Shut down in one minute

Solved
By Derrick
Aug 9, 2012
  1. I'm running Windows 7 32 bit and have the svchost.exe issue where several instances are running and increase in RAM usage infinitely. While running mbam.exe has been run twice and handled 6 items twice (same items) Trendmicro begins to work and then the Critical issue / one minute warning occurs and then the pc shuts down.
    I've followed another active thread through downloading and running "First.exe" and here is the log.

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02
    Ran by SYSTEM at 09-08-2012 14:48:01
    Running from E:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
    HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe" [75648 2009-10-08] (Sun Microsystems, Inc.)
    HKLM\...\Run: [QuickBooksDB20] C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_TREASURY_20 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~2\Intuit\QUICKB~2\DBSTAR~1.LOG -y [3271 2012-08-09] ()
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKU\Derrick Hedstrom\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs: C:\Users\Derrick Hedstrom\AppData\Local\o4wsy.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
    ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SideACT!.lnk
    ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
    Startup: C:\Users\Derrick Hedstrom\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ================================ Services (Whitelisted) ==================

    4 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    4 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 MSSQL$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" -sACT7 [42884448 2010-05-05] (Microsoft Corporation)
    4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [44896 2010-05-05] (Microsoft Corporation)
    2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2011-11-11] (Intuit)
    3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.)
    4 QuickBooksDB20; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [678912 2009-08-17] (Intuit, Inc.)
    4 SQLAgent$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE" -I ACT7 [367456 2010-05-05] (Microsoft Corporation)
    2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()

    ========================== Drivers (Whitelisted) =============

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
    1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
    4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
    2 adfs; [x]
    3 catchme; \??\C:\Users\DERRIC~1\AppData\Local\Temp\catchme.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-09 14:47 - 2012-08-09 14:48 - 00000000 ____D C:\FRST
    2012-08-09 10:03 - 2012-08-09 10:12 - 00000000 ____D C:\Windows\pss
    2012-08-09 07:50 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-08-09 07:49 - 2012-08-09 07:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
    2012-08-08 12:04 - 2012-08-08 12:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
    2012-08-08 11:17 - 2012-08-08 11:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-08 11:14 - 2012-08-08 11:14 - 00000000 ____D C:\Program Files\Axantum
    2012-08-08 11:13 - 2012-08-08 11:13 - 00000000 ____D C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    2012-08-08 11:13 - 2012-08-08 11:13 - 00000000 ____D C:\Users\All Users\Real
    2012-08-08 11:12 - 2012-08-08 11:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    2012-08-08 08:10 - 2012-08-08 08:10 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\vostro 1000
    2012-08-07 10:52 - 2012-08-07 10:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
    2012-08-07 10:52 - 2012-08-07 10:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
    2012-08-07 10:42 - 2012-08-07 10:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
    2012-08-07 10:41 - 2012-08-07 10:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
    2012-08-07 06:22 - 2012-08-07 06:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    2012-08-02 09:12 - 2012-08-06 12:30 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
    2012-07-26 13:55 - 2012-07-26 14:02 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
    2012-07-26 12:30 - 2012-08-02 09:54 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
    2012-07-26 09:29 - 2012-07-26 09:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
    2012-07-16 11:02 - 2012-07-16 11:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat

    ============ 3 Months Modified Files ========================

    2012-08-09 10:22 - 2011-12-07 12:02 - 00000312 ____A C:\Windows\Tasks\AutoKMS.job
    2012-08-09 10:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-09 10:22 - 2009-07-13 20:39 - 00037389 ____A C:\Windows\setupact.log
    2012-08-09 10:20 - 2009-07-13 20:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-09 09:45 - 2012-07-09 05:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-09 09:34 - 2011-04-18 11:11 - 00817474 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-09 09:28 - 2011-04-19 02:53 - 00066006 ____A C:\Windows\PFRO.log
    2012-08-09 07:49 - 2012-08-09 07:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
    2012-08-08 12:49 - 2012-06-29 05:12 - 00001149 ____A C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
    2012-08-08 12:04 - 2012-08-08 12:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
    2012-08-08 12:03 - 2011-06-09 08:34 - 94921048 ____A C:\Windows\MEMORY.DMP
    2012-08-08 11:12 - 2012-08-08 11:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    2012-08-08 10:56 - 2011-10-03 07:25 - 88104960 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW
    2012-08-08 10:56 - 2011-10-03 07:25 - 00589824 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.TLG
    2012-08-08 10:56 - 2011-10-03 07:25 - 00000398 ____A C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.ND
    2012-08-08 10:29 - 2012-05-16 10:06 - 00851968 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
    2012-08-08 10:29 - 2012-05-16 10:06 - 00000393 ____A C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
    2012-08-08 10:29 - 2011-07-27 05:42 - 10752000 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
    2012-08-07 10:52 - 2012-08-07 10:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
    2012-08-07 10:52 - 2012-08-07 10:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
    2012-08-07 10:42 - 2012-08-07 10:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
    2012-08-07 10:41 - 2012-08-07 10:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
    2012-08-07 06:22 - 2012-08-07 06:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    2012-08-06 12:32 - 2011-11-21 13:03 - 00001185 ____A C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
    2012-08-02 16:45 - 2012-04-09 05:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-02 16:45 - 2011-05-17 02:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-02 09:54 - 2012-07-26 12:30 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
    2012-07-26 14:02 - 2012-07-26 13:55 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
    2012-07-26 09:29 - 2012-07-26 09:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
    2012-07-25 09:28 - 2012-06-08 06:17 - 00015802 ____A C:\Users\Derrick Hedstrom\Desktop\Screen Bonuses 2012.xlsx
    2012-07-17 04:53 - 2012-07-06 09:01 - 02162176 ____A C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
    2012-07-16 11:02 - 2012-07-16 11:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
    2012-07-13 10:14 - 2011-04-18 11:09 - 01342680 ____A C:\Windows\WindowsUpdate.log
    2012-07-05 13:03 - 2012-07-05 13:03 - 00026295 ____A C:\Users\Derrick Hedstrom\Documents\Scale of Function.XtoDVD
    2012-07-03 09:46 - 2011-06-10 15:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 04:28 - 2012-06-25 04:28 - 00005681 ____A C:\Users\Derrick Hedstrom\Documents\Drefs
    2012-06-19 09:47 - 2012-06-19 09:47 - 00483738 ____A C:\Users\Derrick Hedstrom\Downloads\legalaccounts.zip
    2012-06-11 11:03 - 2012-06-11 08:19 - 00011417 ____A C:\Users\Derrick Hedstrom\Downloads\Eaton Health Fair.xlsx
    2012-06-04 23:37 - 2012-08-09 07:50 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-05-29 11:53 - 2012-05-29 06:01 - 00011127 ____A C:\Users\Derrick Hedstrom\Documents\Hope Network Attendees.xlsx
    2012-05-25 08:18 - 2012-05-25 07:32 - 00010898 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending (Autosaved).xlsx
    2012-05-23 06:44 - 2012-05-23 06:44 - 00139616 ____A C:\Windows\Minidump\052312-36562-01.dmp
    2012-05-22 08:49 - 2012-05-22 08:49 - 00000165 ___AH C:\Users\Derrick Hedstrom\Documents\~$Copy of Hope Network Vendor Attending.xlsx
    2012-05-17 10:56 - 2012-05-17 10:56 - 00010519 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending.xlsx
    2012-05-16 10:27 - 2012-05-12 08:24 - 00010901 ____A C:\Users\Derrick Hedstrom\Documents\Hope NETwork.xlsx
    2012-05-16 10:06 - 2012-05-16 10:06 - 00000496 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.lgb
    2012-05-15 11:26 - 2012-05-15 11:26 - 00010627 ____A C:\Users\Derrick Hedstrom\Desktop\today
    2012-05-14 10:53 - 2012-05-14 10:53 - 00001821 ____A C:\Users\Derrick Hedstrom\Documents\week3
    2012-05-12 09:01 - 2012-05-12 08:59 - 00113664 ____A C:\Users\Derrick Hedstrom\Documents\Shelly Commend.pub

