Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AXWIN FRAME virus - cannot remove


  • This topic is locked This topic is locked
23 replies to this topic

#1 Nick Lanese

Nick Lanese

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 14 August 2012 - 12:31 PM

I would like to thank you in advance for your time and expertise in this matter.
I have a user running a Windows XP 64-bit computer (Dell Precision T5500, Intel Xeon X5550 CPU <2.67GHz>, 30 GB RAM) who was infected with at least one virus.
Malwarebytes Antimalware detected Backdoor.Agent.RC2Gen, PUM.Hijack.Startmenu, and Ultra Defragger Fraud
Symantec Endpoint detected Maljava!gen23

I believe I cleaned up the Backdoor, Startmenu, and Defragger malware, but perhaps not entirely. I tried removing all the viruses with the standard Endpoint and Malwarebytes procedures (normal mode and safe mode). One thing of note was that both NORTON POWER ERASER and SYMANTEC POWER ERASER could not complete because the internet connection would be interrupted during the processing. We tried running each of those tools several times and always ended up with an error stating that the internet connection was terminated and the process could not finish. I evntually removed the infected files (from safe mode), unhid the folders and files that were all changed to HIDDEN, and restored the ALL-USERS startmenu icons from a temp location in the user's profile. Everything SEEMED okay for the most part. Except for what follows.

The Maljava virus keeps popping up in Symantec throughout the day, and the Internet browsers (IE, Firefox or Chrome) sometimes get redirected to unrelated sites. Additionally, the user of the computer reported that upon accessing a result from an Internet search she was redirected to a totally unrelated site. IE locked up and she could not close it. Upon ending the task her computer locked up and she was forced to shutdown. Upon shutting down she todl me that, "A task was still running... AXWIN FRAME" She had poked around and saw it could be a virus that causes the symptoms she is experiencing with her Internet browsers (redirection, hung application, etc). I re-ran Symantec and Malwarebytes several times with nothing being found. I searched the Interner and found a possible solution in Emsisoft. I have tried running Emsisoft Anti-Malware and that came up empty as well.

To further complicate matters, I need to try to resolve the issue without reformatting the computer.

Could you please try to help me clean up this computer? I am at wit's end.
I am attaching the mbam-log from the initial Malwarebytes scan. Attached File  mbam-log-2012-08-06 (14-06-00).txt   5.1KB   1 downloads

Nick



BC AdBot (Login to Remove)

 


#2 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 14 August 2012 - 03:28 PM

Here is the task that is found running when IE hangs up:
ACWIN FRAME virus - cannot remove - Windows Internet Explorer

Edited by Nick Lanese, 14 August 2012 - 03:50 PM.


#3 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 14 August 2012 - 03:36 PM

When in SAFE MODE (and not running a RootKit option which forces a reboot), Symantec Power Eraser ends with this message:

"Lost required network connection during the scan. Canceling will disable the Scan button."
The options are RETRY and CANCEL.

Doing a RETRY initiates the Power Eraser again, but the result is the same (which occurs just after it finishes submitting data).


When in REAL MODE (with RootKit option on), Symantec Power Eraser blue screens after the reboot with Stop Error 0x00000109, kdcom.dll

Edited by Nick Lanese, 14 August 2012 - 03:50 PM.


#4 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 14 August 2012 - 03:47 PM

Norton Power Eraser, when run in REAL MODE, ends in an error (Error Code: 0x80045008) "Norton Power Eraser requires a stable Internet connection to run a scan. It is currently encountering intermittent network issues that are preventing the scan from completing. Please try again later." All I can do is close.

When running it in SAFE MODE, it finds registry errors, but suggests creating System Restore Points (which cannot be done in Safe Mode). I did not go forward. Not sure if I should proceed from that point or not.

NOTE: I disabled running the ROOT KIT in both modes (so that it would not reboot in Safe Mode).

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:20 AM

Posted 15 August 2012 - 09:52 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 16 August 2012 - 08:44 AM

I know you asked me to skip steps and continue, but I wanted to let you know that I am running XP 64-bit, and DDS.COM is not compatible with that OS.
I did run DEFOGGER and it appears I have no CD emulation running (which is what I thought). The log file is attached.
Attached File  defogger_disable.log   478bytes   0 downloads
I will continue with step 8, but wanted to stress that DDS.COM did not run for me.

Nick

#7 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 16 August 2012 - 08:47 AM

OK. I see that step 8 says to skip creating a GMER log if I am running 64-bit OS, which I am.
Step 9 is to post, which I have obviously done here (and it is the proper forum).
The only issue is that I have no logs because step 7 (DDS) failed.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 19 August 2012 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If not already done please run the Malwarebytes tool and make sure you remove all items that are indicated as malware.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

After running the programs run DDS again and post the log if you can.

Please post the logs for my review.

#9 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 20 August 2012 - 11:36 AM

Thank you, Nasdaq.

1) I have indeed already run Malwarebytes and cleaned up what I could (several times before posting)

2) I have run TDSSkiller and am including the logs here for you.
a) This first one is my first run (after I updated the file)

11:52:02.0742 2084 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
11:52:03.0242 2084 ============================================================
11:52:03.0242 2084 Current date / time: 2012/08/20 11:52:03.0242
11:52:03.0242 2084 SystemInfo:
11:52:03.0242 2084
11:52:03.0242 2084 OS Version: 5.2.3790 ServicePack: 2.0
11:52:03.0242 2084 Product type: Workstation
11:52:03.0242 2084 ComputerName: PC-041
11:52:03.0242 2084 UserName: JLaFleur
11:52:03.0242 2084 Windows directory: C:\WINDOWS
11:52:03.0242 2084 System windows directory: C:\WINDOWS
11:52:03.0242 2084 Running under WOW64
11:52:03.0242 2084 Processor architecture: Intel x64
11:52:03.0242 2084 Number of processors: 4
11:52:03.0242 2084 Page size: 0x1000
11:52:03.0242 2084 Boot type: Normal boot
11:52:03.0242 2084 ============================================================
11:52:03.0570 2084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
11:52:03.0585 2084 ============================================================
11:52:03.0585 2084 \Device\Harddisk0\DR0:
11:52:03.0585 2084 MBR partitions:
11:52:03.0585 2084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x746DE637
11:52:03.0585 2084 ============================================================
11:52:03.0601 2084 C: <-> \Device\Harddisk0\DR0\Partition1
11:52:03.0601 2084 ============================================================
11:52:11.0976 0908 Deinitialize success

B) This next one is after the initial reboot (this is where it detected a rootkit in the MBR):

