TBS - ok

17:26:33.0020 5492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:26:33.0066 5492 Tcpip - ok

17:26:33.0129 5492 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:26:33.0144 5492 TCPIP6 - ok

17:26:33.0176 5492 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:26:33.0176 5492 tcpipreg - ok

17:26:33.0191 5492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:26:33.0207 5492 TDPIPE - ok

17:26:33.0238 5492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:26:33.0238 5492 TDTCP - ok

17:26:33.0269 5492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:26:33.0269 5492 tdx - ok

17:26:33.0300 5492 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys

17:26:33.0300 5492 Teefer2 - ok

17:26:33.0332 5492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:26:33.0332 5492 TermDD - ok

17:26:33.0378 5492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

17:26:33.0378 5492 TermService - ok

17:26:33.0410 5492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:26:33.0410 5492 Themes - ok

17:26:33.0441 5492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:26:33.0441 5492 THREADORDER - ok

17:26:33.0456 5492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:26:33.0456 5492 TrkWks - ok

17:26:33.0519 5492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:26:33.0550 5492 TrustedInstaller - ok

17:26:33.0581 5492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:26:33.0581 5492 tssecsrv - ok

17:26:33.0612 5492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:26:33.0628 5492 TsUsbFlt - ok

17:26:33.0644 5492 tsusbhub - ok

17:26:33.0675 5492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:26:33.0675 5492 tunnel - ok

17:26:33.0706 5492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:26:33.0722 5492 uagp35 - ok

17:26:33.0753 5492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:26:33.0768 5492 udfs - ok

17:26:33.0800 5492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:26:33.0815 5492 UI0Detect - ok

17:26:33.0831 5492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:26:33.0846 5492 uliagpkx - ok

17:26:33.0878 5492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:26:33.0878 5492 umbus - ok

17:26:33.0909 5492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:26:33.0909 5492 UmPass - ok

17:26:33.0940 5492 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

17:26:33.0940 5492 UmRdpService - ok

17:26:33.0956 5492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:26:33.0987 5492 upnphost - ok

17:26:34.0018 5492 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:26:34.0049 5492 USBAAPL64 - ok

17:26:34.0080 5492 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

17:26:34.0112 5492 usbaudio - ok

17:26:34.0143 5492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:26:34.0143 5492 usbccgp - ok

17:26:34.0174 5492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:26:34.0205 5492 usbcir - ok

17:26:34.0221 5492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

17:26:34.0221 5492 usbehci - ok

17:26:34.0268 5492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:26:34.0268 5492 usbhub - ok

17:26:34.0299 5492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:26:34.0330 5492 usbohci - ok

17:26:34.0361 5492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:26:34.0361 5492 usbprint - ok

17:26:34.0392 5492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:26:34.0392 5492 USBSTOR - ok

17:26:34.0439 5492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

17:26:34.0455 5492 usbuhci - ok

17:26:34.0455 5492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:26:34.0470 5492 UxSms - ok

17:26:34.0470 5492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

17:26:34.0470 5492 VaultSvc - ok

17:26:34.0517 5492 [ 70BF30C45553F4A6DBB5D86053F8FBF1 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys

17:26:34.0533 5492 VBoxDrv - ok

17:26:34.0564 5492 [ A4739B2242C29D23BB9CD6472320C42B ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

17:26:34.0564 5492 VBoxNetAdp - ok

17:26:34.0595 5492 [ C72D8E0AE95D025BA7ECD82919CB139F ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

17:26:34.0595 5492 VBoxNetFlt - ok

17:26:34.0626 5492 [ F5EB0B5663D56D6F68EF84DD19333F73 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

17:26:34.0626 5492 VBoxUSBMon - ok

17:26:34.0673 5492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:26:34.0673 5492 vdrvroot - ok

17:26:34.0720 5492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

17:26:34.0720 5492 vds - ok

17:26:34.0767 5492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:26:34.0798 5492 vga - ok

17:26:34.0814 5492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:26:34.0814 5492 VgaSave - ok

17:26:34.0829 5492 VGPU - ok

17:26:34.0860 5492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:26:34.0892 5492 vhdmp - ok

17:26:34.0954 5492 [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

17:26:34.0970 5492 VIAHdAudAddService - ok

17:26:35.0001 5492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:26:35.0016 5492 viaide - ok

17:26:35.0048 5492 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

17:26:35.0048 5492 vmbus - ok

17:26:35.0079 5492 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

17:26:35.0110 5492 VMBusHID - ok

17:26:35.0141 5492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:26:35.0141 5492 volmgr - ok

17:26:35.0172 5492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:26:35.0172 5492 volmgrx - ok

17:26:35.0219 5492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:26:35.0219 5492 volsnap - ok

17:26:35.0235 5492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:26:35.0266 5492 vsmraid - ok

17:26:35.0313 5492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

17:26:35.0328 5492 VSS - ok

17:26:35.0360 5492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

17:26:35.0375 5492 vwifibus - ok

17:26:35.0406 5492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:26:35.0406 5492 W32Time - ok

17:26:35.0438 5492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:26:35.0453 5492 WacomPen - ok