    ZeroAccess:
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\00000004.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\201d3dde
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 24%
    Total physical RAM: 1535.05 MB
    Available physical RAM: 1152.16 MB
    Total Pagefile: 1535.05 MB
    Available Pagefile: 1166.06 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:465.75 GB) (Free:346.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive d: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
    4 Drive e: (Lexar) (Removable) (Total:0.47 GB) (Free:0.37 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 9 MB
    Disk 1 Online 483 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 483 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 04
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E Lexar FAT Removable 483 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-07 04:38

    ======================= End Of Log ==========================
  2. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    I meant Farbar....frst.exe not first.exe
  3. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Ok, so in looking at a few others, here are the rest of the things needed.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.09.08

    Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.7601.17514
    Derrick Hedstrom :: TREASURY [administrator]

    8/9/2012 12:04:59 PM
    mbam-log-2012-08-09 (12-04-59).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397133
    Time elapsed: 40 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-09 16:21:57
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKX-001CA0 rev.15.01H15
    Running: gmer.exe; Driver: C:\Users\DERRIC~1\AppData\Local\Temp\kfdiipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Derrick Hedstrom at 16:24:30 on 2012-08-09
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.703 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\ACT\SideACT.exe
    C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchProtocolHost.exe
    "C:\Windows\System32\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_22\bin\jusched.exe"
    mRun: [QuickBooksDB20] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_treasury_20 -qs -gd all -gk all -gp 4096 -gu all -ch 256m -c 128m -x tcpip(broadcastlistener=no;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\progra~2\intuit\quickb~2\DBSTAR~1.LOG -y
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\derric~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\derrick hedstrom\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sideact!.lnk - c:\program files\act\SideACT.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    LSP: mswsock.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2CA5AAF4-0DED-407A-B9DE-605B3484DA8A} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    AppInit_DLLs: c:\users\derrick hedstrom\appdata\local\o4wsy.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\derrick hedstrom\appdata\roaming\mozilla\firefox\profiles\yqgsz9bx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B388dd59f-5def-49c8-9eae-8cad82ce394a%7D&mid=7ab287a32c6947d1a28ed15857d1350b-7e2094d31d03b33de90c8ba60db7f82b52859b9c&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-15%2010%3A11%3A19&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-20 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-25 1343400]
    S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S4 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]
    S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2012-08-09 22:47:56 -------- d-----w- C:\FRST
    2012-08-09 18:03:42 -------- d-----w- c:\windows\pss
    2012-08-09 15:50:18 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-08-08 19:17:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-08 19:14:07 -------- d-----w- c:\program files\Axantum
    2012-08-08 19:13:10 -------- d-----w- c:\users\derrick hedstrom\appdata\roaming\OpenCandy
    .
    ==================== Find3M ====================
    .
    2012-08-03 00:45:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-03 00:45:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 16:26:10.34 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/18/2011 6:04:01 PM
    System Uptime: 8/9/2012 4:08:55 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F4491
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 346.011 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Manufacturer:
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: JD SECURE
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_SECURE&REV_1100#106A6809151545110607&0#
    Manufacturer: LEXAR
    Name: Lexar
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_SECURE&REV_1100#106A6809151545110607&0#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP83: 6/15/2012 12:00:06 AM - Scheduled Checkpoint
    RP84: 6/25/2012 12:33:28 PM - Scheduled Checkpoint
    RP85: 7/3/2012 12:00:06 AM - Scheduled Checkpoint
    RP86: 7/11/2012 12:00:06 AM - Scheduled Checkpoint
    RP87: 7/18/2012 12:37:38 PM - Scheduled Checkpoint
    RP88: 7/26/2012 11:08:13 AM - Scheduled Checkpoint
    RP89: 8/3/2012 12:00:10 AM - Scheduled Checkpoint
    RP90: 8/8/2012 3:13:18 PM - Installed AxCrypt 1.7.2931.0
    .
    ==== Installed Programs ======================
    .
    .
    .NET Framework Machine Code Access Security Policy
    Acrobat.com
    ACT!
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AVG PC Tuneup 2011
    AxCrypt 1.7.2931.0
    Bonjour
    ConvertXtoDVD 4.1.19.365