11:56:25.0897 1368 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
11:56:26.0433 1368 ============================================================
11:56:26.0433 1368 Current date / time: 2012/08/20 11:56:26.0433
11:56:26.0433 1368 SystemInfo:
11:56:26.0433 1368
11:56:26.0433 1368 OS Version: 5.2.3790 ServicePack: 2.0
11:56:26.0433 1368 Product type: Workstation
11:56:26.0433 1368 ComputerName: PC-041
11:56:26.0433 1368 UserName: JLaFleur
11:56:26.0433 1368 Windows directory: C:\WINDOWS
11:56:26.0433 1368 System windows directory: C:\WINDOWS
11:56:26.0433 1368 Running under WOW64
11:56:26.0433 1368 Processor architecture: Intel x64
11:56:26.0433 1368 Number of processors: 4
11:56:26.0433 1368 Page size: 0x1000
11:56:26.0433 1368 Boot type: Normal boot
11:56:26.0433 1368 ============================================================
11:56:30.0443 1368 BG loaded
11:56:31.0423 1368 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0
11:56:31.0441 1368 ============================================================
11:56:31.0441 1368 \Device\Harddisk0\DR0:
11:56:31.0460 1368 MBR partitions:
11:56:31.0460 1368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x746DE637
11:56:31.0460 1368 ============================================================
11:56:31.0552 1368 C: <-> \Device\Harddisk0\DR0\Partition1
11:56:31.0552 1368 ============================================================
11:56:31.0552 1368 Initialize success
11:56:31.0552 1368 ============================================================
11:57:42.0986 4680 ============================================================
11:57:42.0986 4680 Scan started
11:57:42.0986 4680 Mode: Manual;
11:57:42.0986 4680 ============================================================
11:57:44.0798 4680 ================ Scan system memory ========================
11:57:44.0798 4680 System memory - ok
11:57:44.0798 4680 ================ Scan services =============================
11:57:45.0075 4680 [ 922AB7CC2C12C38DC2C4074AF893D5FB ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
11:57:45.0093 4680 a2acc - ok
11:57:46.0683 4680 [ D7080C7CA741961C60A3AAC1A1B69A84 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
11:57:46.0701 4680 a2AntiMalware - ok
11:57:49.0344 4680 Abiosdsk - ok
11:57:49.0400 4680 [ 0CC42D1FB637112DE6F6196DDAF83DEC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:57:49.0400 4680 ACPI - ok
11:57:49.0492 4680 [ A4D4F508BC6613442B0C32CDE443E382 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:57:49.0622 4680 ACPIEC - ok
11:57:49.0788 4680 [ 8BCD86F26B9EBD61C03B4447494E11E9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:57:49.0862 4680 ADIHdAudAddService - ok
11:57:50.0730 4680 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:57:51.0248 4680 AdobeFlashPlayerUpdateSvc - ok
11:57:51.0451 4680 [ 9573848DB551092F1B2C35BFDCC89B74 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:57:51.0858 4680 adpu160m - ok
11:57:51.0876 4680 [ 11FC948F6807A5CF36AF1D3CE05A5867 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
11:57:52.0301 4680 adpu320 - ok
11:57:52.0449 4680 [ 92500BC3A6E241BBC357F532DD500A75 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:57:52.0449 4680 aec - ok
11:57:52.0560 4680 [ AC7010DDE9111A1C65D7391ADA5C7257 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
11:57:52.0560 4680 AeLookupSvc - ok
11:57:52.0764 4680 [ 886C37D055020D0D02C35AC5B84E76AB ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:57:52.0764 4680 AFD - ok
11:57:52.0837 4680 [ 3373905E7DED6168676707F318C612FA ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:57:52.0967 4680 agp440 - ok
11:57:52.0967 4680 [ BE8CF97DCA9B4906E3F325B6F0A0C7E1 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:57:53.0078 4680 aic78u2 - ok
11:57:53.0078 4680 [ 5CCFF568F3C1892B43733B182887258B ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:57:53.0096 4680 aic78xx - ok
11:57:53.0152 4680 [ AFA2CF7CB731CA177CCCFFFFE5D88776 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:57:53.0189 4680 Alerter - ok
11:57:53.0226 4680 [ 2D21FF6D4CD30E679F1A294D5BA3D97B ] ALG C:\WINDOWS\System32\alg.exe
11:57:53.0226 4680 ALG - ok
11:57:53.0300 4680 [ DEC1AB343E20088A9CDE6F6661EC0A98 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:57:53.0540 4680 AliIde - ok
11:57:53.0595 4680 [ E21EDF0AD0B24C379E197A46D61F84A6 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
11:57:53.0614 4680 AmdIde - ok
11:57:53.0669 4680 [ 4F6B2DE8BC199C542F174844BB64485A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:57:54.0168 4680 AppMgmt - ok
11:57:54.0168 4680 [ CBDE05FE8F7162ADF1ED6F8F14A18F9E ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
11:57:54.0224 4680 arc - ok
11:57:54.0279 4680 [ FDA73C1ECD1EC4F366FF0AB85ABF816D ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:57:54.0390 4680 Arp1394 - ok
11:57:54.0834 4680 [ F9F0F095586009E5DA0C32E648AA99FA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
11:57:55.0370 4680 aspnet_state - ok
11:57:55.0425 4680 [ 7380ACDD2D8E6621392E56D9A0467FE4 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:57:55.0480 4680 AsyncMac - ok
11:57:55.0499 4680 [ 7A1814D0D112F50F828E25557A1ED29F ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:57:55.0499 4680 atapi - ok
11:57:55.0499 4680 Atdisk - ok
11:57:55.0610 4680 [ 62D65FCE5695B53A2DDF92E83111EA06 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:57:55.0721 4680 Atmarpc - ok
11:57:55.0758 4680 [ 0DA015AB1EE54988572CFC4B7644556A ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:57:55.0758 4680 AudioSrv - ok
11:57:55.0795 4680 [ 1437089F59DBA75FEE4ED959077A938E ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:57:55.0795 4680 audstub - ok
11:57:56.0201 4680 [ 40AB6E25024ABB354B6C53558044BFEE ] b57nd C:\WINDOWS\system32\DRIVERS\b57amd64.sys
11:57:56.0238 4680 b57nd - ok
11:57:56.0368 4680 [ 8BA2E5CDFDE406DC4646AFB894804844 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:57:56.0405 4680 Beep - ok
11:57:56.0608 4680 [ 749C15323919984A6E08BAD427D89936 ] BITS C:\WINDOWS\system32\qmgr.dll
11:57:56.0904 4680 BITS - ok
11:57:57.0144 4680 [ D18C35A3DBC56D3DC6CB7AD3E2568F0F ] Blfp C:\WINDOWS\system32\DRIVERS\basamd64.sys
11:57:57.0292 4680 Blfp - ok
11:57:57.0587 4680 [ 3A8E1DF1A159DF863AF4E5B84019A2BC ] Browser C:\WINDOWS\System32\browser.dll
11:57:57.0624 4680 Browser - ok
11:57:57.0754 4680 [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:57:57.0846 4680 ccEvtMgr - ok
11:57:57.0846 4680 [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:57:57.0883 4680 ccSetMgr - ok
11:57:57.0957 4680 [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A ] CdaC15BA C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
11:57:57.0957 4680 CdaC15BA - ok
11:57:58.0068 4680 [ 9067D96899D98CA4535A76E8C8B2E3A5 ] CdaD10BA C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
11:57:58.0068 4680 CdaD10BA - ok
11:57:58.0290 4680 [ 4D99E36322FB51A8D1B2B6D6B69D9889 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:57:58.0290 4680 Cdfs - ok
11:57:58.0308 4680 [ 11663FE50E499FFEE77979542B285F38 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:57:58.0308 4680 Cdrom - ok
11:57:58.0327 4680 Changer - ok
11:57:58.0382 4680 [ 46C54F209031AFA0F100D0703FC346DA ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:57:58.0382 4680 CiSvc - ok
11:57:58.0512 4680 [ 74F11D0323666D9F615A2D3692590122 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:57:58.0512 4680 ClipSrv - ok
11:57:58.0863 4680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:58:00.0083 4680 clr_optimization_v2.0.50727_32 - ok
11:58:00.0101 4680 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:58:01.0025 4680 clr_optimization_v2.0.50727_64 - ok
11:58:01.0099 4680 [ A663464027956BDECA29A652E7FAD96E ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:58:01.0173 4680 CmdIde - ok
11:58:01.0265 4680 [ 35F6977863F97D80D3E30F8FF0C293A4 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:58:01.0284 4680 Compbatt - ok
11:58:01.0284 4680 COMSysApp - ok
11:58:01.0395 4680 [ 423F7A6E3AF4C2A73C8C8AD945F72CBA ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
11:58:01.0469 4680 crcdisk - ok
11:58:01.0543 4680 [ 8B0B3744C60936ACAE31012799DB3982 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:58:01.0543 4680 CryptSvc - ok
11:58:01.0690 4680 [ A6130365606F3D6332B014FC3DA931AA ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:58:01.0690 4680 DcomLaunch - ok
11:58:01.0801 4680 [ DE4C841DDA8D5800515A5CA908580A36 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:58:01.0801 4680 Dhcp - ok
11:58:01.0801 4680 [ 417D7B9C6F36685A417E54690F8BD7B2 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:01.0857 4680 Disk - ok
11:58:01.0857 4680 dmadmin - ok
11:58:02.0060 4680 [ 19D704C92C2E2BD4DC99DB18A3523918 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:58:02.0282 4680 dmboot - ok
11:58:02.0319 4680 [ B293CE1C9243219F6B9E5DBCAA75B962 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:58:02.0633 4680 dmio - ok
11:58:02.0633 4680 [ C294E31D6CB7407A43C96EC1FEC1F8A4 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:58:02.0633 4680 dmload - ok
11:58:02.0670 4680 [ 76F7E7922F428BE040F800920BB8FF3B ] dmserver C:\WINDOWS\System32\dmserver.dll
11:58:02.0670 4680 dmserver - ok
11:58:02.0818 4680 [ 19C1612C4F5D828935D2270C7AF13E6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:58:02.0818 4680 Dnscache - ok
11:58:02.0818 4680 [ 3B11B51956C3D5C39BABF064FA30FF26 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:58:02.0855 4680 dpti2o - ok
11:58:02.0984 4680 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:58:02.0984 4680 eeCtrl - ok
11:58:03.0298 4680 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:58:03.0298 4680 EraserUtilRebootDrv - ok
11:58:03.0465 4680 [ B063A36E4E027A9DBE2B019EBBBEAE86 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:58:03.0520 4680 ERSvc - ok
11:58:04.0038 4680 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] Eventlog C:\WINDOWS\system32\services.exe
11:58:04.0038 4680 Eventlog - ok
11:58:04.0149 4680 [ CDEF30A1DCFFCAF6A4E8B7812AE79C95 ] EventSystem C:\WINDOWS\system32\es.dll
11:58:04.0149 4680 EventSystem - ok
11:58:04.0186 4680 [ 7C713B9F6F968F135D3D819492882CDD ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:58:04.0463 4680 Fastfat - ok
11:58:04.0648 4680 [ EE07F2A9423199FF95BFDD33BACF066C ] Fax C:\WINDOWS\system32\fxssvc.exe
11:58:04.0648 4680 Fax - ok
11:58:04.0666 4680 [ 7E35D423FF10AB5B8AF1D3DE86236690 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:58:04.0666 4680 Fdc - ok
11:58:04.0685 4680 [ 73EA9000F8FB2E060954EB7C3377A3C7 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:58:04.0685 4680 Fips - ok
11:58:04.0869 4680 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:58:05.0350 4680 FLEXnet Licensing Service - ok
11:58:05.0387 4680 [ 8AC77974378EAC3548330951A5DEEEBF ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:58:05.0405 4680 Flpydisk - ok
11:58:05.0461 4680 [ 087DB260F98056AC40261ACAE4240882 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:58:05.0683 4680 FltMgr - ok
11:58:05.0923 4680 [ 8A4DCD28D2BE12946F6D5D308B0942A6 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
11:58:05.0941 4680 FontCache3.0.0.0 - ok
11:58:05.0978 4680 [ 70DF80567A55A97894B4E8952EC5E7FC ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:58:05.0978 4680 Fs_Rec - ok
11:58:05.0997 4680 [ E90AA7C073519DD8571670818CB85CCB ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:58:06.0089 4680 Ftdisk - ok
11:58:06.0422 4680 [ 0B53F4306E17025E7685D18C3A77127E ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
11:58:06.0422 4680 GoToMyPC - ok
11:58:06.0459 4680 [ 865D4D0B4E3730EF8040000CFB846D9F ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:58:06.0477 4680 Gpc - ok
11:58:06.0588 4680 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca58d97543f0d4 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:58:06.0588 4680 gupdate1ca58d97543f0d4 - ok
11:58:06.0884 4680 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:58:06.0884 4680 gupdatem - ok
11:58:06.0958 4680 [ D36E47728CDBC8D17A77D36A6CBC29BB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:58:06.0958 4680 HDAudBus - ok
11:58:07.0106 4680 [ 40E274B64843813A81C42687592339D7 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:58:07.0106 4680 helpsvc - ok
11:58:07.0143 4680 [ DDD74D94D018BCB66CA31E4533925695 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:58:07.0217 4680 HidBatt - ok
11:58:07.0217 4680 HidServ - ok
11:58:07.0217 4680 [ F32BEC5614A61BBB2BEDE070D279F88B ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:58:07.0217 4680 hidusb - ok
11:58:07.0309 4680 [ B54738DF11D0E06072BF9C332DB1D254 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:58:07.0309 4680 HTTP - ok
11:58:07.0365 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] HTTPFilter C:\WINDOWS\System32\lsass.exe
11:58:07.0365 4680 HTTPFilter - ok
11:58:07.0365 4680 i2omgmt - ok
11:58:07.0549 4680 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:58:07.0549 4680 IAANTMON - ok
11:58:07.0549 4680 IASJet - ok
11:58:07.0549 4680 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
11:58:07.0568 4680 iaStor - ok
11:58:08.0085 4680 [ 501CF65702D7F64C38DB360F7EB07ADC ] idsvc C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:58:08.0658 4680 idsvc - ok
11:58:08.0695 4680 [ 766E9360FDC47AF63804EEB99541EF32 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
11:58:08.0788 4680 iirsp - ok
11:58:08.0843 4680 [ D2E541613B72FF9FCEDF37B166930706 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:58:08.0843 4680 imapi - ok
11:58:08.0954 4680 [ 9014C144CD95EEE1F5884664A4BFB4D8 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:58:08.0954 4680 ImapiService - ok
11:58:09.0046 4680 [ 06B7ACD0E67BDA504DFD0340663F9B78 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:58:09.0046 4680 IntelIde - ok
11:58:09.0157 4680 [ F8DEF5F83DEF3D1EE89BC851BFB6A886 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:58:09.0157 4680 intelppm - ok