17:26:35.0469 5492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:26:35.0469 5492 WANARP - ok

17:26:35.0469 5492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:26:35.0469 5492 Wanarpv6 - ok

17:26:35.0531 5492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:26:35.0594 5492 WatAdminSvc - ok

17:26:35.0656 5492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

17:26:35.0687 5492 wbengine - ok

17:26:35.0718 5492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:26:35.0750 5492 WbioSrvc - ok

17:26:35.0781 5492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:26:35.0781 5492 wcncsvc - ok

17:26:35.0812 5492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:26:35.0828 5492 WcsPlugInService - ok

17:26:35.0828 5492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:26:35.0843 5492 Wd - ok

17:26:35.0874 5492 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:26:35.0906 5492 Wdf01000 - ok

17:26:35.0921 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:26:35.0921 5492 WdiServiceHost - ok

17:26:35.0921 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:26:35.0921 5492 WdiSystemHost - ok

17:26:35.0952 5492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:26:35.0984 5492 WebClient - ok

17:26:35.0999 5492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:26:36.0030 5492 Wecsvc - ok

17:26:36.0046 5492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:26:36.0046 5492 wercplsupport - ok

17:26:36.0077 5492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:26:36.0077 5492 WerSvc - ok

17:26:36.0108 5492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:26:36.0108 5492 WfpLwf - ok

17:26:36.0124 5492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:26:36.0124 5492 WIMMount - ok

17:26:36.0140 5492 WinDefend - ok

17:26:36.0155 5492 WinHttpAutoProxySvc - ok

17:26:36.0218 5492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:26:36.0218 5492 Winmgmt - ok

17:26:36.0280 5492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

17:26:36.0405 5492 WinRM - ok

17:26:36.0467 5492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:26:36.0483 5492 WinUsb - ok

17:26:36.0530 5492 [ 17F6D694264FEE245B3E33AB6B58B2ED ] winvnc C:\Program Files (x86)\UltraVNC\WinVNC.exe

17:26:36.0545 5492 winvnc - ok

17:26:36.0561 5492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:26:36.0576 5492 Wlansvc - ok

17:26:36.0717 5492 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:26:36.0732 5492 wlidsvc - ok

17:26:36.0764 5492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:26:36.0779 5492 WmiAcpi - ok

17:26:36.0810 5492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:26:36.0826 5492 wmiApSrv - ok

17:26:36.0826 5492 WMPNetworkSvc - ok

17:26:36.0873 5492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:26:36.0904 5492 WPCSvc - ok

17:26:36.0920 5492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:26:36.0935 5492 WPDBusEnum - ok

17:26:36.0951 5492 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys

17:26:36.0951 5492 WPS - ok

17:26:36.0982 5492 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys

17:26:36.0982 5492 WpsHelper - ok

17:26:37.0013 5492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:26:37.0013 5492 ws2ifsl - ok

17:26:37.0044 5492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

17:26:37.0044 5492 wscsvc - ok

17:26:37.0076 5492 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

17:26:37.0076 5492 WSDPrintDevice - ok

17:26:37.0107 5492 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys

17:26:37.0107 5492 WSDScan - ok

17:26:37.0107 5492 WSearch - ok

17:26:37.0185 5492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:26:37.0216 5492 wuauserv - ok

17:26:37.0232 5492 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:26:37.0232 5492 WudfPf - ok

17:26:37.0263 5492 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:26:37.0263 5492 WUDFRd - ok

17:26:37.0294 5492 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:26:37.0294 5492 wudfsvc - ok

17:26:37.0310 5492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:26:37.0356 5492 WwanSvc - ok

17:26:37.0372 5492 ================ Scan global ===============================

17:26:37.0388 5492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:26:37.0419 5492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:26:37.0434 5492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:26:37.0481 5492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:26:37.0512 5492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:26:37.0512 5492 [Global] - ok

17:26:37.0512 5492 ================ Scan MBR ==================================

17:26:37.0528 5492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:26:37.0778 5492 \Device\Harddisk0\DR0 - ok

17:26:37.0778 5492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

17:26:37.0778 5492 \Device\Harddisk1\DR1 - ok

17:26:37.0778 5492 ================ Scan VBR ==================================

17:26:37.0793 5492 [ FF6D98692DC02CA576A4DA37FEA6DB9F ] \Device\Harddisk0\DR0\Partition1

17:26:37.0793 5492 \Device\Harddisk0\DR0\Partition1 - ok

17:26:37.0793 5492 [ 4ED087713947015539C985CA214A0FB3 ] \Device\Harddisk0\DR0\Partition2

17:26:37.0793 5492 \Device\Harddisk0\DR0\Partition2 - ok

17:26:37.0809 5492 [ 3CF8558638108993AB664A138D7179E5 ] \Device\Harddisk1\DR1\Partition1

17:26:37.0809 5492 \Device\Harddisk1\DR1\Partition1 - ok

17:26:37.0809 5492 ============================================================

17:26:37.0809 5492 Scan finished

17:26:37.0809 5492 ============================================================

17:26:37.0809 5984 Detected object count: 0

17:26:37.0809 5984 Actual detected object count: 0

17:26:47.0356 0200 Deinitialize success

_______________________________________________________________________________________________

AswMBR:

_______________________________________________________________________________________________

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-05 17:28:42

-----------------------------

17:28:42.402 OS Version: Windows x64 6.1.7601 Service Pack 1

17:28:42.402 Number of processors: 8 586 0x1E05

17:28:42.402 ComputerName: POSADMIN_DESKTO UserName: andys

17:28:44.945 Initialize success

17:35:04.405 AVAST engine defs: 12120501

17:36:09.904 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

17:36:09.920 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8

17:36:09.920 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1

17:36:09.920 Disk 1 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8

17:36:09.935 Disk 0 MBR read successfully

17:36:09.935 Disk 0 MBR scan

17:36:09.951 Disk 0 Windows 7 default MBR code

17:36:09.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

17:36:09.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953765 MB offset 206848

17:36:10.029 Disk 0 scanning C:\Windows\system32\drivers

17:36:22.337 Service scanning

17:36:58.420 Modules scanning

17:36:58.436 Disk 0 trace - called modules:

17:36:58.451 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

17:36:58.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007eb6790]

17:36:58.451 3 CLASSPNP.SYS[fffff88001daf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007c26050]

17:37:00.604 AVAST engine scan C:\Windows

17:37:11.008 AVAST engine scan C:\Windows\system32

17:43:45.313 AVAST engine scan C:\Windows\system32\drivers

17:44:02.286 AVAST engine scan C:\Users\andys

17:45:31.769 AVAST engine scan C:\ProgramData

17:48:00.251 Scan finished successfully

17:48:36.645 Disk 0 MBR has been saved successfully to "C:\Users\andys\Desktop\MBR.dat"

17:48:36.645 The log file has been saved successfully to "C:\Users\andys\Desktop\aswMBR.txt"

Thanks!

Link to post
Share on other sites

  • Staff

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

[*]Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

[*]click "Reset Firefox" in the confirmation window that opens.

[*]Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

Link to post
Share on other sites

I haven't seen any redirected search results since reseting firefox, but Internet explorer is still acting very strange, and I'm not sure if it's related to the problem or if it's just broken. It loads google instantly, but when you search and click on a link, occasionally the page is just blank for a minute or two. The address bar shows the address of the target, but I get a spinning progress circle up on the tab, and when I look in wireshark, I see a bunch of DNS requests for wierd sites - tag.admeld.com, bid.openx.net, view.atdmt.com, tap.rubiconproject.com, b.scorecardresearch.com, socialprofiles.zenfs.com, s7.addthis.com. I know that these could be normal ads, but there aren't any ads on the pages I'm looking for. Should I be concerned about these strange queries?

Link to post
Share on other sites

  • Staff

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

I'll be more careful :) Ran the MS fixit button then reset IE again, then ran OTL:

_____________________________________________________________________________________________________________

OTL.txt:

_____________________________________________________________________________________________________________

OTL logfile created on: 12/10/2012 2:11:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andys\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.22% Memory free

15.98 Gb Paging File | 13.39 Gb Available in Paging File | 83.78% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 857.46 Gb Free Space | 92.06% Space Free | Partition Type: NTFS

Drive P: | 931.51 Gb Total Space | 797.55 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: POSADMIN_DESKTO | User Name: andys | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\andys\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)

PRC - P:\xampp\mysql\bin\mysqld.exe ()

PRC - P:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe (SonicWALL, Inc.)

PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\UltraVNC\winvnc.exe (UltraVNC)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (bbagent) -- C:\Program Files\Barracuda\Barracuda Backup Agent\win\x86_64\bbwinsdr.exe (Barracuda Networks, Inc.)

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)

SRV - (mysql) -- P:\xampp\mysql\bin\mysqld.exe ()

SRV - (Apache2.4) -- P:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

SRV - (FileZillaServer) -- P:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)

SRV - (SiriuswareUpdate) -- C:\Program Files (x86)\Siriusware\SiriuswareUpdate.exe (Siriusware, Inc.)

SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SonicWALLCDPAgent) -- C:\Program Files (x86)\SonicWALL\SonicWALL Continuous Data Protection\CDPAgentService.exe (SonicWALL, Inc.)

SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (winvnc) -- C:\Program Files (x86)\UltraVNC\winvnc.exe (UltraVNC)

========== Driver Services (SafeList) ==========

DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (ser2attr) -- C:\Windows\SysNative\drivers\ser2attr64.sys (Tripp Lite)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)

DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121209.006\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121209.006\eng64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)

DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 C8 28 0C C9 A5 CB 01 [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 C8 28 0C C9 A5 CB 01 [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 E3 FA 5C 08 D7 CD 01 [binary data]

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-57989841-1482476501-725345543-1354\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 15:13:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 15:13:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/07 10:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andys\AppData\Roaming\mozilla\Extensions

[2012/12/04 15:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/04 15:13:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/04 16:26:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()

O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-57989841-1482476501-725345543-1354..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\andys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-57989841-1482476501-725345543-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} http://catermate/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=003qbt24xm5zppzdjihwctzx&ControlID=c89f4bf62c6b49b29de559a8ed36cbb0&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Citrix ICA Client)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://video.byremote.net/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://24.229.44.162:8081/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kace.webex.com/client/T27LB/nbr/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} http://bbremote.dynalias.com:4000/user/TSBnwCam.CAB (TSBnwCam Control)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.8 192.168.42.45