    Dropbox
    ESET Online Scanner v3
    Foxit PDF Creator
    Foxit PDF Editor
    ImageMixer 3 SE Ver.6 Transfer Utility
    ImageMixer 3 SE Ver.6 Video Tools
    iTunes
    J2SE Runtime Environment 5.0 Update 22
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.62.0.1300
    MasterTech Personnel Potential Analysis
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    QuickBooks
    QuickBooks Pro 2010
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    Sql Server Customer Experience Improvement Program
    VirtualCloneDrive
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 8:34:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    8/9/2012 8:34:30 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/9/2012 4:10:01 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/9/2012 4:09:59 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/9/2012 4:09:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/9/2012 4:09:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/9/2012 4:09:58 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    8/9/2012 2:21:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:21:03 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:20:46 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    8/9/2012 2:20:27 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
    8/9/2012 2:20:14 PM, Error: Service Control Manager [7034] - The SQL Server (ACT7) service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:20:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    8/9/2012 2:20:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/9/2012 2:20:03 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:19:58 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:19:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/9/2012 2:19:07 PM, Error: Service Control Manager [7034] - The vToolbarUpdater11.2.0 service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:18:51 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:18:39 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/9/2012 2:18:20 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:17:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/9/2012 2:05:26 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:04:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:04:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:04:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:03:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Superfetch service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:03:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Themes service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/9/2012 2:02:14 PM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 12:04:51 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 12:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/9/2012 12:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/9/2012 12:04:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/9/2012 12:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/9/2012 12:03:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 11:58:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache ElbyCDIO spldr Wanarpv6
    8/9/2012 11:57:45 AM, Error: volmgr [46] - Crash dump initialization failed!
    8/9/2012 11:55:52 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:55:33 AM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:55:33 AM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:55:33 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/9/2012 11:55:24 AM, Error: Service Control Manager [7023] -
    8/9/2012 11:55:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    8/9/2012 11:54:16 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:53:19 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:53:19 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:52:47 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 11:52:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
    8/9/2012 11:51:44 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 11:36:51 AM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 4 time(s).
    8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Offline Files service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:44:04 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 10:38:24 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 10:37:20 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/9/2012 10:36:51 AM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/9/2012 10:36:24 AM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
    8/9/2012 10:34:43 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
    8/9/2012 10:26:49 AM, Error: Service Control Manager [7034] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:24:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
    8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
    8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    8/8/2012 4:04:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x828b2ab5, 0x80e47b4c, 0x80e47730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-50125-01.
    8/8/2012 3:47:18 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    8/8/2012 3:23:22 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    8/3/2012 2:05:26 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
  5. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    I was unsure as to whether you wanted me to run the scan again as well. Here that, and the frst.txt as well.