11:58:09.0213 4680 [ 6601A43EE389D0ADB11AAEDE9A98036B ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:58:09.0287 4680 Ip6Fw - ok
11:58:09.0305 4680 [ 1B1B4654A5492A42D2E1BF5B2B22D32B ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:58:09.0305 4680 IpFilterDriver - ok
11:58:09.0305 4680 IpInIp - ok
11:58:09.0398 4680 [ 088ECB04137DF1F52EC10C29D57A8CCA ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:58:09.0398 4680 IpNat - ok
11:58:09.0416 4680 [ DB841EC6F027C780002EF47AABFDDF86 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:58:09.0508 4680 IPSec - ok
11:58:09.0564 4680 [ 8B7015EA0171242CCA03C2FB48CCC771 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:58:09.0601 4680 IRENUM - ok
11:58:09.0656 4680 [ D994162E4D8E931FC16A892A87852BBB ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:58:09.0656 4680 isapnp - ok
11:58:10.0008 4680 [ A38441ED570F190CC041A7BE49488FA7 ] JavaQuickStarterService C:\Program Files (x86)\Java\jre6\bin\jqs.exe
11:58:10.0008 4680 JavaQuickStarterService - ok
11:58:10.0081 4680 [ E85095372008A9194C7ED6206CB782DA ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:58:10.0100 4680 Kbdclass - ok
11:58:10.0174 4680 [ F96D8CEC38EFD64AAF41976D214FC54E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:58:10.0174 4680 kbdhid - ok
11:58:10.0322 4680 [ 1B280B3B4C10CC2E3EC3AEC17EB6B658 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:58:10.0322 4680 kmixer - ok
11:58:10.0396 4680 [ EDCDC587073AC4BE72C5A66FE30ACA00 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:58:10.0507 4680 KSecDD - ok
11:58:10.0544 4680 [ 5CB302B6CAACE41AF70C34B56EB3DB23 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
11:58:10.0544 4680 ksthunk - ok
11:58:10.0617 4680 [ 4D8E9A805ADD244B5C511147A5D9BB8C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:58:10.0617 4680 lanmanserver - ok
11:58:10.0673 4680 [ BF4105D3EB357652A4EA73F170715ACD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:58:10.0673 4680 lanmanworkstation - ok
11:58:11.0412 4680 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:58:11.0412 4680 LiveUpdate - ok
11:58:11.0449 4680 [ 80DB42573F8EF6CBB6A7A0FF6966A352 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:58:11.0449 4680 LmHosts - ok
11:58:11.0468 4680 [ A9BD6739FE7CE33A95B4CBAD58FF0E4B ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:58:11.0468 4680 MBAMProtector - ok
11:58:11.0579 4680 [ 12B8CC5F8369AB51D363FD1E35F97CFE ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:58:11.0579 4680 MBAMService - ok
11:58:11.0800 4680 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:58:11.0800 4680 MDM - ok
11:58:11.0967 4680 [ 85EF2BD8CBBD5E3C17464F4EB62A00C9 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
11:58:11.0967 4680 MemeoBackgroundService - ok
11:58:12.0004 4680 [ 34EF8CBEA95EF5108A1349FC22D87513 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:58:12.0022 4680 Messenger - ok
11:58:12.0059 4680 [ AD6BC1EFA0C1B53409947F06DE87FC89 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:58:12.0059 4680 mnmdd - ok
11:58:12.0059 4680 mnmsrvc - ok
11:58:12.0096 4680 [ 9A67A96A0CBC2BC658ABF8C9B5EE065A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:58:12.0115 4680 Modem - ok
11:58:12.0115 4680 [ 12ACF32EDF03E46805347817ACB9F64C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:58:12.0133 4680 Mouclass - ok
11:58:12.0207 4680 [ A0C4E4A79C5D6F418315C33177F2B5BC ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:58:12.0318 4680 mouhid - ok
11:58:12.0614 4680 [ 7E9CC7E4282A8E7A480560A6F817C177 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:58:12.0632 4680 MountMgr - ok
11:58:12.0724 4680 [ E2539EFC597E2BEA7037BB42A67EB717 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:58:12.0761 4680 mraid35x - ok
11:58:12.0835 4680 [ 3D33208E5A7414D8633D34D24F119173 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:58:12.0835 4680 MRxDAV - ok
11:58:12.0965 4680 [ 9385E695B33068B90CF419186ECAA3DE ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:58:12.0965 4680 MRxSmb - ok
11:58:13.0039 4680 [ D42976785BA169C2361F97CC6A20681F ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:58:13.0039 4680 MSDTC - ok
11:58:13.0297 4680 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
11:58:13.0297 4680 MsDtsServer100 - ok
11:58:13.0297 4680 [ 983F4AB7A50D56CD33E2061EE733BD55 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:58:13.0297 4680 Msfs - ok
11:58:13.0297 4680 MSIServer - ok
11:58:13.0371 4680 [ 308EC6FBEF38871CB2C4CACE9C8F4808 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:58:13.0408 4680 MSKSSRV - ok
11:58:13.0649 4680 [ 8D3226738479719AAB3B6D2617D7A55C ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:58:13.0741 4680 MSPCLOCK - ok
11:58:13.0944 4680 [ 058D63E8D000AE678D4549BFA8EB0DEB ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:58:14.0018 4680 MSPQM - ok
11:58:14.0111 4680 [ 5992D1F9ED64017A76AFEE2B79F5CFB9 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:58:14.0111 4680 mssmbios - ok
11:58:14.0314 4680 [ 5902C8E565FE346076786F43103EF02E ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:58:14.0517 4680 Mup - ok
11:58:14.0757 4680 [ 8043D41F881D6ACE40B854AD6E32217F ] NAVENG C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\ENG64.SYS
11:58:14.0757 4680 NAVENG - ok
11:58:15.0719 4680 [ 9A9AB2FC45D701DAED465D14980F1305 ] NAVEX15 C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\EX64.SYS
11:58:15.0829 4680 NAVEX15 - ok
11:58:15.0922 4680 [ 6FE83D05AEBEF7930D7CE91568DC99DF ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:58:15.0959 4680 NDIS - ok
11:58:16.0051 4680 [ 389CFAB53AA9807EA4536CB0B03609C3 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:58:16.0051 4680 NdisTapi - ok
11:58:16.0051 4680 [ 49C1207C1AE8C6958F1C1747132814C2 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:58:16.0051 4680 Ndisuio - ok
11:58:16.0107 4680 [ 6157A7AEAE6D2B948FF2E872FFAC765B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:58:16.0107 4680 NdisWan - ok
11:58:16.0125 4680 [ 01B8ACF7C9AFA9005DB6378077137BCE ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:58:16.0125 4680 NDProxy - ok
11:58:16.0162 4680 [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:58:16.0162 4680 Net Driver HPZ12 - ok
11:58:16.0181 4680 [ B1CEE06471A069149B11FADA23FF00FD ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:58:16.0181 4680 NetBIOS - ok
11:58:16.0218 4680 [ FEDAAFB6CD700B9E0787C94D81C07DB5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:58:16.0218 4680 NetBT - ok
11:58:16.0310 4680 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:58:16.0310 4680 NetDDE - ok
11:58:16.0328 4680 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:58:16.0347 4680 NetDDEdsdm - ok
11:58:16.0384 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] Netlogon C:\WINDOWS\system32\lsass.exe
11:58:16.0384 4680 Netlogon - ok
11:58:16.0458 4680 [ F28FD9DBA68A85D6EE4225A83F127D2B ] Netman C:\WINDOWS\System32\netman.dll
11:58:16.0458 4680 Netman - ok
11:58:16.0550 4680 [ 8BC776595238AB62072AA6BEB17DDF59 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:58:16.0606 4680 NetTcpPortSharing - ok
11:58:16.0643 4680 [ DAFC30299E872CD7ED3795EA0FA08F67 ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:58:16.0643 4680 NIC1394 - ok
11:58:16.0680 4680 [ BA13C3C32A69DC37653C9543E065950E ] Nla C:\WINDOWS\System32\mswsock.dll
11:58:16.0680 4680 Nla - ok
11:58:16.0735 4680 [ 81819038621A2C524781EC503D400287 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:58:16.0735 4680 Npfs - ok
11:58:16.0846 4680 [ C8904B5F90AB2236692E83D491C4D426 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:58:17.0234 4680 Ntfs - ok
11:58:17.0308 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:58:17.0308 4680 NtLmSsp - ok
11:58:17.0604 4680 [ A398462077F68A41B4DFF9FB7E8FC7B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:58:17.0936 4680 NtmsSvc - ok
11:58:17.0973 4680 [ 501039187C444FA7AB9D97B6A6C667B3 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:58:17.0992 4680 Null - ok
11:58:19.0692 4680 [ AB475D5ED13C0962F57C7AC72DCDE3F0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:58:19.0729 4680 nv - ok
11:58:20.0136 4680 [ 95FF7E4B9AFE5EB9426D02BF9B44A539 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
11:58:20.0154 4680 NVIDIA Performance Driver Service - ok
11:58:20.0210 4680 [ B11B93ED449F01A5C46DE7FDCD228387 ] NVSvc C:\WINDOWS\system32\nvsvc64.exe
11:58:20.0598 4680 NVSvc - ok
11:58:20.0616 4680 [ C3E47D8E74F05C9691B4A0BC37EFC663 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
11:58:20.0616 4680 nv_agp - ok
11:58:20.0820 4680 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:58:20.0838 4680 odserv - ok
11:58:20.0875 4680 [ F8160AC8AE516A33221427C2353A7D12 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:58:20.0912 4680 ohci1394 - ok
11:58:20.0968 4680 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:58:21.0023 4680 ose - ok
11:58:21.0115 4680 [ 7DDAA09186DA9F1D304E819B5A6BBC5A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:58:21.0115 4680 Parport - ok
11:58:21.0134 4680 [ 5F9A703240468A0C35A629D17FFCA847 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:58:21.0134 4680 PartMgr - ok
11:58:21.0171 4680 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV64.sys
11:58:21.0226 4680 PBADRV - ok
11:58:21.0226 4680 [ 5B2C8D6971D8DF4937C2FA013CD4C00D ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:58:21.0282 4680 PCI - ok
11:58:21.0319 4680 [ F1978C7849A0047306DB3B8BB94F0764 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:58:21.0356 4680 PCIIde - ok
11:58:21.0374 4680 [ 037F3A19F49A4C6A320C4154EBD6EE9D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:58:22.0132 4680 Pcmcia - ok
11:58:22.0132 4680 PDCOMP - ok
11:58:22.0132 4680 PDFRAME - ok
11:58:22.0132 4680 PDRELI - ok
11:58:22.0132 4680 PDRFRAME - ok
11:58:22.0612 4680 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] PlugPlay C:\WINDOWS\system32\services.exe
11:58:22.0649 4680 PlugPlay - ok
11:58:22.0686 4680 [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:58:22.0705 4680 Pml Driver HPZ12 - ok
11:58:22.0723 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:58:22.0742 4680 PolicyAgent - ok
11:58:23.0001 4680 [ E176F640EE6BF550F61FAA9CE9A683F4 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:58:23.0001 4680 PptpMiniport - ok
11:58:23.0056 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:58:23.0056 4680 ProtectedStorage - ok
11:58:23.0093 4680 [ 01AAE06E543C0956AC247546A8F2DAFE ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:58:23.0093 4680 PSched - ok
11:58:23.0333 4680 [ 35E39A969D227C2A56C1DC98361D8E35 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:58:23.0389 4680 Ptilink - ok
11:58:23.0684 4680 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
11:58:23.0980 4680 PxHlpa64 - ok
11:58:24.0091 4680 [ D646A315E6386DAC1D96C8CE8A4BFEE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:58:25.0108 4680 RasAcd - ok
11:58:25.0237 4680 [ 3F573D0C001B982C3180860366783BC0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:58:25.0459 4680 RasAuto - ok
11:58:25.0607 4680 [ D81FDC53EE9C0F68D709E504342D1D74 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:58:25.0625 4680 Rasl2tp - ok
11:58:25.0699 4680 [ 47F7838F77A42F85C763899AB1B77D14 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:58:25.0754 4680 RasMan - ok
11:58:25.0791 4680 [ 31FA5AB662C58CC5CF92396224F6B29A ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:58:25.0847 4680 RasPppoe - ok
11:58:25.0958 4680 [ 701493F9A6EDE759AF8D3FA7C08BAB3B ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:58:25.0995 4680 Raspti - ok
11:58:26.0069 4680 [ F1C8347F0E437E145B2E30A6F29E45BD ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:58:26.0106 4680 Rdbss - ok
11:58:26.0161 4680 [ C013379D04060318C3B2E4967D82739A ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:58:26.0198 4680 RDPCDD - ok
11:58:26.0235 4680 [ 0482A9BE0BE2098A12A61464306BF24B ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:58:26.0290 4680 rdpdr - ok
11:58:26.0420 4680 [ 7B586DB3E86E407F6A43E83586AF4F32 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:58:26.0457 4680 RDPWD - ok
11:58:26.0549 4680 [ A72BE0B07655141AB4EABECF0D66528A ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:58:26.0752 4680 RDSessMgr - ok
11:58:26.0808 4680 [ 1D793394201000D2D56E848C18FE9A62 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:58:26.0845 4680 redbook - ok
11:58:26.0919 4680 [ 60C8A5D4954CCE7D280369DFF5068019 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:58:26.0993 4680 RemoteAccess - ok
11:58:27.0067 4680 [ B2D55CE8C7C946C625B687F75040AD3F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:58:27.0104 4680 RemoteRegistry - ok
11:58:27.0159 4680 [ 809785CF7BE1B857F3B52D9B1AF10817 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:58:27.0307 4680 RpcLocator - ok
11:58:27.0381 4680 [ A6130365606F3D6332B014FC3DA931AA ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:58:27.0455 4680 RpcSs - ok
11:58:27.0492 4680 [ 1A782D5CA033F553F0BE54546EBF3B4F ] SamSs C:\WINDOWS\system32\lsass.exe
11:58:27.0529 4680 SamSs - ok
11:58:27.0621 4680 [ A2069FFA2A6FEBB3818F180373C84A89 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:58:27.0787 4680 SCardSvr - ok
11:58:27.0880 4680 [ 71CD398385835C08613C65E5BF91E7FA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:58:27.0898 4680 Schedule - ok
11:58:27.0954 4680 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:58:27.0954 4680 Secdrv - ok
11:58:28.0065 4680 [ B4E054549321372D995E4DB9A5304E77 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:58:28.0065 4680 seclogon - ok
11:58:28.0397 4680 [ C7E916ACA04D95F663B367C715792C6A ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
11:58:28.0656 4680 SecureStorageService - ok
11:58:28.0675 4680 [ 222C0A6C354D6A90700956C60574A09A ] SENS C:\WINDOWS\system32\sens.dll
11:58:28.0693 4680 SENS - ok
11:58:28.0767 4680 [ 111B29F3FCF9FB61C903A01E3706F7DC ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:58:28.0823 4680 serenum - ok