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skibearcreek.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDCB956-BF4D-452C-875D-30829D9702B4}: DhcpNameServer = 192.168.42.8 192.168.42.45

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/02/14 13:28:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 14:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andys\Desktop\OTL.exe

[2012/12/06 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\Old Firefox Data

[2012/12/05 17:27:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\andys\Desktop\aswMBR.exe

[2012/12/05 17:25:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\andys\Desktop\tdsskiller.exe

[2012/12/04 16:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/04 16:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/04 16:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/04 16:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/04 16:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/04 16:09:27 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\VirtualStore

[2012/12/04 16:05:48 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\andys\Desktop\ComboFix.exe

[2012/12/04 15:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/12/04 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\RK_Quarantine

[2012/12/03 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/12/03 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/12/03 14:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/11/30 15:33:39 | 000,000,000 | ---D | C] -- C:\found.000

[2012/11/30 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\SUPERAntiSpyware.com

[2012/11/30 13:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/11/30 13:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/11/30 13:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/11/30 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\andys\Documents\mbar-1.01.0.1009

[2012/11/30 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\andys\Desktop\GooredFix Backups

[2012/11/29 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Apple Computer

[2012/11/29 15:03:53 | 000,000,000 | ---D | C] -- C:\FRST

[2012/11/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Malwarebytes

[2012/11/29 10:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/29 10:01:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/29 10:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/27 10:38:42 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Temporary Projects

[2012/11/20 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\roomMaster for Windows

[2012/11/16 16:35:41 | 000,048,512 | ---- | C] (Datacard Corp.) -- C:\Windows\SysNative\crdnmon.dll

[2012/11/16 16:33:59 | 000,000,000 | ---D | C] -- C:\CardPrinter

[2012/11/16 16:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacard Card Printers

[2012/11/16 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datacard Card Printers

[2012/11/16 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Hex-Rays

[2012/11/16 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Pro Free

[2012/11/16 16:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDA Free

[2012/11/15 03:09:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/15 03:09:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/15 03:03:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/15 03:03:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/15 03:03:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/15 03:03:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/15 03:03:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/15 03:03:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/15 03:03:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/15 03:03:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/15 03:03:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/15 03:03:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/15 03:03:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/15 03:03:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/15 03:03:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/15 03:03:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/15 03:03:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/15 03:01:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/15 03:01:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/15 03:01:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/15 03:01:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/14 09:05:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/14 09:05:14 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/14 09:05:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/14 09:05:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/14 09:05:01 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/14 09:05:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/14 09:05:01 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/14 09:05:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/14 09:05:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/14 09:04:34 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/14 09:04:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/13 14:56:48 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Adobe

[2012/11/13 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Roaming\Ditto

[2012/11/13 11:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto

[2012/11/13 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto

[2012/11/13 11:29:46 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\Macromedia

[2012/11/12 10:12:12 | 000,000,000 | ---D | C] -- C:\Users\andys\AppData\Local\ElevatedDiagnostics

[2012/11/12 09:16:36 | 000,000,000 | ---D | C] -- C:\Users\andys\reptool

[2012/11/12 09:16:24 | 000,000,000 | ---D | C] -- C:\Users\andys\eqlgroupmgr

========== Files - Modified Within 30 Days ==========

[2012/12/10 14:10:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andys\Desktop\OTL.exe

[2012/12/10 14:01:32 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/10 14:01:32 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/10 13:54:34 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/10 13:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/10 13:53:06 | 2140,422,143 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/07 12:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304UA.job

[2012/12/07 12:41:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/06 17:07:02 | 000,143,996 | ---- | M] () -- C:\Users\andys\Desktop\Packet Dump - google redirect.pcapng

[2012/12/06 13:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job

[2012/12/06 09:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-725345543-2304Core.job

[2012/12/06 02:00:40 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job

[2012/12/05 17:48:36 | 000,000,512 | ---- | M] () -- C:\Users\andys\Desktop\MBR.dat

[2012/12/05 17:28:24 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\andys\Desktop\aswMBR.exe

[2012/12/05 17:25:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\andys\Desktop\tdsskiller.exe

[2012/12/04 16:26:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/12/04 16:05:56 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\andys\Desktop\ComboFix.exe

[2012/12/03 14:21:59 | 000,001,278 | ---- | M] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/12/03 14:21:59 | 000,001,254 | ---- | M] () -- C:\Users\andys\Desktop\Spybot - Search & Destroy.lnk

[2012/11/30 13:46:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/11/29 10:01:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/29 10:00:28 | 001,090,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/29 10:00:28 | 000,880,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/29 10:00:28 | 000,204,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/28 09:48:14 | 000,000,838 | ---- | M] () -- C:\Users\andys\Desktop\Sales32c.ini - Shortcut.lnk

[2012/11/27 11:52:59 | 000,002,028 | -H-- | M] () -- C:\Users\andys\Documents\Default.rdp