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02
    Ran by Derrick Hedstrom at 09-08-2012 17:00:04
    Running from E:\
    Service Pack 1 (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-08-09 18:47 - 2012-08-09 17:00 - 00000000 ____D C:\FRST
    2012-08-09 16:15 - 2012-08-09 16:06 - 00607260 ____R (Swearware) C:\Users\Derrick Hedstrom\Desktop\dds.com
    2012-08-09 16:15 - 2011-07-16 22:21 - 00302592 ____A C:\Users\Derrick Hedstrom\Desktop\gmer.exe
    2012-08-09 14:03 - 2012-08-09 14:12 - 00000000 ____D C:\Windows\pss
    2012-08-09 11:50 - 2012-06-05 03:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-08-09 11:49 - 2012-08-09 11:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
    2012-08-08 16:04 - 2012-08-08 16:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
    2012-08-08 15:17 - 2012-08-08 15:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-08 15:14 - 2012-08-08 15:14 - 00000000 ____D C:\Program Files\Axantum
    2012-08-08 15:13 - 2012-08-08 15:13 - 00000000 ____D C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    2012-08-08 15:13 - 2012-08-08 15:13 - 00000000 ____D C:\Users\All Users\Real
    2012-08-08 15:12 - 2012-08-08 15:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    2012-08-08 12:10 - 2012-08-08 12:10 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\vostro 1000
    2012-08-07 14:52 - 2012-08-07 14:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
    2012-08-07 14:52 - 2012-08-07 14:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
    2012-08-07 14:42 - 2012-08-07 14:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
    2012-08-07 14:41 - 2012-08-07 14:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
    2012-08-07 10:22 - 2012-08-07 10:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    2012-08-02 13:12 - 2012-08-06 16:30 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
    2012-07-26 17:55 - 2012-07-26 18:02 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
    2012-07-26 16:30 - 2012-08-02 13:54 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
    2012-07-26 13:29 - 2012-07-26 13:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
    2012-07-16 15:02 - 2012-07-16 15:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat

    ============ 3 Months Modified Files ========================

    2012-08-09 16:45 - 2012-07-09 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-09 16:19 - 2011-04-18 15:11 - 00817474 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-09 16:09 - 2011-12-07 16:02 - 00000312 ____A C:\Windows\Tasks\AutoKMS.job
    2012-08-09 16:09 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-09 16:09 - 2009-07-14 00:39 - 00037445 ____A C:\Windows\setupact.log
    2012-08-09 16:06 - 2012-08-09 16:15 - 00607260 ____R (Swearware) C:\Users\Derrick Hedstrom\Desktop\dds.com
    2012-08-09 14:20 - 2009-07-14 00:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-09 13:28 - 2011-04-19 06:53 - 00066006 ____A C:\Windows\PFRO.log
    2012-08-09 11:49 - 2012-08-09 11:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
    2012-08-08 16:49 - 2012-06-29 09:12 - 00001149 ____A C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
    2012-08-08 16:04 - 2012-08-08 16:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
    2012-08-08 16:03 - 2011-06-09 12:34 - 94921048 ____A C:\Windows\MEMORY.DMP
    2012-08-08 15:12 - 2012-08-08 15:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    2012-08-08 14:56 - 2011-10-03 11:25 - 88104960 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW
    2012-08-08 14:56 - 2011-10-03 11:25 - 00589824 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.TLG
    2012-08-08 14:56 - 2011-10-03 11:25 - 00000398 ____A C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.ND
    2012-08-08 14:29 - 2012-05-16 14:06 - 00851968 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
    2012-08-08 14:29 - 2012-05-16 14:06 - 00000393 ____A C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
    2012-08-08 14:29 - 2011-07-27 09:42 - 10752000 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
    2012-08-07 14:52 - 2012-08-07 14:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
    2012-08-07 14:52 - 2012-08-07 14:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
    2012-08-07 14:42 - 2012-08-07 14:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
    2012-08-07 14:41 - 2012-08-07 14:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
    2012-08-07 10:22 - 2012-08-07 10:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    2012-08-06 16:32 - 2011-11-21 17:03 - 00001185 ____A C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
    2012-08-02 20:45 - 2012-04-09 09:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-02 20:45 - 2011-05-17 06:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-02 13:54 - 2012-07-26 16:30 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
    2012-07-26 18:02 - 2012-07-26 17:55 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
    2012-07-26 13:29 - 2012-07-26 13:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
    2012-07-25 13:28 - 2012-06-08 10:17 - 00015802 ____A C:\Users\Derrick Hedstrom\Desktop\Screen Bonuses 2012.xlsx
    2012-07-17 08:53 - 2012-07-06 13:01 - 02162176 ____A C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
    2012-07-16 15:02 - 2012-07-16 15:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
    2012-07-13 14:14 - 2011-04-18 15:09 - 01342680 ____A C:\Windows\WindowsUpdate.log
    2012-07-05 17:03 - 2012-07-05 17:03 - 00026295 ____A C:\Users\Derrick Hedstrom\Documents\Scale of Function.XtoDVD
    2012-07-03 13:46 - 2011-06-10 19:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 08:28 - 2012-06-25 08:28 - 00005681 ____A C:\Users\Derrick Hedstrom\Documents\Drefs
    2012-06-19 13:47 - 2012-06-19 13:47 - 00483738 ____A C:\Users\Derrick Hedstrom\Downloads\legalaccounts.zip
    2012-06-11 15:03 - 2012-06-11 12:19 - 00011417 ____A C:\Users\Derrick Hedstrom\Downloads\Eaton Health Fair.xlsx
    2012-06-05 03:37 - 2012-08-09 11:50 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-05-29 15:53 - 2012-05-29 10:01 - 00011127 ____A C:\Users\Derrick Hedstrom\Documents\Hope Network Attendees.xlsx
    2012-05-25 12:18 - 2012-05-25 11:32 - 00010898 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending (Autosaved).xlsx
    2012-05-23 10:44 - 2012-05-23 10:44 - 00139616 ____A C:\Windows\Minidump\052312-36562-01.dmp
    2012-05-22 12:49 - 2012-05-22 12:49 - 00000165 ___AH C:\Users\Derrick Hedstrom\Documents\~$Copy of Hope Network Vendor Attending.xlsx
    2012-05-17 14:56 - 2012-05-17 14:56 - 00010519 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending.xlsx
    2012-05-16 14:27 - 2012-05-12 12:24 - 00010901 ____A C:\Users\Derrick Hedstrom\Documents\Hope NETwork.xlsx
    2012-05-16 14:06 - 2012-05-16 14:06 - 00000496 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.lgb
    2012-05-15 15:26 - 2012-05-15 15:26 - 00010627 ____A C:\Users\Derrick Hedstrom\Desktop\today
    2012-05-14 14:53 - 2012-05-14 14:53 - 00001821 ____A C:\Users\Derrick Hedstrom\Documents\week3
    2012-05-12 13:01 - 2012-05-12 12:59 - 00113664 ____A C:\Users\Derrick Hedstrom\Documents\Shelly Commend.pub