11:58:28.0859 4680 [ C0DC97399576FCCFF5FE877EC2D8DACC ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:58:28.0859 4680 Serial - ok
11:58:28.0896 4680 [ 9D7D0A39CA2A525F61D513A65CDD875E ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
11:58:28.0915 4680 SFAUDIO - ok
11:58:28.0952 4680 [ C6EACC8920A31B8D5842D1F7A28E2113 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:58:28.0952 4680 Sfloppy - ok
11:58:29.0044 4680 [ D71A8153D3CF0ED527F6BA1F087FAA22 ] SharedAccess C:\WINDOWS\system32\ipnathlp.dll
11:58:29.0100 4680 SharedAccess - ok
11:58:29.0285 4680 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:58:29.0506 4680 ShellHWDetection - ok
11:58:29.0506 4680 Simbad - ok
11:58:29.0691 4680 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:58:29.0765 4680 Skype C2C Service - ok
11:58:29.0784 4680 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:58:29.0968 4680 SkypeUpdate - ok
11:58:30.0172 4680 [ 26EB194D1FB2870E0453A99B84889F8D ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
11:58:30.0264 4680 SmcService - ok
11:58:30.0357 4680 [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
11:58:30.0430 4680 SNAC - ok
11:58:30.0467 4680 [ 17EC29105989101DB536C49E1279A0EB ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:58:30.0486 4680 splitter - ok
11:58:30.0504 4680 [ 206FD327B4AAD3AEAA8E0D7D03F2044A ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:58:30.0541 4680 Spooler - ok
11:58:30.0597 4680 [ DAE1D5553D42A06034001D6EF4F5CB36 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:58:30.0671 4680 sr - ok
11:58:30.0726 4680 [ 7B6DA719973755BD091131E53AD6EC23 ] srservice C:\WINDOWS\system32\srsvc.dll
11:58:30.0763 4680 srservice - ok
11:58:30.0763 4680 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP64.SYS
11:58:30.0800 4680 SRTSP - ok
11:58:30.0837 4680 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL64.SYS
11:58:30.0966 4680 SRTSPL - ok
11:58:31.0003 4680 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX64.SYS
11:58:31.0022 4680 SRTSPX - ok
11:58:31.0059 4680 [ 2A08328562D0BA596B699EEB90B511D1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:58:31.0059 4680 Srv - ok
11:58:31.0114 4680 [ 94AD81C8EE2385EDDB08C7E34FEDB7A8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:58:31.0188 4680 SSDPSRV - ok
11:58:31.0262 4680 [ F6D4F452DB507820F726525A1425F0CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:58:31.0299 4680 stisvc - ok
11:58:31.0373 4680 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:58:31.0392 4680 stllssvr - ok
11:58:31.0410 4680 [ B6536185FEEB8F0C86AD3BF2FBAB4F2F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:58:31.0447 4680 swenum - ok
11:58:31.0484 4680 [ 8E9E35B36A27AD154A5F92397CDE343C ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:58:31.0502 4680 swmidi - ok
11:58:31.0595 4680 [ 2E54746998139CB708B83974F1AC09F3 ] swprv C:\WINDOWS\System32\swprv.dll
11:58:31.0706 4680 swprv - ok
11:58:32.0075 4680 [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
11:58:32.0075 4680 Symantec AntiVirus - ok
11:58:32.0131 4680 [ 02363A8690BA2DB405B9EC6A598A8D89 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:58:32.0223 4680 symc8xx - ok
11:58:32.0297 4680 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
11:58:32.0334 4680 SymEvent - ok
11:58:32.0445 4680 [ D3B52787F40DDB43ACAFA01583B079FE ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
11:58:32.0500 4680 symmpi - ok
11:58:32.0500 4680 [ 1F8245798DE985A00EA7E2D40FA9876E ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:58:32.0500 4680 sym_hi - ok
11:58:32.0500 4680 [ 954C7C1C9A1400AE68DF10D730A6A31D ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:58:32.0537 4680 sym_u3 - ok
11:58:32.0574 4680 [ 2E843F129DAF4C789DF7ACD40E26208F ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:58:32.0611 4680 sysaudio - ok
11:58:32.0704 4680 [ D3FFFEA8C94BA3C1CEAC9694AC390472 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:58:32.0722 4680 SysmonLog - ok
11:58:32.0815 4680 [ FAFEFC85FC929B81571BFF315C93E299 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:58:32.0833 4680 TapiSrv - ok
11:58:32.0926 4680 [ 34D970B38E9E835009E1AD07C5422B58 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:58:32.0944 4680 Tcpip - ok
11:58:33.0129 4680 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
11:58:33.0166 4680 tcsd_win32.exe - ok
11:58:33.0628 4680 [ 5A54D918A99299F3B33FBBA900C85590 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
11:58:33.0646 4680 TdmService - ok
11:58:33.0720 4680 [ DA1E9CD22238FA4DB565EF41C7312E1B ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:58:33.0720 4680 TDPIPE - ok
11:58:33.0739 4680 [ 47D24EBB1C442DCC18D89B8B89BAFB49 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:58:33.0739 4680 TDTCP - ok
11:58:33.0776 4680 [ 8AB9AD44907D4C57AD10E175C8720ECF ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:58:33.0776 4680 TermDD - ok
11:58:33.0850 4680 [ F4849A4962779132B02CA4BBF696F434 ] TermService C:\WINDOWS\System32\termsrv.dll
11:58:33.0850 4680 TermService - ok
11:58:33.0887 4680 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] Themes C:\WINDOWS\System32\shsvcs.dll
11:58:33.0887 4680 Themes - ok
11:58:33.0924 4680 [ 0FDF294D30CA53391485132854151B26 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:58:33.0979 4680 TlntSvr - ok
11:58:34.0016 4680 [ E732F06DA26A6ED57AC63A68DE246F6B ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:58:34.0053 4680 TosIde - ok
11:58:34.0256 4680 [ 483FFCD8E5080198D87EEED44246E6A9 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:58:34.0256 4680 TrkWks - ok
11:58:34.0312 4680 [ A6DD2DFCC44EC61D18AA645620CD8F63 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:58:34.0367 4680 Udfs - ok
11:58:34.0386 4680 [ DE3C294E44468BE08A27C089F4B9B5AA ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
11:58:34.0386 4680 uliagpkx - ok
11:58:34.0441 4680 [ 3C1D799058E89CFF843B10E2A0929C38 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:58:34.0534 4680 ultra - ok
11:58:34.0570 4680 [ 1446762923434D2A9C315325CF4770C8 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:58:34.0589 4680 Update - ok
11:58:34.0681 4680 [ 78C605CB6E0CE966D3347FF7CAF3F8AC ] upnphost C:\WINDOWS\System32\upnphost.dll
11:58:34.0681 4680 upnphost - ok
11:58:34.0700 4680 [ 3EC1501AA03CECD66ED093428FBC8B0E ] UPS C:\WINDOWS\System32\ups.exe
11:58:34.0811 4680 UPS - ok
11:58:34.0848 4680 [ 3421B0691A0E365A020836369A296F0C ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:58:34.0866 4680 usbccgp - ok
11:58:34.0903 4680 [ AE6521A1C79FC955FF26BE9CA5521B51 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:58:34.0922 4680 usbehci - ok
11:58:34.0959 4680 [ D63CB1B59D54F9C2BB8A4107584A664F ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:58:34.0996 4680 usbhub - ok
11:58:35.0014 4680 [ EDCE8A162E8023FD1751E08E23E41948 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:35.0051 4680 USBSTOR - ok
11:58:35.0088 4680 [ 4B7B4A2CC997C482A0AA7CA663AF62A0 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:58:35.0088 4680 usbuhci - ok
11:58:35.0310 4680 [ B1E327AEA4ECF42DDF7C579B0FB0DE4C ] vds C:\WINDOWS\System32\vds.exe
11:58:35.0458 4680 vds - ok
11:58:35.0532 4680 [ B40CFD2FFDD838B0CE0C35EE449407BD ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
11:58:35.0550 4680 vga - ok
11:58:35.0569 4680 [ 78EBFE6F11F10DB8237B910E9158CA91 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:58:35.0569 4680 VgaSave - ok
11:58:35.0624 4680 [ AF90283616C8138CF610214983772A7A ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:58:35.0642 4680 ViaIde - ok
11:58:35.0735 4680 [ FD6D28D1BBF31C719D9C5EC2D20FB5C2 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
11:58:35.0938 4680 VolSnap - ok
11:58:36.0326 4680 [ 0A05DE966B412D6289632AC05FC6ADA2 ] VSS C:\WINDOWS\System32\vssvc.exe
11:58:37.0472 4680 VSS - ok
11:58:37.0491 4680 [ 6FE371026674BAF189F7A81746A67C87 ] W32Time C:\WINDOWS\system32\w32time.dll
11:58:37.0528 4680 W32Time - ok
11:58:37.0546 4680 [ D2A01D73FE4A455C1D741B48C56763B2 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:58:37.0546 4680 Wanarp - ok
11:58:37.0583 4680 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam64.sys
11:58:37.0583 4680 WDC_SAM - ok
11:58:37.0583 4680 WDICA - ok
11:58:37.0639 4680 [ DAFF7E89C84079022B9606F83E1BD29A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:58:37.0639 4680 wdmaud - ok
11:58:37.0712 4680 [ FE8590FA0367A29BC7ED7BFC4962AD1C ] WebClient C:\WINDOWS\System32\webclnt.dll
11:58:37.0712 4680 WebClient - ok
11:58:37.0712 4680 WinHttpAutoProxySvc - ok
11:58:38.0175 4680 [ 881271D649E778690A365D73B8958509 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:58:38.0175 4680 winmgmt - ok
11:58:38.0248 4680 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\SysWOW64\mspmsnsv.dll
11:58:38.0285 4680 WmdmPmSN - ok
11:58:38.0341 4680 [ B51966DB20D5C700228DFE222FDF9E67 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:58:38.0359 4680 Wmi - ok
11:58:38.0415 4680 [ EA6A8317C29120EDE0E422286712D769 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:58:38.0452 4680 WmiAcpi - ok
11:58:38.0489 4680 [ 56980BE8B5A6861B5D9175EABA8AC7DC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:58:38.0600 4680 WmiApSrv - ok
11:58:38.0766 4680 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
11:58:38.0821 4680 WMPNetworkSvc - ok
11:58:38.0877 4680 [ 82960CE97C1898C28D7AE62BA6721D27 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:58:38.0877 4680 wscsvc - ok
11:58:38.0877 4680 WSearch - ok
11:58:38.0895 4680 [ EF7576AF44B484F7A3E6072D633BAB34 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:58:38.0932 4680 wuauserv - ok
11:58:39.0006 4680 [ 3F98A4E57933963CF2A941BB48F9D47A ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:58:39.0099 4680 WudfPf - ok
11:58:39.0136 4680 [ 881C0C35CDD09077B0E95EC2269CB44C ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:58:39.0210 4680 WudfRd - ok
11:58:39.0247 4680 [ 9DCF6C499773B709DE8F70CD5013CB38 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:58:39.0320 4680 WudfSvc - ok
11:58:39.0431 4680 [ F4EC5C736BBA9A27F9C36412C930B386 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:58:39.0450 4680 WZCSVC - ok
11:58:39.0487 4680 [ A1ABA5A0B4F1FF9B83C50F92F8C080A2 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:58:39.0561 4680 xmlprov - ok
11:58:39.0561 4680 ================ Scan global ===============================
11:58:39.0616 4680 [ 2AE60E46216266CDC9E20886E4CE3281 ] C:\WINDOWS\system32\basesrv.dll
11:58:39.0635 4680 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
11:58:39.0653 4680 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
11:58:39.0672 4680 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] C:\WINDOWS\system32\services.exe
11:58:39.0690 4680 [Global] - ok
11:58:39.0690 4680 ================ Scan MBR ==================================
11:58:39.0727 4680 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:58:39.0746 4680 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:58:39.0783 4680 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
11:58:39.0783 4680 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
11:58:39.0783 4680 ================ Scan VBR ==================================
11:58:39.0819 4680 [ E649F0F13E6228E5F9B4B3B4CDAD171C ] \Device\Harddisk0\DR0\Partition1
11:58:39.0819 4680 \Device\Harddisk0\DR0\Partition1 - ok
11:58:39.0819 4680 ============================================================
11:58:39.0819 4680 Scan finished
11:58:39.0819 4680 ============================================================
11:58:39.0893 4672 Detected object count: 1
11:58:39.0893 4672 Actual detected object count: 1
12:00:29.0514 4672 \Device\Harddisk0\DR0\# - copied to quarantine
12:00:29.0514 4672 \Device\Harddisk0\DR0 - copied to quarantine
12:00:29.0664 4672 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:00:29.0681 4672 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
12:00:29.0681 4672 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
12:00:29.0681 4672 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
12:00:29.0681 4672 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
12:00:29.0681 4672 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
12:00:29.0697 4672 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
12:00:29.0697 4672 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
12:00:29.0697 4672 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
12:00:29.0697 4672 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:00:29.0714 4672 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:00:29.0714 4672 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:00:29.0831 4672 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:00:29.0831 4672 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
12:00:29.0847 4672 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
12:00:29.0864 4672 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
12:00:29.0881 4672 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
12:00:29.0881 4672 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
12:00:29.0881 4672 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
12:00:29.0881 4672 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
12:00:30.0080 4672 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
12:00:30.0180 4672 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
12:00:30.0280 4672 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
12:00:30.0380 4672 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
12:00:30.0480 4672 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
12:00:30.0497 4672 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
12:00:30.0797 4672 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
12:00:30.0880 4672 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
12:00:30.0880 4672 \Device\Harddisk0\DR0 - ok
12:00:32.0129 4672 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
12:00:54.0861 3028 Deinitialize success