[2012/11/26 13:53:10 | 000,000,218 | ---- | M] () -- C:\Users\andys\AppData\Local\recently-used.xbel

[2012/11/26 10:42:09 | 001,972,000 | ---- | M] () -- C:\Users\andys\Desktop\Maps and Views - 2012-11-26.avc

[2012/11/20 16:42:31 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\roomMaster for Windows (Quick Start).lnk

[2012/11/20 16:42:31 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\roomMaster Help.lnk

[2012/11/20 09:14:17 | 000,749,275 | ---- | M] () -- C:\Users\andys\Desktop\Sasquatch.zip

[2012/11/16 16:11:07 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Diagnostics for Card Printers.lnk

[2012/11/16 16:04:48 | 000,000,915 | ---- | M] () -- C:\Users\andys\Desktop\IDA Pro Free.lnk

[2012/11/15 09:01:26 | 000,001,129 | ---- | M] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/11/15 03:32:58 | 005,452,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/12/06 17:07:02 | 000,143,996 | ---- | C] () -- C:\Users\andys\Desktop\Packet Dump - google redirect.pcapng

[2012/12/05 17:48:36 | 000,000,512 | ---- | C] () -- C:\Users\andys\Desktop\MBR.dat

[2012/12/04 16:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/04 16:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/04 16:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/04 16:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/04 16:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/03 14:21:59 | 000,001,278 | ---- | C] () -- C:\Users\andys\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/12/03 14:21:59 | 000,001,254 | ---- | C] () -- C:\Users\andys\Desktop\Spybot - Search & Destroy.lnk

[2012/11/30 13:47:00 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f4968e7-1e9a-4b8c-aa51-916e82b7b2d1.job

[2012/11/30 13:47:00 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ad9d2b7-7e8e-4ed9-af77-835f1f9f565d.job

[2012/11/30 13:46:56 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/11/29 10:01:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/28 09:48:14 | 000,000,838 | ---- | C] () -- C:\Users\andys\Desktop\Sales32c.ini - Shortcut.lnk

[2012/11/26 13:53:10 | 000,000,218 | ---- | C] () -- C:\Users\andys\AppData\Local\recently-used.xbel

[2012/11/26 10:45:50 | 001,972,000 | ---- | C] () -- C:\Users\andys\Desktop\Maps and Views - 2012-11-26.avc

[2012/11/20 16:42:31 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\roomMaster Help.lnk

[2012/11/20 09:14:17 | 000,749,275 | ---- | C] () -- C:\Users\andys\Desktop\Sasquatch.zip

[2012/11/16 16:11:07 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Diagnostics for Card Printers.lnk

[2012/11/16 16:04:48 | 000,000,915 | ---- | C] () -- C:\Users\andys\Desktop\IDA Pro Free.lnk

[2012/11/15 03:09:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/15 03:01:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/09/06 09:38:48 | 000,000,017 | ---- | C] () -- C:\Users\andys\AppData\Local\resmon.resmoncfg

[2012/09/06 09:10:22 | 000,001,034 | RHS- | C] () -- C:\Users\andys\ntuser.pol

[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/02/01 14:27:51 | 000,006,977 | ---- | C] () -- C:\Windows\SigPlus.ini

[2009/12/31 17:29:20 | 000,006,075 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

________________________________________________________________________________________________________

Extras.txt:

________________________________________________________________________________________________________

OTL Extras logfile created on: 12/10/2012 2:11:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andys\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.22% Memory free

15.98 Gb Paging File | 13.39 Gb Available in Paging File | 83.78% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 857.46 Gb Free Space | 92.06% Space Free | Partition Type: NTFS

Drive P: | 931.51 Gb Total Space | 797.55 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: POSADMIN_DESKTO | User Name: andys | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0114D64E-3CC9-4434-965D-31A5A215E450}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{04B97CBE-D4EB-4554-8F2B-583426BC0C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{37A040DF-5286-4BC7-BFA3-C05E981FB589}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{4114FCC9-6D44-4B94-A9DA-35B6804D7686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{58A28603-8E39-44BE-983F-11EA8CB9A7D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8D0AC6E7-1391-4485-AF6B-5087C93EE539}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B41B5F8D-987F-4F67-AAEA-CE9A3BC2D914}" = lport=5120 | protocol=6 | dir=in | app=c:\program files\barracuda\barracuda backup agent\win\x86_64\bbwinsdr.exe |

"{B6ECAF0F-7DFD-45F7-B08B-E07ABB95DC58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{BC8BB870-6E97-4A9B-B622-0B280E8B024C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DC053FA3-92D7-4902-9F6A-4695A9A71BED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E1D8B25F-4081-4503-A778-FBD2C4714013}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E262D4D7-6A3D-4370-9335-81DA1677DD6A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05AFE76A-FBF3-417D-86C9-31F86FEA55C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe |

"{0920B9E3-E585-4372-9111-858F22250756}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |

"{0D51FCE6-8818-463F-AFDB-3E41704BB2CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{10A52524-A21D-405B-850E-F08D90F37A43}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |

"{15FECCBC-FF36-47B7-B351-D8E579DB582B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{1ABD5DBC-9122-48FC-8208-B03BDD1EB58B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{1BF18825-C2A2-4C71-8356-084EC851939E}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |

"{23E4A286-0F4B-48F1-84E2-D6EE76157406}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |

"{2C5712FC-7974-4AC1-A053-F4EEB4BE12BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe |

"{34EBF201-D456-49C0-BB9E-B151F264D235}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe |

"{35733B4C-BD7A-436D-B0E8-59D1549D43BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{358DFF7D-DBBE-46D7-831B-2303B219FFE8}" = protocol=6 | dir=in | app=c:\users\marks\appdata\roaming\dropbox\bin\dropbox.exe |

"{3A7816CD-2B2D-4EEF-9789-DE8E115B892F}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe |

"{3CD59204-E72C-4D13-95E7-D598B60631C1}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe |

"{3EDF64E7-EC94-4AA5-97F5-D6A8BF5CBB99}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |

"{41E9DBE5-85AD-42C2-AAEA-40CDC9A1DEBA}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe |

"{472DCC64-C078-4D99-842E-4DE230E1D9D4}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe |

"{5B3A57D5-2519-478E-BF0D-9462812E249D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |

"{62D9CC6D-C582-48A2-BEF1-80D1985D5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6765826D-362B-4F6D-800B-DEA24F2FA176}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{7941685E-624D-432E-A04B-A84C7E2A561E}" = protocol=6 | dir=out | app=c:\program files\barracuda\barracuda backup agent\win\x86_64\bbwinsdr.exe |

"{85BA07B2-ED91-40EB-A300-62B0233EF8B9}" = protocol=6 | dir=in | app=c:\program files\avigilon\avigilon control center client\dvrclientclrapp_u.exe |

"{908D140A-3541-469C-B0A2-0E0AF797733F}" = protocol=6 | dir=in | app=c:\users\andys\appdata\roaming\dropbox\bin\dropbox.exe |

"{9097F854-5485-4AC6-83B1-1E08C1CC63CF}" = protocol=17 | dir=in | app=c:\program files\avigilon\avigilon control center client\dvrclientclrapp_u.exe |

"{9967EC69-923B-40D9-A58A-F5B9FC39F81E}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpautoupdate.exe |

"{9E2B1A9E-A625-44E1-969D-B1B08F09DB99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{9F8DCA9E-08B4-4D6F-855A-210AED5EBD91}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{A3F02C77-7366-4311-A245-699FBE56824E}" = protocol=17 | dir=in | app=c:\users\marks\appdata\roaming\dropbox\bin\dropbox.exe |

"{A7382291-490F-47DB-B393-22FAE211AC92}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe |

"{A74C4E2A-18C6-4C09-BA60-6F6C2833D8A5}" = protocol=17 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe |

"{ABADC930-7D6A-45A9-8ABF-8D1FB0FD4186}" = protocol=17 | dir=in | app=c:\users\andys\appdata\roaming\dropbox\bin\dropbox.exe |

"{AED7B905-1C1E-4F62-B8A5-C79759893203}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BB45356B-2C55-4D6B-8E76-0E513E2FD6DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |

"{BD5E329F-A311-4F85-8F73-220FC8F11F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |

"{E893E10D-4D1D-4450-ABEC-E730F6C22EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\lasso.client.exe |

"{EF68E299-C45C-46A4-A64F-FD6D54507495}" = protocol=6 | dir=in | app=c:\program files (x86)\sonicwall\sonicwall continuous data protection\cdpagentservice.exe |

"{F429F7BC-FBC4-4BD3-A7B4-2C07E29D56D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F82E6B6C-6812-4B13-8BAA-2C3998A430BD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |

"{FFAE1B47-F3F2-404E-814B-B15B0541B894}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |

"TCP Query User{2036C728-15D1-4AAD-9CA0-004C50C14813}C:\program files\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files\ditto\ditto.exe |

"TCP Query User{577FC247-526D-410C-98FA-6D209E26DC8C}C:\users\marks\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marks\appdata\local\akamai\netsession_win.exe |

"TCP Query User{939A1231-22BB-41BE-83C8-E8E95D881E32}C:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe" = protocol=6 | dir=in | app=c:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe |

"TCP Query User{C9553F64-3537-4D7A-9F8F-E83FB2183BC1}P:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=p:\xampp\apache\bin\httpd.exe |

"UDP Query User{0156F520-74B1-4EBF-B451-002FCF8F7E2F}C:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe" = protocol=17 | dir=in | app=c:\users\mark schroetel\appdata\local\temp\{eb6b8130-8b18-11d4-9f50-00010243dbda}\bisrvloc.exe |

"UDP Query User{0427192D-198E-47B8-9756-3E276FBBCFEE}C:\users\marks\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marks\appdata\local\akamai\netsession_win.exe |

"UDP Query User{12833BAE-5956-430E-97E6-B9531309AF4A}P:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=p:\xampp\apache\bin\httpd.exe |

"UDP Query User{AF07828C-B0A9-443D-A92E-83806EE526B2}C:\program files\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files\ditto\ditto.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio

"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java 6 Update 30 (64-bit)