c) this is after the reboot for cleaning the rootkit (I ran a scan again):


12:12:18.0092 3168 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
12:12:20.0513 3168 ============================================================
12:12:20.0513 3168 Current date / time: 2012/08/20 12:12:20.0513
12:12:20.0513 3168 SystemInfo:
12:12:20.0513 3168
12:12:20.0513 3168 OS Version: 5.2.3790 ServicePack: 2.0
12:12:20.0513 3168 Product type: Workstation
12:12:20.0513 3168 ComputerName: PC-041
12:12:20.0513 3168 UserName: JLaFleur
12:12:20.0513 3168 Windows directory: C:\WINDOWS
12:12:20.0513 3168 System windows directory: C:\WINDOWS
12:12:20.0513 3168 Running under WOW64
12:12:20.0513 3168 Processor architecture: Intel x64
12:12:20.0513 3168 Number of processors: 4
12:12:20.0513 3168 Page size: 0x1000
12:12:20.0513 3168 Boot type: Normal boot
12:12:20.0513 3168 ============================================================
12:12:23.0081 3168 BG loaded
12:12:25.0557 3168 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:12:25.0594 3168 ============================================================
12:12:25.0594 3168 \Device\Harddisk0\DR0:
12:12:25.0594 3168 MBR partitions:
12:12:25.0594 3168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x746DE637
12:12:25.0594 3168 ============================================================
12:12:25.0871 3168 C: <-> \Device\Harddisk0\DR0\Partition1
12:12:25.0871 3168 ============================================================
12:12:25.0871 3168 Initialize success
12:12:25.0871 3168 ============================================================
12:18:58.0008 3488 ============================================================
12:18:58.0008 3488 Scan started
12:18:58.0008 3488 Mode: Manual;
12:18:58.0008 3488 ============================================================
12:18:58.0458 3488 ================ Scan system memory ========================
12:18:58.0458 3488 System memory - ok
12:18:58.0458 3488 ================ Scan services =============================
12:18:58.0624 3488 [ 922AB7CC2C12C38DC2C4074AF893D5FB ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
12:18:58.0624 3488 a2acc - ok
12:18:58.0707 3488 [ D7080C7CA741961C60A3AAC1A1B69A84 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
12:18:58.0724 3488 a2AntiMalware - ok
12:18:59.0190 3488 Abiosdsk - ok
12:18:59.0224 3488 [ 0CC42D1FB637112DE6F6196DDAF83DEC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:18:59.0224 3488 ACPI - ok
12:18:59.0257 3488 [ A4D4F508BC6613442B0C32CDE443E382 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:18:59.0257 3488 ACPIEC - ok
12:18:59.0307 3488 [ 8BCD86F26B9EBD61C03B4447494E11E9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:18:59.0307 3488 ADIHdAudAddService - ok
12:18:59.0407 3488 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:18:59.0407 3488 AdobeFlashPlayerUpdateSvc - ok
12:18:59.0457 3488 [ 9573848DB551092F1B2C35BFDCC89B74 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:18:59.0457 3488 adpu160m - ok
12:18:59.0473 3488 [ 11FC948F6807A5CF36AF1D3CE05A5867 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:18:59.0490 3488 adpu320 - ok
12:18:59.0557 3488 [ 92500BC3A6E241BBC357F532DD500A75 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:18:59.0557 3488 aec - ok
12:18:59.0590 3488 [ AC7010DDE9111A1C65D7391ADA5C7257 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
12:18:59.0590 3488 AeLookupSvc - ok
12:18:59.0640 3488 [ 886C37D055020D0D02C35AC5B84E76AB ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:18:59.0640 3488 AFD - ok
12:18:59.0657 3488 [ 3373905E7DED6168676707F318C612FA ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:18:59.0657 3488 agp440 - ok
12:18:59.0690 3488 [ BE8CF97DCA9B4906E3F325B6F0A0C7E1 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:18:59.0690 3488 aic78u2 - ok
12:18:59.0723 3488 [ 5CCFF568F3C1892B43733B182887258B ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:18:59.0723 3488 aic78xx - ok
12:18:59.0740 3488 [ AFA2CF7CB731CA177CCCFFFFE5D88776 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:18:59.0740 3488 Alerter - ok
12:18:59.0790 3488 [ 2D21FF6D4CD30E679F1A294D5BA3D97B ] ALG C:\WINDOWS\System32\alg.exe
12:18:59.0790 3488 ALG - ok
12:18:59.0790 3488 [ DEC1AB343E20088A9CDE6F6661EC0A98 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:18:59.0790 3488 AliIde - ok
12:18:59.0806 3488 [ E21EDF0AD0B24C379E197A46D61F84A6 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
12:18:59.0823 3488 AmdIde - ok
12:18:59.0923 3488 [ 4F6B2DE8BC199C542F174844BB64485A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:18:59.0923 3488 AppMgmt - ok
12:18:59.0923 3488 [ CBDE05FE8F7162ADF1ED6F8F14A18F9E ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
12:18:59.0923 3488 arc - ok
12:18:59.0990 3488 [ FDA73C1ECD1EC4F366FF0AB85ABF816D ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:18:59.0990 3488 Arp1394 - ok
12:19:00.0140 3488 [ F9F0F095586009E5DA0C32E648AA99FA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
12:19:00.0156 3488 aspnet_state - ok
12:19:00.0173 3488 [ 7380ACDD2D8E6621392E56D9A0467FE4 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:19:00.0173 3488 AsyncMac - ok
12:19:00.0206 3488 [ 7A1814D0D112F50F828E25557A1ED29F ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:19:00.0206 3488 atapi - ok
12:19:00.0206 3488 Atdisk - ok
12:19:00.0256 3488 [ 62D65FCE5695B53A2DDF92E83111EA06 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:19:00.0256 3488 Atmarpc - ok
12:19:00.0289 3488 [ 0DA015AB1EE54988572CFC4B7644556A ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:19:00.0289 3488 AudioSrv - ok
12:19:00.0306 3488 [ 1437089F59DBA75FEE4ED959077A938E ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:19:00.0306 3488 audstub - ok
12:19:00.0323 3488 [ 40AB6E25024ABB354B6C53558044BFEE ] b57nd C:\WINDOWS\system32\DRIVERS\b57amd64.sys
12:19:00.0323 3488 b57nd - ok
12:19:00.0339 3488 [ 8BA2E5CDFDE406DC4646AFB894804844 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:19:00.0339 3488 Beep - ok
12:19:00.0489 3488 [ 749C15323919984A6E08BAD427D89936 ] BITS C:\WINDOWS\system32\qmgr.dll
12:19:00.0556 3488 BITS - ok
12:19:00.0606 3488 [ D18C35A3DBC56D3DC6CB7AD3E2568F0F ] Blfp C:\WINDOWS\system32\DRIVERS\basamd64.sys
12:19:00.0772 3488 Blfp - ok
12:19:00.0789 3488 [ 3A8E1DF1A159DF863AF4E5B84019A2BC ] Browser C:\WINDOWS\System32\browser.dll
12:19:00.0789 3488 Browser - ok
12:19:00.0906 3488 [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:19:00.0906 3488 ccEvtMgr - ok
12:19:00.0906 3488 [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:19:00.0906 3488 ccSetMgr - ok
12:19:00.0939 3488 [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A ] CdaC15BA C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
12:19:00.0939 3488 CdaC15BA - ok
12:19:00.0972 3488 [ 9067D96899D98CA4535A76E8C8B2E3A5 ] CdaD10BA C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
12:19:00.0972 3488 CdaD10BA - ok
12:19:01.0005 3488 [ 4D99E36322FB51A8D1B2B6D6B69D9889 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:19:01.0005 3488 Cdfs - ok
12:19:01.0022 3488 [ 11663FE50E499FFEE77979542B285F38 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:19:01.0022 3488 Cdrom - ok
12:19:01.0022 3488 Changer - ok
12:19:01.0055 3488 [ 46C54F209031AFA0F100D0703FC346DA ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:19:01.0072 3488 CiSvc - ok
12:19:01.0122 3488 [ 74F11D0323666D9F615A2D3692590122 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:19:01.0122 3488 ClipSrv - ok
12:19:01.0255 3488 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:19:01.0355 3488 clr_optimization_v2.0.50727_32 - ok
12:19:01.0372 3488 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:19:01.0522 3488 clr_optimization_v2.0.50727_64 - ok
12:19:01.0555 3488 [ A663464027956BDECA29A652E7FAD96E ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:19:01.0555 3488 CmdIde - ok
12:19:01.0572 3488 [ 35F6977863F97D80D3E30F8FF0C293A4 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:19:01.0572 3488 Compbatt - ok
12:19:01.0572 3488 COMSysApp - ok
12:19:01.0655 3488 [ 423F7A6E3AF4C2A73C8C8AD945F72CBA ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
12:19:01.0655 3488 crcdisk - ok
12:19:01.0688 3488 [ 8B0B3744C60936ACAE31012799DB3982 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:19:01.0688 3488 CryptSvc - ok
12:19:01.0771 3488 [ A6130365606F3D6332B014FC3DA931AA ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:19:01.0788 3488 DcomLaunch - ok
12:19:01.0805 3488 [ DE4C841DDA8D5800515A5CA908580A36 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:19:01.0805 3488 Dhcp - ok
12:19:01.0805 3488 [ 417D7B9C6F36685A417E54690F8BD7B2 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:19:01.0805 3488 Disk - ok
12:19:01.0821 3488 dmadmin - ok
12:19:01.0855 3488 [ 19D704C92C2E2BD4DC99DB18A3523918 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:19:01.0988 3488 dmboot - ok
12:19:02.0005 3488 [ B293CE1C9243219F6B9E5DBCAA75B962 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:19:02.0138 3488 dmio - ok
12:19:02.0138 3488 [ C294E31D6CB7407A43C96EC1FEC1F8A4 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:19:02.0154 3488 dmload - ok
12:19:02.0171 3488 [ 76F7E7922F428BE040F800920BB8FF3B ] dmserver C:\WINDOWS\System32\dmserver.dll
12:19:02.0171 3488 dmserver - ok
12:19:02.0204 3488 [ 19C1612C4F5D828935D2270C7AF13E6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:19:02.0204 3488 Dnscache - ok
12:19:02.0238 3488 [ 3B11B51956C3D5C39BABF064FA30FF26 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:19:02.0238 3488 dpti2o - ok
12:19:02.0304 3488 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:19:02.0304 3488 eeCtrl - ok
12:19:02.0354 3488 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:19:02.0354 3488 EraserUtilRebootDrv - ok
12:19:02.0371 3488 [ B063A36E4E027A9DBE2B019EBBBEAE86 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:19:02.0371 3488 ERSvc - ok
12:19:02.0438 3488 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] Eventlog C:\WINDOWS\system32\services.exe
12:19:02.0438 3488 Eventlog - ok
12:19:02.0487 3488 [ CDEF30A1DCFFCAF6A4E8B7812AE79C95 ] EventSystem C:\WINDOWS\system32\es.dll
12:19:02.0487 3488 EventSystem - ok
12:19:02.0504 3488 [ 7C713B9F6F968F135D3D819492882CDD ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:19:02.0504 3488 Fastfat - ok
12:19:02.0621 3488 [ EE07F2A9423199FF95BFDD33BACF066C ] Fax C:\WINDOWS\system32\fxssvc.exe
12:19:02.0621 3488 Fax - ok
12:19:02.0637 3488 [ 7E35D423FF10AB5B8AF1D3DE86236690 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:19:02.0637 3488 Fdc - ok
12:19:02.0654 3488 [ 73EA9000F8FB2E060954EB7C3377A3C7 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:19:02.0654 3488 Fips - ok
12:19:02.0721 3488 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:19:02.0870 3488 FLEXnet Licensing Service - ok
12:19:02.0887 3488 [ 8AC77974378EAC3548330951A5DEEEBF ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:19:02.0887 3488 Flpydisk - ok
12:19:02.0904 3488 [ 087DB260F98056AC40261ACAE4240882 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:19:02.0920 3488 FltMgr - ok
12:19:03.0004 3488 [ 8A4DCD28D2BE12946F6D5D308B0942A6 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
12:19:03.0020 3488 FontCache3.0.0.0 - ok
12:19:03.0054 3488 [ 70DF80567A55A97894B4E8952EC5E7FC ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:19:03.0054 3488 Fs_Rec - ok
12:19:03.0087 3488 [ E90AA7C073519DD8571670818CB85CCB ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:19:03.0170 3488 Ftdisk - ok
12:19:03.0303 3488 [ 0B53F4306E17025E7685D18C3A77127E ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
12:19:03.0303 3488 GoToMyPC - ok
12:19:03.0337 3488 [ 865D4D0B4E3730EF8040000CFB846D9F ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:19:03.0337 3488 Gpc - ok
12:19:03.0387 3488 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca58d97543f0d4 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:19:03.0387 3488 gupdate1ca58d97543f0d4 - ok
12:19:03.0403 3488 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:19:03.0403 3488 gupdatem - ok
12:19:03.0437 3488 [ D36E47728CDBC8D17A77D36A6CBC29BB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:19:03.0437 3488 HDAudBus - ok
12:19:03.0503 3488 [ 40E274B64843813A81C42687592339D7 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:19:03.0503 3488 helpsvc - ok
12:19:03.0537 3488 [ DDD74D94D018BCB66CA31E4533925695 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
12:19:03.0553 3488 HidBatt - ok
12:19:03.0553 3488 HidServ - ok
12:19:03.0553 3488 [ F32BEC5614A61BBB2BEDE070D279F88B ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:19:03.0553 3488 hidusb - ok
12:19:03.0720 3488 [ B54738DF11D0E06072BF9C332DB1D254 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:19:03.0720 3488 HTTP - ok
12:19:03.0770 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] HTTPFilter C:\WINDOWS\System32\lsass.exe
12:19:03.0770 3488 HTTPFilter - ok
12:19:03.0770 3488 i2omgmt - ok
12:19:03.0853 3488 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:19:03.0853 3488 IAANTMON - ok
12:19:03.0853 3488 IASJet - ok
12:19:03.0920 3488 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:19:03.0920 3488 iaStor - ok
12:19:04.0219 3488 [ 501CF65702D7F64C38DB360F7EB07ADC ] idsvc C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:19:05.0185 3488 idsvc - ok
12:19:05.0218 3488 [ 766E9360FDC47AF63804EEB99541EF32 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
12:19:05.0235 3488 iirsp - ok
12:19:05.0252 3488 [ D2E541613B72FF9FCEDF37B166930706 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:19:05.0252 3488 imapi - ok
12:19:05.0335 3488 [ 9014C144CD95EEE1F5884664A4BFB4D8 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:19:05.0335 3488 ImapiService - ok
12:19:05.0352 3488 [ 06B7ACD0E67BDA504DFD0340663F9B78 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:19:05.0352 3488 IntelIde - ok
12:19:05.0402 3488 [ F8DEF5F83DEF3D1EE89BC851BFB6A886 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:19:05.0402 3488 intelppm - ok
12:19:05.0435 3488 [ 6601A43EE389D0ADB11AAEDE9A98036B ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:19:05.0435 3488 Ip6Fw - ok
12:19:05.0485 3488 [ 1B1B4654A5492A42D2E1BF5B2B22D32B ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:19:05.0485 3488 IpFilterDriver - ok
12:19:05.0485 3488 IpInIp - ok
12:19:05.0518 3488 [ 088ECB04137DF1F52EC10C29D57A8CCA ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:19:05.0518 3488 IpNat - ok
12:19:05.0518 3488 [ DB841EC6F027C780002EF47AABFDDF86 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:19:05.0518 3488 IPSec - ok
12:19:05.0552 3488 [ 8B7015EA0171242CCA03C2FB48CCC771 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:19:05.0568 3488 IRENUM - ok
12:19:05.0568 3488 [ D994162E4D8E931FC16A892A87852BBB ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:19:05.0585 3488 isapnp - ok
12:19:05.0685 3488 [ A38441ED570F190CC041A7BE49488FA7 ] JavaQuickStarterService C:\Program Files (x86)\Java\jre6\bin\jqs.exe
12:19:05.0685 3488 JavaQuickStarterService - ok
12:19:05.0685 3488 [ E85095372008A9194C7ED6206CB782DA ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:19:05.0701 3488 Kbdclass - ok
12:19:05.0718 3488 [ F96D8CEC38EFD64AAF41976D214FC54E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:19:05.0718 3488 kbdhid - ok
12:19:05.0735 3488 [ 1B280B3B4C10CC2E3EC3AEC17EB6B658 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:19:05.0735 3488 kmixer - ok
12:19:05.0768 3488 [ EDCDC587073AC4BE72C5A66FE30ACA00 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:19:05.0768 3488 KSecDD - ok
12:19:05.0785 3488 [ 5CB302B6CAACE41AF70C34B56EB3DB23 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
12:19:05.0785 3488 ksthunk - ok
12:19:05.0851 3488 [ 4D8E9A805ADD244B5C511147A5D9BB8C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:19:05.0851 3488 lanmanserver - ok
12:19:05.0901 3488 [ BF4105D3EB357652A4EA73F170715ACD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:19:05.0901 3488 lanmanworkstation - ok
12:19:06.0201 3488 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:19:06.0218 3488 LiveUpdate - ok
12:19:06.0251 3488 [ 80DB42573F8EF6CBB6A7A0FF6966A352 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:19:06.0251 3488 LmHosts - ok
12:19:06.0268 3488 [ A9BD6739FE7CE33A95B4CBAD58FF0E4B ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:19:06.0268 3488 MBAMProtector - ok
12:19:06.0367 3488 [ 12B8CC5F8369AB51D363FD1E35F97CFE ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:19:06.0367 3488 MBAMService - ok
12:19:06.0434 3488 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:19:06.0451 3488 MDM - ok
12:19:06.0534 3488 [ 85EF2BD8CBBD5E3C17464F4EB62A00C9 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
12:19:06.0534 3488 MemeoBackgroundService - ok
12:19:06.0551 3488 [ 34EF8CBEA95EF5108A1349FC22D87513 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:19:06.0567 3488 Messenger - ok
12:19:06.0584 3488 [ AD6BC1EFA0C1B53409947F06DE87FC89 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:19:06.0584 3488 mnmdd - ok
12:19:06.0601 3488 mnmsrvc - ok
12:19:06.0634 3488 [ 9A67A96A0CBC2BC658ABF8C9B5EE065A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:19:06.0634 3488 Modem - ok
12:19:06.0651 3488 [ 12ACF32EDF03E46805347817ACB9F64C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:19:06.0651 3488 Mouclass - ok
12:19:06.0667 3488 [ A0C4E4A79C5D6F418315C33177F2B5BC ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:19:06.0684 3488 mouhid - ok
12:19:06.0701 3488 [ 7E9CC7E4282A8E7A480560A6F817C177 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:19:06.0701 3488 MountMgr - ok
12:19:06.0734 3488 [ E2539EFC597E2BEA7037BB42A67EB717 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:19:06.0734 3488 mraid35x - ok
12:19:06.0750 3488 [ 3D33208E5A7414D8633D34D24F119173 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:19:06.0750 3488 MRxDAV - ok
12:19:06.0900 3488 [ 9385E695B33068B90CF419186ECAA3DE ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:19:06.0900 3488 MRxSmb - ok
12:19:06.0934 3488 [ D42976785BA169C2361F97CC6A20681F ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:19:06.0934 3488 MSDTC - ok
12:19:07.0084 3488 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
12:19:07.0084 3488 MsDtsServer100 - ok
12:19:07.0133 3488 [ 983F4AB7A50D56CD33E2061EE733BD55 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:19:07.0133 3488 Msfs - ok
12:19:07.0133 3488 MSIServer - ok
12:19:07.0250 3488 [ 308EC6FBEF38871CB2C4CACE9C8F4808 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:19:07.0250 3488 MSKSSRV - ok
12:19:07.0300 3488 [ 8D3226738479719AAB3B6D2617D7A55C ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:19:07.0300 3488 MSPCLOCK - ok
12:19:07.0350 3488 [ 058D63E8D000AE678D4549BFA8EB0DEB ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:19:07.0350 3488 MSPQM - ok
12:19:07.0367 3488 [ 5992D1F9ED64017A76AFEE2B79F5CFB9 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:19:07.0367 3488 mssmbios - ok
12:19:07.0400 3488 [ 5902C8E565FE346076786F43103EF02E ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:19:07.0400 3488 Mup - ok
12:19:07.0516 3488 [ 8043D41F881D6ACE40B854AD6E32217F ] NAVENG C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\ENG64.SYS
12:19:07.0516 3488 NAVENG - ok
12:19:07.0916 3488 [ 9A9AB2FC45D701DAED465D14980F1305 ] NAVEX15 C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\EX64.SYS
12:19:07.0916 3488 NAVEX15 - ok
12:19:07.0966 3488 [ 6FE83D05AEBEF7930D7CE91568DC99DF ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:19:08.0099 3488 NDIS - ok
12:19:08.0099 3488 [ 389CFAB53AA9807EA4536CB0B03609C3 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:19:08.0099 3488 NdisTapi - ok
12:19:08.0116 3488 [ 49C1207C1AE8C6958F1C1747132814C2 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:19:08.0116 3488 Ndisuio - ok
12:19:08.0133 3488 [ 6157A7AEAE6D2B948FF2E872FFAC765B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:19:08.0133 3488 NdisWan - ok
12:19:08.0149 3488 [ 01B8ACF7C9AFA9005DB6378077137BCE ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:19:08.0149 3488 NDProxy - ok
12:19:08.0183 3488 [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:19:08.0183 3488 Net Driver HPZ12 - ok
12:19:08.0183 3488 [ B1CEE06471A069149B11FADA23FF00FD ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:19:08.0183 3488 NetBIOS - ok
12:19:08.0199 3488 [ FEDAAFB6CD700B9E0787C94D81C07DB5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:19:08.0199 3488 NetBT - ok
12:19:08.0266 3488 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:19:08.0449 3488 NetDDE - ok
12:19:08.0482 3488 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:19:08.0482 3488 NetDDEdsdm - ok
12:19:08.0549 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] Netlogon C:\WINDOWS\system32\lsass.exe
12:19:08.0549 3488 Netlogon - ok
12:19:08.0599 3488 [ F28FD9DBA68A85D6EE4225A83F127D2B ] Netman C:\WINDOWS\System32\netman.dll
12:19:08.0599 3488 Netman - ok
12:19:08.0665 3488 [ 8BC776595238AB62072AA6BEB17DDF59 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:19:08.0715 3488 NetTcpPortSharing - ok
12:19:08.0765 3488 [ DAFC30299E872CD7ED3795EA0FA08F67 ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:19:08.0782 3488 NIC1394 - ok
12:19:08.0832 3488 [ BA13C3C32A69DC37653C9543E065950E ] Nla C:\WINDOWS\System32\mswsock.dll
12:19:08.0832 3488 Nla - ok
12:19:08.0832 3488 [ 81819038621A2C524781EC503D400287 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:19:08.0832 3488 Npfs - ok
12:19:08.0932 3488 [ C8904B5F90AB2236692E83D491C4D426 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:19:09.0182 3488 Ntfs - ok
12:19:09.0182 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:19:09.0198 3488 NtLmSsp - ok
12:19:09.0365 3488 [ A398462077F68A41B4DFF9FB7E8FC7B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:19:09.0631 3488 NtmsSvc - ok
12:19:09.0681 3488 [ 501039187C444FA7AB9D97B6A6C667B3 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:19:09.0681 3488 Null - ok
12:19:10.0281 3488 [ AB475D5ED13C0962F57C7AC72DCDE3F0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:19:10.0314 3488 nv - ok
12:19:10.0647 3488 [ 95FF7E4B9AFE5EB9426D02BF9B44A539 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
12:19:10.0664 3488 NVIDIA Performance Driver Service - ok
12:19:10.0680 3488 [ B11B93ED449F01A5C46DE7FDCD228387 ] NVSvc C:\WINDOWS\system32\nvsvc64.exe
12:19:10.0680 3488 NVSvc - ok
12:19:10.0714 3488 [ C3E47D8E74F05C9691B4A0BC37EFC663 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
12:19:10.0780 3488 nv_agp - ok
12:19:10.0914 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:19:11.0063 3488 odserv - ok
12:19:11.0063 3488 [ F8160AC8AE516A33221427C2353A7D12 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:19:11.0080 3488 ohci1394 - ok
12:19:11.0097 3488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:19:11.0247 3488 ose - ok
12:19:11.0280 3488 [ 7DDAA09186DA9F1D304E819B5A6BBC5A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:19:11.0280 3488 Parport - ok
12:19:11.0313 3488 [ 5F9A703240468A0C35A629D17FFCA847 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:19:11.0313 3488 PartMgr - ok
12:19:11.0330 3488 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV64.sys
12:19:11.0363 3488 PBADRV - ok
12:19:11.0363 3488 [ 5B2C8D6971D8DF4937C2FA013CD4C00D ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:19:11.0396 3488 PCI - ok
12:19:11.0413 3488 [ F1978C7849A0047306DB3B8BB94F0764 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:19:11.0413 3488 PCIIde - ok
12:19:11.0430 3488 [ 037F3A19F49A4C6A320C4154EBD6EE9D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:19:11.0530 3488 Pcmcia - ok
12:19:11.0530 3488 PDCOMP - ok
12:19:11.0530 3488 PDFRAME - ok
12:19:11.0530 3488 PDRELI - ok
12:19:11.0530 3488 PDRFRAME - ok
12:19:11.0563 3488 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] PlugPlay C:\WINDOWS\system32\services.exe
12:19:11.0563 3488 PlugPlay - ok
12:19:11.0580 3488 [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:19:11.0580 3488 Pml Driver HPZ12 - ok
12:19:11.0613 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:19:11.0613 3488 PolicyAgent - ok
12:19:11.0630 3488 [ E176F640EE6BF550F61FAA9CE9A683F4 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:19:11.0630 3488 PptpMiniport - ok
12:19:11.0630 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:19:11.0630 3488 ProtectedStorage - ok
12:19:11.0630 3488 [ 01AAE06E543C0956AC247546A8F2DAFE ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:19:11.0646 3488 PSched - ok
12:19:11.0646 3488 [ 35E39A969D227C2A56C1DC98361D8E35 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:19:11.0646 3488 Ptilink - ok
12:19:11.0663 3488 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
12:19:11.0663 3488 PxHlpa64 - ok
12:19:11.0680 3488 [ D646A315E6386DAC1D96C8CE8A4BFEE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:19:11.0680 3488 RasAcd - ok
12:19:11.0729 3488 [ 3F573D0C001B982C3180860366783BC0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:19:11.0729 3488 RasAuto - ok
12:19:11.0763 3488 [ D81FDC53EE9C0F68D709E504342D1D74 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:19:11.0763 3488 Rasl2tp - ok
12:19:11.0846 3488 [ 47F7838F77A42F85C763899AB1B77D14 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:19:11.0846 3488 RasMan - ok
12:19:11.0846 3488 [ 31FA5AB662C58CC5CF92396224F6B29A ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:19:11.0846 3488 RasPppoe - ok
12:19:11.0846 3488 [ 701493F9A6EDE759AF8D3FA7C08BAB3B ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:19:11.0846 3488 Raspti - ok
12:19:11.0913 3488 [ F1C8347F0E437E145B2E30A6F29E45BD ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:19:11.0913 3488 Rdbss - ok
12:19:11.0929 3488 [ C013379D04060318C3B2E4967D82739A ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:19:11.0929 3488 RDPCDD - ok
12:19:11.0929 3488 [ 0482A9BE0BE2098A12A61464306BF24B ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:19:11.0929 3488 rdpdr - ok
12:19:11.0979 3488 [ 7B586DB3E86E407F6A43E83586AF4F32 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:19:11.0979 3488 RDPWD - ok
12:19:12.0096 3488 [ A72BE0B07655141AB4EABECF0D66528A ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:19:12.0179 3488 RDSessMgr - ok
12:19:12.0196 3488 [ 1D793394201000D2D56E848C18FE9A62 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:19:12.0196 3488 redbook - ok
12:19:12.0229 3488 [ 60C8A5D4954CCE7D280369DFF5068019 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:19:12.0246 3488 RemoteAccess - ok
12:19:12.0279 3488 [ B2D55CE8C7C946C625B687F75040AD3F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:19:12.0279 3488 RemoteRegistry - ok
12:19:12.0329 3488 [ 809785CF7BE1B857F3B52D9B1AF10817 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:19:12.0329 3488 RpcLocator - ok
12:19:12.0412 3488 [ A6130365606F3D6332B014FC3DA931AA ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:19:12.0412 3488 RpcSs - ok
12:19:12.0412 3488 [ 1A782D5CA033F553F0BE54546EBF3B4F ] SamSs C:\WINDOWS\system32\lsass.exe
12:19:12.0412 3488 SamSs - ok
12:19:12.0446 3488 [ A2069FFA2A6FEBB3818F180373C84A89 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:19:12.0446 3488 SCardSvr - ok
12:19:12.0512 3488 [ 71CD398385835C08613C65E5BF91E7FA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:19:12.0512 3488 Schedule - ok
12:19:12.0579 3488 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:19:12.0579 3488 Secdrv - ok
12:19:12.0595 3488 [ B4E054549321372D995E4DB9A5304E77 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:19:12.0595 3488 seclogon - ok
12:19:12.0779 3488 [ C7E916ACA04D95F663B367C715792C6A ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
12:19:12.0978 3488 SecureStorageService - ok
12:19:13.0012 3488 [ 222C0A6C354D6A90700956C60574A09A ] SENS C:\WINDOWS\system32\sens.dll
12:19:13.0012 3488 SENS - ok
12:19:13.0012 3488 [ 111B29F3FCF9FB61C903A01E3706F7DC ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:19:13.0012 3488 serenum - ok
12:19:13.0012 3488 [ C0DC97399576FCCFF5FE877EC2D8DACC ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:19:13.0012 3488 Serial - ok
12:19:13.0028 3488 [ 9D7D0A39CA2A525F61D513A65CDD875E ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
12:19:13.0045 3488 SFAUDIO - ok
12:19:13.0045 3488 [ C6EACC8920A31B8D5842D1F7A28E2113 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:19:13.0045 3488 Sfloppy - ok
12:19:13.0145 3488 [ D71A8153D3CF0ED527F6BA1F087FAA22 ] SharedAccess C:\WINDOWS\system32\ipnathlp.dll
12:19:13.0145 3488 SharedAccess - ok
12:19:13.0178 3488 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:19:13.0178 3488 ShellHWDetection - ok
12:19:13.0178 3488 Simbad - ok
12:19:13.0461 3488 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:19:13.0461 3488 Skype C2C Service - ok
12:19:13.0528 3488 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:19:13.0528 3488 SkypeUpdate - ok
12:19:13.0794 3488 [ 26EB194D1FB2870E0453A99B84889F8D ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:19:13.0811 3488 SmcService - ok
12:19:13.0894 3488 [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:19:13.0978 3488 SNAC - ok
12:19:14.0027 3488 [ 17EC29105989101DB536C49E1279A0EB ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:19:14.0027 3488 splitter - ok
12:19:14.0077 3488 [ 206FD327B4AAD3AEAA8E0D7D03F2044A ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:19:14.0077 3488 Spooler - ok
12:19:14.0077 3488 [ DAE1D5553D42A06034001D6EF4F5CB36 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:19:14.0077 3488 sr - ok
12:19:14.0111 3488 [ 7B6DA719973755BD091131E53AD6EC23 ] srservice C:\WINDOWS\system32\srsvc.dll
12:19:14.0111 3488 srservice - ok
12:19:14.0177 3488 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP64.SYS
12:19:14.0177 3488 SRTSP - ok
12:19:14.0327 3488 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL64.SYS
12:19:14.0427 3488 SRTSPL - ok
12:19:14.0460 3488 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX64.SYS
12:19:14.0460 3488 SRTSPX - ok
12:19:14.0560 3488 [ 2A08328562D0BA596B699EEB90B511D1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:19:14.0560 3488 Srv - ok
12:19:14.0577 3488 [ 94AD81C8EE2385EDDB08C7E34FEDB7A8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:19:14.0594 3488 SSDPSRV - ok
12:19:14.0660 3488 [ F6D4F452DB507820F726525A1425F0CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:19:14.0660 3488 stisvc - ok
12:19:14.0877 3488 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:19:14.0877 3488 stllssvr - ok
12:19:14.0893 3488 [ B6536185FEEB8F0C86AD3BF2FBAB4F2F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:19:14.0893 3488 swenum - ok
12:19:14.0893 3488 [ 8E9E35B36A27AD154A5F92397CDE343C ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:19:14.0893 3488 swmidi - ok
12:19:15.0060 3488 [ 2E54746998139CB708B83974F1AC09F3 ] swprv C:\WINDOWS\System32\swprv.dll
12:19:15.0193 3488 swprv - ok
12:19:15.0343 3488 [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:19:15.0343 3488 Symantec AntiVirus - ok
12:19:15.0376 3488 [ 02363A8690BA2DB405B9EC6A598A8D89 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:19:15.0376 3488 symc8xx - ok
12:19:15.0410 3488 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
12:19:15.0410 3488 SymEvent - ok
12:19:15.0443 3488 [ D3B52787F40DDB43ACAFA01583B079FE ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:19:15.0443 3488 symmpi - ok
12:19:15.0443 3488 [ 1F8245798DE985A00EA7E2D40FA9876E ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:19:15.0443 3488 sym_hi - ok
12:19:15.0443 3488 [ 954C7C1C9A1400AE68DF10D730A6A31D ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:19:15.0443 3488 sym_u3 - ok
12:19:15.0493 3488 [ 2E843F129DAF4C789DF7ACD40E26208F ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:19:15.0493 3488 sysaudio - ok
12:19:15.0526 3488 [ D3FFFEA8C94BA3C1CEAC9694AC390472 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:19:15.0526 3488 SysmonLog - ok
12:19:15.0609 3488 [ FAFEFC85FC929B81571BFF315C93E299 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:19:15.0626 3488 TapiSrv - ok
12:19:15.0693 3488 [ 34D970B38E9E835009E1AD07C5422B58 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:19:15.0693 3488 Tcpip - ok
12:19:15.0942 3488 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:19:15.0942 3488 tcsd_win32.exe - ok
12:19:16.0242 3488 [ 5A54D918A99299F3B33FBBA900C85590 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
12:19:16.0259 3488 TdmService - ok
12:19:16.0325 3488 [ DA1E9CD22238FA4DB565EF41C7312E1B ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:19:16.0325 3488 TDPIPE - ok
12:19:16.0442 3488 [ 47D24EBB1C442DCC18D89B8B89BAFB49 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:19:16.0442 3488 TDTCP - ok
12:19:16.0492 3488 [ 8AB9AD44907D4C57AD10E175C8720ECF ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:19:16.0492 3488 TermDD - ok
12:19:16.0609 3488 [ F4849A4962779132B02CA4BBF696F434 ] TermService C:\WINDOWS\System32\termsrv.dll
12:19:16.0609 3488 TermService - ok
12:19:16.0659 3488 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] Themes C:\WINDOWS\System32\shsvcs.dll
12:19:16.0659 3488 Themes - ok
12:19:16.0725 3488 [ 0FDF294D30CA53391485132854151B26 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:19:16.0725 3488 TlntSvr - ok
12:19:16.0758 3488 [ E732F06DA26A6ED57AC63A68DE246F6B ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:19:16.0758 3488 TosIde - ok
12:19:16.0842 3488 [ 483FFCD8E5080198D87EEED44246E6A9 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:19:16.0842 3488 TrkWks - ok
12:19:16.0875 3488 [ A6DD2DFCC44EC61D18AA645620CD8F63 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:19:16.0875 3488 Udfs - ok
12:19:16.0875 3488 [ DE3C294E44468BE08A27C089F4B9B5AA ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
12:19:16.0892 3488 uliagpkx - ok
12:19:16.0892 3488 [ 3C1D799058E89CFF843B10E2A0929C38 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:19:16.0908 3488 ultra - ok
12:19:16.0942 3488 [ 1446762923434D2A9C315325CF4770C8 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:19:16.0942 3488 Update - ok
12:19:18.0457 3488 [ 78C605CB6E0CE966D3347FF7CAF3F8AC ] upnphost C:\WINDOWS\System32\upnphost.dll
12:19:18.0457 3488 upnphost - ok
12:19:18.0557 3488 [ 3EC1501AA03CECD66ED093428FBC8B0E ] UPS C:\WINDOWS\System32\ups.exe
12:19:18.0557 3488 UPS - ok
12:19:18.0590 3488 [ 3421B0691A0E365A020836369A296F0C ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:19:18.0590 3488 usbccgp - ok
12:19:18.0623 3488 [ AE6521A1C79FC955FF26BE9CA5521B51 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:19:18.0623 3488 usbehci - ok
12:19:18.0657 3488 [ D63CB1B59D54F9C2BB8A4107584A664F ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:19:18.0657 3488 usbhub - ok
12:19:18.0707 3488 [ EDCE8A162E8023FD1751E08E23E41948 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:19:18.0707 3488 USBSTOR - ok
12:19:18.0707 3488 [ 4B7B4A2CC997C482A0AA7CA663AF62A0 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:19:18.0707 3488 usbuhci - ok
12:19:18.0923 3488 [ B1E327AEA4ECF42DDF7C579B0FB0DE4C ] vds C:\WINDOWS\System32\vds.exe
12:19:19.0156 3488 vds - ok
12:19:19.0223 3488 [ B40CFD2FFDD838B0CE0C35EE449407BD ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
12:19:19.0223 3488 vga - ok
12:19:19.0256 3488 [ 78EBFE6F11F10DB8237B910E9158CA91 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:19:19.0256 3488 VgaSave - ok
12:19:19.0306 3488 [ AF90283616C8138CF610214983772A7A ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:19:19.0306 3488 ViaIde - ok
12:19:19.0373 3488 [ FD6D28D1BBF31C719D9C5EC2D20FB5C2 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
12:19:19.0423 3488 VolSnap - ok
12:19:19.0589 3488 [ 0A05DE966B412D6289632AC05FC6ADA2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:19:19.0889 3488 VSS - ok
12:19:19.0972 3488 [ 6FE371026674BAF189F7A81746A67C87 ] W32Time C:\WINDOWS\system32\w32time.dll
12:19:19.0972 3488 W32Time - ok
12:19:20.0006 3488 [ D2A01D73FE4A455C1D741B48C56763B2 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:19:20.0006 3488 Wanarp - ok
12:19:20.0022 3488 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam64.sys
12:19:20.0022 3488 WDC_SAM - ok
12:19:20.0022 3488 WDICA - ok
12:19:20.0056 3488 [ DAFF7E89C84079022B9606F83E1BD29A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:19:20.0056 3488 wdmaud - ok
12:19:20.0072 3488 [ FE8590FA0367A29BC7ED7BFC4962AD1C ] WebClient C:\WINDOWS\System32\webclnt.dll
12:19:20.0072 3488 WebClient - ok
12:19:20.0072 3488 WinHttpAutoProxySvc - ok
12:19:20.0205 3488 [ 881271D649E778690A365D73B8958509 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:19:20.0205 3488 winmgmt - ok
12:19:20.0272 3488 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\SysWOW64\mspmsnsv.dll
12:19:20.0272 3488 WmdmPmSN - ok
12:19:20.0355 3488 [ B51966DB20D5C700228DFE222FDF9E67 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:19:20.0355 3488 Wmi - ok
12:19:20.0405 3488 [ EA6A8317C29120EDE0E422286712D769 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:19:20.0405 3488 WmiAcpi - ok
12:19:20.0472 3488 [ 56980BE8B5A6861B5D9175EABA8AC7DC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:19:20.0522 3488 WmiApSrv - ok
12:19:20.0788 3488 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
12:19:20.0921 3488 WMPNetworkSvc - ok
12:19:20.0955 3488 [ 82960CE97C1898C28D7AE62BA6721D27 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:19:20.0955 3488 wscsvc - ok
12:19:20.0971 3488 WSearch - ok
12:19:21.0021 3488 [ EF7576AF44B484F7A3E6072D633BAB34 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:19:21.0055 3488 wuauserv - ok
12:19:21.0105 3488 [ 3F98A4E57933963CF2A941BB48F9D47A ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:19:21.0105 3488 WudfPf - ok
12:19:21.0155 3488 [ 881C0C35CDD09077B0E95EC2269CB44C ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:19:21.0155 3488 WudfRd - ok
12:19:21.0188 3488 [ 9DCF6C499773B709DE8F70CD5013CB38 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:19:21.0205 3488 WudfSvc - ok
12:19:21.0288 3488 [ F4EC5C736BBA9A27F9C36412C930B386 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:19:21.0288 3488 WZCSVC - ok
12:19:21.0338 3488 [ A1ABA5A0B4F1FF9B83C50F92F8C080A2 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:19:21.0338 3488 xmlprov - ok
12:19:21.0338 3488 ================ Scan global ===============================
12:19:21.0421 3488 [ 2AE60E46216266CDC9E20886E4CE3281 ] C:\WINDOWS\system32\basesrv.dll
12:19:21.0454 3488 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
12:19:21.0504 3488 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
12:19:21.0521 3488 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] C:\WINDOWS\system32\services.exe
12:19:21.0521 3488 [Global] - ok
12:19:21.0521 3488 ================ Scan MBR ==================================
12:19:21.0538 3488 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:19:22.0853 3488 \Device\Harddisk0\DR0 - ok
12:19:22.0853 3488 ================ Scan VBR ==================================
12:19:22.0853 3488 [ E649F0F13E6228E5F9B4B3B4CDAD171C ] \Device\Harddisk0\DR0\Partition1
12:19:22.0853 3488 \Device\Harddisk0\DR0\Partition1 - ok
12:19:22.0853 3488 ============================================================
12:19:22.0853 3488 Scan finished
12:19:22.0853 3488 ============================================================
12:19:22.0870 4912 Detected object count: 0
12:19:22.0870 4912 Actual detected object count: 0
12:20:08.0530 1744 Deinitialize success