"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client

"{7C903D14-7EF4-4B71-BF78-2BCAFC499EB1}" = SQLXML4

"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{7E84C38A-25FF-42C8-AD63-09A9CB3F9D17}" = Avigilon Control Center Client

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8ECC12DC-7819-402A-B54E-A991558C81B1}" = Oracle VM VirtualBox 4.2.0

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Barracuda Backup Agent" = Barracuda Backup Agent

"Ditto_is1" = Ditto

"Kyocera Product Library" = Kyocera Product Library

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"MosChip Semiconductor Technology Ltd" = PCIe to Peripheral Adaptor

"SiriuswareNovaPDF_is1" = SiriuswareNovaPDF (novaPDF 7.4 printer)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{004C3C75-9F69-4A85-98EE-BCBF8FD18EF7}" = NDMS

"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver

"{124D51A1-F3C2-45AE-B812-D3CA71247093}" = SQL Server 2012 Common Files

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FB36F6C-7CF6-4C83-BAB2-40CF52C58A41}" = Siriusware Sales

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{2EF79043-1AFC-49DD-B94B-2C067525E217}" = Update Siriusware 41

"{30CA21F2-901A-44DB-A43F-FC31CD0F2493}" = Sql Server Customer Experience Improvement Program

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54F84805-0116-467F-8713-899DFC472235}" = SQL Server 2012 Database Engine Shared

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{6E20CA13-B6C8-4169-B382-3D5677C2940F}" = Diagnostics for Card Printers

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}" = SQL Server 2012 Common Files

"{7E664C9F-0341-11F9-39F7-E2493FACF037}" = Adobe® Content Viewer

"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects

"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU

"{87D50333-E534-493A-8E98-0A49BC28F64B}" = SQL Server 2012 Database Engine Services

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_VISSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_VISSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_VISSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007

"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_VISSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92AD6BAB-3C60-4C21-8DC2-C84AD816515A}" = Datacard e-Guide - SP Series

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime

"{9D3AADF9-5EFB-4EB5-8569-4247827DA7E5}" = Delphi Diagrams

"{A3A77807-E352-4786-BA53-7EF8DAFF69D5}" = Avigilon Control Center Player

"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AD15759F-488D-442C-A8B4-C4FEEACFA939}" = SQL Server 2012 Management Studio

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{C22613C2-C7A4-4761-A906-116ECD4E7477}" = SQL Server 2012 Database Engine Services

"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU

"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types

"{CB1177DD-0316-4C93-A5AE-BBF1E2B7F07E}" = SQL Server 2012 Management Studio

"{CEA86648-87FA-4775-8F3B-A57F720BAE85}" = Microsoft SQL Server 2012 Setup (English)

"{CF60BEA8-D816-4F0D-9A34-91782537D85B}" = Siriusware ReportManager

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0F44C37-A22B-4733-BBA7-86C9F4988725}" = SQL Server 2012 Database Engine Shared

"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D53FF78E-F3AC-4C63-AFE6-96FE727B65CD}" = Siriusware CommonFiles4058

"{D5DCEC84-E9FC-44DA-AA6E-916E8621B870}" = Siriusware SysManager

"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DFB059F4-DBB2-497F-999E-AD86FA90E6DD}" = Microsoft SQL Server 2012 RsFx Driver

"{E0D23AD6-D198-40DD-8F03-942DE048895A}" = Delphi Workstation

"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012

"{E35560A2-24EC-44F5-88D2-BEAB50C9C6CE}" = Diagrams AP Installer

"{E61925A2-F785-413E-B245-B8EB12AE24E0}" = SonicWALL Continuous Data Protection

"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007

"{EB6B8130-8B18-11D4-9F50-00010243DBDA}" = Hummingbird BI Query

"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F51445E9-DB1D-4F84-ABCA-E7B85C92A31B}" = Newmarket DelphiSync

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"2849-8758-5167-8645" = OneSwarm 0.7.5

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Autodesk Design Review 2011" = Autodesk Design Review 2011

"Avigilon Control Center Client" = Avigilon Control Center Client

"Avigilon Control Center Player" = Avigilon Control Center Player

"AXIS Media Control Embedded" = AXIS Media Control Embedded

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32

"com.adobe.dmp.contentviewer" = Adobe® Content Viewer

"DiskAid_is1" = DiskAid 5.09

"Foxit Reader_is1" = Foxit Reader

"IDA Pro Free_is1" = IDA Pro Free v5.0

"ImgBurn" = ImgBurn

"InstallShield_{004C3C75-9F69-4A85-98EE-BCBF8FD18EF7}" = NDMS

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallShield_{E0D23AD6-D198-40DD-8F03-942DE048895A}" = Newmarket Delphi Workstation

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft SQL Server 11" = Microsoft SQL Server 2012

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012

"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PROR" = Microsoft Office Professional 2007

"SpeedFan" = SpeedFan (remove only)

"Ultravnc2_is1" = UltraVnc

"VISSTD" = Microsoft Office Visio Standard 2007

"WinPcapInst" = WinPcap 4.1.2

"Wireshark" = Wireshark 1.8.2 (64-bit)

"xampp" = XAMPP 1.8.0

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/18/2011 9:51:55 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/19/2011 4:23:36 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/20/2011 11:22:07 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/21/2011 6:16:37 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/21/2011 12:35:40 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Application Error | ID = 1000

Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time

stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time

stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x006298db Faulting process

id: 0x102c Faulting application start time: 0x01cc8cf5c5eb1d90 Faulting application

path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE

Report

Id: b5da6fa6-fc02-11e0-b225-e0cb4e1200ef

Error - 10/22/2011 1:29:05 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/22/2011 8:07:29 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/23/2011 3:27:42 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 10/26/2011 4:36:06 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Application Error | ID = 1000

Description = Faulting application name: WSCommCntr2.exe, version: 3.0.269.0, time

stamp: 0x4c0c8ae0 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time

stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting

process id: 0x16dc Faulting application start time: 0x01cc941ee1224412 Faulting application

path: C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\WSCommCntr2.exe

Faulting

module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 20d35952-0012-11e1-b225-e0cb4e1200ef

Error - 10/30/2011 6:08:00 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Customer Experience Improvement Program | ID = 1008

Description =

[ OSession Events ]

Error - 4/12/2011 3:53:33 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22843

seconds with 2640 seconds of active time. This session ended with a crash.

Error - 6/16/2011 9:02:06 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 82934

seconds with 6720 seconds of active time. This session ended with a crash.

Error - 6/20/2011 8:14:32 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 570

seconds with 360 seconds of active time. This session ended with a crash.

Error - 6/22/2011 5:47:26 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 205662

seconds with 8460 seconds of active time. This session ended with a crash.

Error - 7/21/2011 12:43:40 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4712

seconds with 300 seconds of active time. This session ended with a crash.

Error - 10/21/2011 12:35:39 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 340889

seconds with 1380 seconds of active time. This session ended with a crash.

Error - 11/11/2011 9:44:26 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97

seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2011 3:57:32 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2448

seconds with 780 seconds of active time. This session ended with a crash.

Error - 4/5/2012 9:49:39 AM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 83340

seconds with 4380 seconds of active time. This session ended with a crash.

Error - 7/14/2012 4:46:42 PM | Computer Name = GM_Desktop.skibearcreek.com | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176791

seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 12/6/2012 10:38:00 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016

Description =

Error - 12/6/2012 10:41:28 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010

Description =

Error - 12/6/2012 6:07:24 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010

Description =

Error - 12/7/2012 11:02:03 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016

Description =

Error - 12/7/2012 11:35:07 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = NETLOGON | ID = 5783

Description = The session setup to the Windows NT or Windows 2000 Domain Controller

\\PDC.skibearcreek.com for the domain SKIBEARCREEK is not responsive. The current

RPC call from Netlogon on \\POSADMIN_DESKTO to \\PDC.skibearcreek.com has been

cancelled.

Error - 12/7/2012 1:06:30 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010

Description =

Error - 12/10/2012 11:25:25 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016

Description =

Error - 12/10/2012 11:38:41 AM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010

Description =

Error - 12/10/2012 2:54:56 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10016

Description =

Error - 12/10/2012 2:59:10 PM | Computer Name = Posadmin_Desktop.skibearcreek.com | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

OTL didn't ask for a reboot. I haven't seen any symptoms of google redirects, firefox seems normal, but IE is still behaving strange - blank window for 2-3 minutes when you try to load a page, and wierd DNS requests - view.atmdt.com.nsatc.com, c.msn.com.nsatc.com, for instance.

OTL Log:

Error: Unable to interpret <:OTLFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.O4 - HKU\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\marks\AppData\Roaming\Micro> in the current context!

Error: Unable to interpret <soft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12102012_153952

Link to post
Share on other sites

Looks better this time:

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.

Registry value HKEY_USERS\S-1-5-80-1695898196-1825476648-513549388-626041723-1784616795\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Starting removal of ActiveX control Garmin Communicator Plug-In

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.

File Protocol\Handler\mso-offdap11 - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\andys\Desktop\cmd.bat deleted successfully.

C:\Users\andys\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: administrator

User: All Users

User: andys

->Java cache emptied: 13151615 bytes

User: Default

User: Default User

User: marks

->Java cache emptied: 0 bytes

User: MSSQL$SQLEXPR12

User: Public

User: TEMP

User: TEMP.SKIBEARCREEK

Total Java Files Cleaned = 13.00 mb

[EMPTYFLASH]

User: administrator

->Flash cache emptied: 0 bytes

User: All Users

User: andys

->Flash cache emptied: 719 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: marks

->Flash cache emptied: 0 bytes

User: MSSQL$SQLEXPR12

->Flash cache emptied: 0 bytes

User: Public

User: TEMP

->Flash cache emptied: 0 bytes

User: TEMP.SKIBEARCREEK

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12112012_104715

Link to post
Share on other sites

Firefox still seems to be ok. After running the OTL fix, IE seemed to be working much better, loaded google instantly, but then crashed on the very first test page I visited - an article on wired.com. Now it's behaving strange again - long page loads on everything other than google.

Link to post
Share on other sites

  • Staff

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

[*]Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

[*]click "Reset Firefox" in the confirmation window that opens.

[*]Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.