4) I will make another post with the aswMBR.exe results.

5) I cannot run DDS.EXE as the computer is running XP 64-bit and the executeable does not support that OS.

Nick

#10 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 20 August 2012 - 11:45 AM

Here is the text file from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:37:19
-----------------------------
12:37:19.944 OS Version: Windows x64 5.2.3790 Service Pack 2
12:37:19.944 Number of processors: 4 586 0x1A05
12:37:19.944 ComputerName: PC-041 UserName:
12:37:57.800 Initialize success
12:38:27.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:38:27.390 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
12:38:27.421 Disk 0 MBR read successfully
12:38:27.421 Disk 0 MBR scan
12:38:27.421 Disk 0 Windows VISTA default MBR code
12:38:27.437 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
12:38:27.437 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 953788 MB offset 144585
12:38:27.546 Disk 0 scanning C:\WINDOWS\system32\drivers
12:38:37.831 Service scanning
12:38:52.790 Modules scanning
12:38:52.790 Disk 0 trace - called modules:
12:38:52.821 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:38:52.821 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadd11367770]
12:38:52.821 3 CLASSPNP.SYS[fffffadcf21108c9] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffadd115f8050]
12:38:52.852 Scan finished successfully
12:39:20.207 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JLaFleur\Desktop\MBR.dat"
12:39:20.269 The log file has been saved successfully to "C:\Documents and Settings\JLaFleur\Desktop\aswMBR_2012-08-20a.txt"


attached is the zip file for MBR.DAT: Attached File  MBR.zip   557bytes   0 downloads


** One other item of note.... The computer that is/was infected has a mirrored set of hard drives. **






#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 20 August 2012 - 01:05 PM

Looking good.

Let see if you can get a log from this scan.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#12 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 20 August 2012 - 01:53 PM

(Drives G: and higher are networked drive mappings)

Here is the OTL log:



OTL logfile created on: 8/20/2012 2:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\JLaFleur\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

30.00 Gb Total Physical Memory | 28.11 Gb Available Physical Memory | 93.70% Memory free
31.13 Gb Paging File | 29.87 Gb Available in Paging File | 95.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.43 Gb Total Space | 37.86 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
Drive G: | 1500.00 Gb Total Space | 839.10 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive H: | 1500.00 Gb Total Space | 839.10 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive P: | 2048.00 Gb Total Space | 725.39 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive R: | 105.99 Gb Total Space | 51.10 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive S: | 836.62 Gb Total Space | 219.69 Gb Free Space | 26.26% Space Free | Partition Type: NTFS
Drive U: | 557.75 Gb Total Space | 128.81 Gb Free Space | 23.09% Space Free | Partition Type: NTFS

Computer Name: PC-041 | User Name: JLaFleur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JLaFleur\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.UI.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.DriveDetection.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackupPro\sqlite3.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (GoToMyPC) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe (Memeo)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsi Software GmbH)
DRV - (NAVEX15) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20120819.007\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20120819.007\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\SysWOW64\Drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\SysWOW64\Drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\SysWOW64\Drivers\srtspx64.sys (Symantec Corporation)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JLaFleur\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JLaFleur\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found


[2009/12/18 12:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Extensions
[2012/05/24 13:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\extensions
[2010/07/19 09:43:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/12 11:19:28 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/20 20:17:56 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\extensions\delicious@vjkarunapg.com
[2012/05/24 13:58:32 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\extensions\LogMeInClient@logmein.com
[2012/08/13 12:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/07 15:46:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (UltraEdit Toolbar) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\Program Files (x86)\ue_toolbar\ue_toolbar.dll (IDM Computer Solutions, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (UltraEdit Toolbar) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\Program Files (x86)\ue_toolbar\ue_toolbar.dll (IDM Computer Solutions, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (UltraEdit Toolbar) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\Program Files (x86)\ue_toolbar\ue_toolbar.dll (IDM Computer Solutions, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (UltraEdit Toolbar) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\Program Files (x86)\ue_toolbar\ue_toolbar.dll (IDM Computer Solutions, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\JLaFleur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254424999706 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = propublica.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23B66B35-F67C-49B9-909A-DA950E82CCC7}: NameServer = 10.55.23.10,10.55.23.11
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files (x86)\Citrix\GoToMyPC\G2WinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToMyPC\g2winlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\JLaFleur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JLaFleur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O30:64bit: - LSA: Authentication Packages - (wvauth) - File not found
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 22:48:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7eff6104-eb33-11de-9580-0023aeababd9}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{c2c8a59e-c28f-11e0-8f6a-0023aeababd9}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c8a59e-c28f-11e0-8f6a-0023aeababd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2c8a59e-c28f-11e0-8f6a-0023aeababd9}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 14:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\Desktop\Virus Removal Utilities for Desktop
[2012/08/20 14:26:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JLaFleur\Desktop\OTL.exe
[2012/08/20 12:00:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/13 13:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/13 13:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/08/13 13:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\My Documents\Anti-Malware
[2012/08/13 08:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\Application Data\SPE
[2012/08/10 14:47:58 | 005,678,424 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\JLaFleur\Desktop\Sep_SupportTool.exe
[2012/08/07 15:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/08/07 15:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/07 15:39:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/06 16:41:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/08/06 15:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/08/06 14:37:01 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\JLaFleur\Desktop\NPE.exe
[2012/08/06 14:01:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JLaFleur\Recent
[2012/08/06 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\Local Settings\Application Data\NPE
[2012/08/06 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/08/06 12:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\Application Data\Malwarebytes
[2012/08/06 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/06 12:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 12:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JLaFleur\Start Menu\Programs\File Recovery
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 14:25:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JLaFleur\Desktop\OTL.exe
[2012/08/20 14:13:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2678597519-4143173400-1052546772-1221UA.job
[2012/08/20 13:48:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2678597519-4143173400-1052546772-500UA.job
[2012/08/20 13:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 13:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/20 12:12:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 12:07:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 15:48:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2678597519-4143173400-1052546772-500Core.job
[2012/08/19 15:13:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2678597519-4143173400-1052546772-1221Core.job
[2012/08/16 09:32:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\JLaFleur\defogger_reenable
[2012/08/15 00:46:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2012/08/15 00:46:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 00:46:02 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2012/08/14 15:41:18 | 000,000,213 | ---- | M] () -- C:\boot.ini
[2012/08/14 15:04:57 | 000,002,582 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/14 14:51:45 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Application Data\SMRBackup250.dat
[2012/08/13 13:27:14 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/13 09:47:40 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Desktop\Microsoft Office Outlook 2007 (2).lnk
[2012/08/13 08:49:08 | 000,480,736 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Desktop\PC-041__2012_08_13__08_29_01_PE.sdbz
[2012/08/07 19:22:54 | 000,588,437 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Desktop\LOSTSTORIES.pdf
[2012/08/07 12:08:17 | 005,678,424 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\JLaFleur\Desktop\Sep_SupportTool.exe
[2012/08/07 09:44:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d8caps.dat
[2012/08/06 12:34:14 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\JLaFleur\Desktop\NPE.exe
[2012/08/06 12:12:44 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 12:05:13 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/06 12:05:13 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Desktop\File_Recovery.lnk
[2012/08/06 12:05:13 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fqhYgSxE7ghjK9
[2012/08/06 12:05:13 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-fqhYgSxE7ghjK9r
[2012/08/06 12:05:13 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-fqhYgSxE7ghjK9
[2012/07/31 14:26:35 | 023,865,793 | ---- | M] () -- C:\Documents and Settings\JLaFleur\Desktop\35037883.pdf
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 09:32:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JLaFleur\defogger_reenable
[2012/08/14 14:51:45 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Application Data\SMRBackup250.dat
[2012/08/13 13:27:14 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/13 08:49:07 | 000,480,736 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Desktop\PC-041__2012_08_13__08_29_01_PE.sdbz
[2012/08/07 19:22:54 | 000,588,437 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Desktop\LOSTSTORIES.pdf
[2012/08/07 18:27:40 | 000,002,545 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Desktop\Microsoft Office Outlook 2007 (2).lnk
[2012/08/07 17:26:45 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
[2012/08/07 17:26:45 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/08/07 17:26:45 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/08/07 17:07:35 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/08/07 17:07:35 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/08/07 17:07:35 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/08/07 17:07:35 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2012/08/07 17:07:35 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/08/07 17:07:35 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/08/07 17:07:35 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/08/07 17:07:35 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual FoxPro 9.0.lnk
[2012/08/07 17:07:35 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/08/07 17:07:35 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\YouSendIt.lnk
[2012/08/07 17:07:35 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk
[2012/08/07 17:07:35 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/08/07 09:44:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d8caps.dat
[2012/08/06 12:12:44 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 12:05:13 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/06 12:05:13 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Desktop\File_Recovery.lnk
[2012/08/06 12:05:13 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-fqhYgSxE7ghjK9r
[2012/08/06 12:05:13 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-fqhYgSxE7ghjK9
[2012/08/06 12:05:05 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fqhYgSxE7ghjK9
[2012/07/31 14:26:14 | 023,865,793 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Desktop\35037883.pdf
[2012/07/09 16:24:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\JLaFleur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 17:57:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2010/09/16 10:54:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\dsp_trc.dll
[2010/06/17 16:55:30 | 000,002,872 | ---- | C] () -- C:\Documents and Settings\JLaFleur\.java.policy
[2010/06/17 16:55:30 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\JLaFleur\.thedataweb.properties
[2009/09/30 19:55:36 | 000,002,582 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2012/05/10 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2010/01/04 12:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2010/01/19 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/09/25 02:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/10/07 11:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2009/10/19 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2009/10/07 10:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/09/25 03:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/12/05 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/10/08 10:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/14 19:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\ASAP Utilities
[2009/12/08 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Broadcom
[2012/07/11 13:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Dropbox
[2010/06/04 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\ESRI
[2010/01/15 19:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Memeo
[2012/08/13 08:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\SPE
[2011/02/07 12:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\TeamViewer
[2011/03/05 15:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/08/16 19:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\UE_TOOLBAR
[2009/12/08 18:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Wave Systems Corp
[2009/12/08 18:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Windows Desktop Search
[2009/12/18 13:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\Windows Search
[2010/01/19 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JLaFleur\Application Data\YouSendIt
[2012/08/20 12:01:49 | 000,032,602 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2007/02/18 08:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\AMD64\sp2.cab:AGP440.sys
[2007/02/18 08:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 08:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\AMD64\sp2.cab:atapi.sys
[2007/02/18 08:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

< MD5 for: AUTOCHK.EXE >
[2007/02/18 08:00:00 | 000,817,664 | ---- | M] (Microsoft Corporation) MD5=2C40794C5094E7D49D8597D7B0C617FC -- C:\AMD64\AUTOCHK.EXE
[2007/02/18 08:00:00 | 000,594,944 | ---- | M] (Microsoft Corporation) MD5=39ECC326D3F5531A13A1C0F0B43A8EDD -- C:\WINDOWS\SysWOW64\autochk.exe

< MD5 for: EVENTLOG.DLL >
[2008/09/03 15:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2007/02/18 08:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007/02/18 08:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/02/11 14:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\drivers\storage\R222842\IaStor.sys
[2009/02/12 01:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/02/12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: KERNEL32.DLL >
[2009/03/21 17:38:10 | 001,513,984 | ---- | M] (Microsoft Corporation) MD5=D2D801CF976DF08355473784DA617429 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2009/03/21 17:47:30 | 001,009,664 | ---- | M] (Microsoft Corporation) MD5=E8EE6F20584D143749C8C85FBBE20CBD -- C:\WINDOWS\SysWOW64\kernel32.dll
[2007/04/18 18:25:04 | 001,504,256 | ---- | M] (Microsoft Corporation) MD5=F231BAB7C8816A0C41180796E32C1A55 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/21 10:29:34 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=7522FBD86A6494EFAB98AF49B12F525C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2011/03/03 12:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll
[2008/06/21 23:07:28 | 000,492,544 | ---- | M] (Microsoft Corporation) MD5=9A143C80CA47FC111FB565B56B2867A9 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2011/03/03 12:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll

< MD5 for: NETLOGON.DLL >
[2007/02/18 08:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/18 08:00:00 | 001,041,920 | ---- | M] (Microsoft Corporation) MD5=C8904B5F90AB2236692E83D491C4D426 -- C:\AMD64\NTFS.SYS

< MD5 for: PROQUOTA.EXE >
[2007/02/18 08:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=E915E1D41B4C5B3FB28AB8355D4B70A3 -- C:\WINDOWS\SysWOW64\proquota.exe

< MD5 for: SCECLI.DLL >
[2007/02/18 08:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< MD5 for: SFCFILES.DLL >
[2007/02/18 08:00:00 | 002,374,656 | ---- | M] (Microsoft Corporation) MD5=67BE14F048F09F0D197AC4D2459AD1EE -- C:\WINDOWS\SysWOW64\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2007/02/18 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=5918677301E62A935A837EC22BA7088C -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2010/08/18 01:26:54 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=B13858EB5C71AB1452983F321FFE4E08 -- C:\WINDOWS\$hf_mig$\KB2347290\SP2QFE\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/07/03 13:46:52 | 000,217,672 | ---- | M] () MD5=1F4A3FCF2A52D7D2D59C6CF8F7241111 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2007/02/18 08:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\SysWOW64\svchost.exe

< MD5 for: USERINIT.EXE >
[2007/02/18 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

< MD5 for: XMLPROV.DLL >
[2007/02/18 08:00:00 | 000,131,584 | ---- | M] (Microsoft Corporation) MD5=C5B83F9A09A3EBFE8A931472F6DA4E38 -- C:\WINDOWS\SysWOW64\xmlprov.dll

< End of report >




#13 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 20 August 2012 - 01:54 PM

Here is the EXTRAS log:

OTL Extras logfile created on: 8/20/2012 2:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\JLaFleur\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

30.00 Gb Total Physical Memory | 28.11 Gb Available Physical Memory | 93.70% Memory free
31.13 Gb Paging File | 29.87 Gb Available in Paging File | 95.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.43 Gb Total Space | 37.86 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
Drive G: | 1500.00 Gb Total Space | 839.10 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive H: | 1500.00 Gb Total Space | 839.10 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive P: | 2048.00 Gb Total Space | 725.39 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive R: | 105.99 Gb Total Space | 51.10 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive S: | 836.62 Gb Total Space | 219.69 Gb Free Space | 26.26% Space Free | Partition Type: NTFS
Drive U: | 557.75 Gb Total Space | 128.81 Gb Free Space | 23.09% Space Free | Partition Type: NTFS

Computer Name: PC-041 | User Name: JLaFleur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files (x86)\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files (x86)\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"C:\Program Files (x86)\SPSSInc\SPSS16\spss.exe" = C:\Program Files (x86)\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files (x86)\SPSSInc\SPSS16\spss.com" = C:\Program Files (x86)\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation)
"C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\JLaFleur\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JLaFleur\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files (x86)\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files (x86)\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"C:\Program Files (x86)\SPSSInc\SPSS16\spss.exe" = C:\Program Files (x86)\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files (x86)\SPSSInc\SPSS16\spss.com" = C:\Program Files (x86)\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service -- (Symantec Corporation)
"C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\JLaFleur\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JLaFleur\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{1AA42F30-142C-4A71-BEDD-8BC3E14399D2}" = Wave Infrastructure Installer
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{44DD19EF-2DC7-4CA4-9FEA-82D97A1907E0}" = SO64MMWrapper
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5820CB02-277A-40BD-8157-1F978834C816}" = Dell ControlPoint System Manager
"{59D3F691-179D-4E52-832C-D22B81541AC5}" = Microsoft SQL Server 2008 Setup Support Files
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7BE034E9-D414-496A-974A-6671F161F02A}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3F5A799-C818-45F7-8091-F0387EFC6C2A}" = DCP64MMWrapper
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B6425BB2-DF4F-4110-9BAA-3A7BCE1C3E0D}" = Dell Control Point 64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
"{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F5FEEB7E-F647-4D18-85BA-096750A15547}" = Microsoft SQL Server 2008 Integration Services
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA Drivers" = NVIDIA Drivers
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{03926E9B-C944-48D5-8FA8-1A094D486CFE}" = UltraSentry
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
"{3E33367C-4B87-4286-9E98-EDCF2F26CBE8}" = Monarch 9.01
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{50B905E5-2466-4A3E-894E-CD5A25D54556}" = Microsoft SQL Server 2008 Books Online (August 2008)
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5D37A52F-727E-43BB-AD47-35BE0D6196FD}" = DNRGarmin
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C73547-240E-4DA1-AB63-58146F377085}" = UltraEdit 16.00
"{76C5CB62-53D5-4F95-95DC-4ED9D8D355EB}" = Winbond TPM Device Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EAEFE1C0-EB56-8963-9EC5-A0EB5FBA358D}" = TweetDeck
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Desktop" = ArcGIS Desktop
"ASAP Utilities_is1" = ASAP Utilities
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"FileZilla Client" = FileZilla Client 3.2.8.1
"InstallShield_{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"PDF2TXT_is1" = PDF2TXT 1.2
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"TeamViewer 6" = TeamViewer 6
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ue_toolbar" = UltraEdit Toolbar
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 1:41:16 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:04:17 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:11:34 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:15:23 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:26:30 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:45:29 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:48:49 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 2:54:41 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 3:00:27 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

Error - 2/7/2012 3:07:39 PM | Computer Name = PC-041 | Source = Windows Search Service | ID = 3083
Description =

[ OSession Events ]
Error - 3/17/2010 7:26:36 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2010 5:17:17 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2936
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 11/10/2010 6:41:32 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 25471
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 1/27/2011 4:50:57 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 11171
seconds with 4740 seconds of active time. This session ended with a crash.

Error - 3/14/2011 2:11:53 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 15084
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 4/8/2011 6:04:47 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/4/2012 11:56:45 AM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3554
seconds with 480 seconds of active time. This session ended with a crash.

Error - 4/4/2012 11:57:50 AM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/15/2012 4:29:01 PM | Computer Name = PC-041 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19622
seconds with 4680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/15/2011 10:38:04 AM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 12/15/2011 10:38:04 AM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM53.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 12/15/2011 3:38:01 PM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 12/15/2011 3:38:01 PM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM7A.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 12/16/2011 10:53:29 AM | Computer Name = PC-041 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.55.23.150 on
the Network Card with network address 0023AEABABD9.

Error - 12/16/2011 10:54:12 AM | Computer Name = PC-041 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 12/16/2011 11:38:01 AM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 12/16/2011 11:38:01 AM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUMA9.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 12/16/2011 4:38:01 PM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 12/16/2011 4:38:01 PM | Computer Name = PC-041 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUME7.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .


< End of report >

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 AM

Posted 21 August 2012 - 06:54 AM

Nothing suspicious was found on the OTL log.
There are many files marked as missing. Not sure it this is being reported incorrectly being that we are dealing with XP - 64 bit.

When in REAL MODE (with RootKit option on), Symantec Power Eraser blue screens after the reboot with Stop Error 0x00000109, kdcom.dll


Lets check this kdcom.dll file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    kdcom.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#15 Nick Lanese

Nick Lanese
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City
  • Local time:04:20 AM

Posted 21 August 2012 - 10:10 AM

SYSTEM LOOK log:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:50 on 21/08/2012 by JLaFleur
Administrator - Elevation successful

========== filefind ==========

Searching for "kdcom.dll"
C:\WINDOWS\system32\kdcom.dll --a---- 12288 bytes [21:36 14/03/2007] [12:00 18/02/2007] F65FFE8548A292BC5FF17B76D1BCD4A1

-= EOF =-



SECURITY CHECK log:

Results of screen317's Security Check version 0.99.46
Windows XP x64
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.271
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````



ADWCLEANER log:

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 11:03:55
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (64 bits)
# User : JLaFleur - PC-041
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JLaFleur\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\JLaFleur\Application Data\ue_toolbar
Folder Found : C:\Documents and Settings\Administrator.PROPUBLICA\Application Data\ue_toolbar
Folder Found : C:\Program Files (x86)\ue_toolbar

***** [Registry] *****

Key Found : HKCU\Software\ue_toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\ue_toolbar.UE_TOOLBAR
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ue_toolbar
[x64] Key Found : HKCU\Software\ue_toolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\ue_toolbar.UE_TOOLBAR

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\JLaFleur\Application Data\Mozilla\Firefox\Profiles\8k5jswz8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator.PROPUBLICA\Application Data\Mozilla\Firefox\Profiles\x6t2j5nb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2590 octets] - [21/08/2012 11:03:55]

########## EOF - H:\AdwCleaner[R1].txt - [2656 octets] ##########







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users