    ZeroAccess:
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\00000004.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\201d3dde
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@
    C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 50%
    Total physical RAM: 1535.05 MB
    Available physical RAM: 760.26 MB
    Total Pagefile: 3070.11 MB
    Available Pagefile: 2072.07 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1953.55 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:465.75 GB) (Free:346 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    4 Drive e: (Lexar) (Removable) (Total:0.47 GB) (Free:0.37 GB) FAT

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 9 MB
    Disk 1 Online 483 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy System (partition with boot components)

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 483 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 04
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Lexar FAT Removable 483 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-07 08:38

    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 08-08-2012 02
    Ran by Derrick Hedstrom at 2012-08-09 17:02:46
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows.old\Windows\system32\services.exe
    [2003-03-31 08:00] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

    C:\Windows.old\Windows\ServicePackFiles\i386\services.exe
    [2011-04-18 14:26] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

    C:\Windows.old\Windows\$NtServicePackUninstall$\services.exe
    [2011-04-18 14:24] - [2003-03-31 08:00] - 0101376 ___AC (Microsoft Corporation) E3DF4A0252D287C44606EE55355E1623

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 19:11] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 19:11] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    C:\Windows\ERDNT\cache\services.exe
    [2011-06-09 12:53] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    === End Of Search ===
  6. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    As is obvious, I didn't run this from command prompt in recovery console. Did you need that to be done that way again?
  7. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You ran the tool from within Windows.
    It's OK for search purposes but make sure you read carefully following instructions and run them accordingly.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  8. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    I left work last night with combofix.exe running. I came back into work this morning and "windows has recovered from an unexpected shutdown". I have a generic blue background... Many of my folders appear to have been duplicated. I noticed that AVG did not completely uninstall last night (linkscanner) still there. So I'm currently struggling to remove that using the appremover.exe that you've referenced. I've run it again which didn't remove AVG 2012 from apps in control panel. I just ran it using the "complete a failed uninstallation" setting and while it runs (tried twice) "you are being logged off [something about a DCOM Server was stopped unexpectedly]". Please advise.
  9. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Upon rebooting, I have my normal desktop back. AVG still installed...I'm going to try to uninstall it once more with appremover
  10. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    I should state, I followed all instructions up to running combofix, I left while it was running and I don't know what occurred. So I"m starting over at removing AVG (again) with appremover it is still running and is currently my background pic w/no desktop icons or task bar.
  11. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    ComboFix 12-08-09.01 - Derrick Hedstrom 08/10/2012 10:56:37.5.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.957 [GMT -4:00]
    Running from: c:\users\Derrick Hedstrom\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html
    c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-10 15:07 . 2012-08-10 15:09 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Local\temp
    2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
    2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-08-10 13:52 . 2012-08-10 13:52 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-08-10 13:42 . 2012-08-10 13:42 -------- d-----w- C:\AVG2012
    2012-08-09 22:47 . 2012-08-09 21:00 -------- d-----w- C:\FRST
    2012-08-09 15:50 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-08-08 19:17 . 2012-08-08 19:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-08 19:14 . 2012-08-08 19:14 -------- d-----w- c:\program files\Axantum
    2012-08-08 19:13 . 2012-08-08 19:13 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 00:45 . 2012-04-09 13:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-03 00:45 . 2011-05-17 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2011-06-10 23:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-26 14:37 . 2011-07-29 13:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-04-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-09 12:33 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_22\bin\jusched.exe" [2009-10-09 75648]
    "QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-08-18 678912]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
    "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-11-11 537968]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
    SideACT!.lnk - c:\program files\ACT\SideACT.exe [2012-2-6 278589]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
    R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\43w999ll.default\
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2700)
    c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\system32\AUDIODG.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-10 11:16:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-10 15:16
    ComboFix2.txt 2011-06-13 17:19
    ComboFix3.txt 2011-06-13 16:57
    ComboFix4.txt 2011-06-09 16:55
    .
    Pre-Run: 373,621,530,624 bytes free
    Post-Run: 373,749,776,384 bytes free
    .
    - - End Of File - - 5B3A28747DFA4730F5BEA5A870A94A40

    Rkill 2.0.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/10/2012 10:53:12 AM in x86 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * No issues found.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/10/2012 10:53:25 AM
    Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
     
  12. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Try AVG Remover: http://www.avg.com/us-en/utilities

    Combofix log looks good.

    Any current issues?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    svchost.exe still going nuts. I successfully removed AVG by running appremover in safe mode. Then I attemped to run combofix again in normal mode. it crashed. I just ran combofix in safe mode, that log I will post next, I will run mbam next.
  14. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    ComboFix 12-08-09.01 - Derrick Hedstrom 08/10/2012 12:09:35.6.2 - x86 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.997 [GMT -4:00]
    Running from: c:\users\Derrick Hedstrom\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
    2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-08-10 15:07 . 2012-08-10 16:17 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Local\temp
    2012-08-10 13:52 . 2012-08-10 15:37 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-08-10 13:42 . 2012-08-10 13:42 -------- d-----w- C:\AVG2012
    2012-08-09 22:47 . 2012-08-09 21:00 -------- d-----w- C:\FRST
    2012-08-09 15:50 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-08-08 19:17 . 2012-08-08 19:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-08 19:14 . 2012-08-08 19:14 -------- d-----w- c:\program files\Axantum
    2012-08-08 19:13 . 2012-08-08 19:13 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 00:45 . 2012-04-09 13:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-03 00:45 . 2011-05-17 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2011-06-10 23:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-26 14:37 . 2011-07-29 13:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-04-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-10_15.09.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-18 20:09 . 2012-08-10 15:41 38836 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2012-08-10 15:41 38944 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-18 19:15 . 2012-08-10 15:41 13764 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4217141809-3760335584-1917686362-1000_UserData.bin
    + 2012-08-08 19:11 . 2012-08-10 15:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-08-08 19:11 . 2012-08-10 14:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2011-04-18 19:14 . 2012-08-10 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-18 19:14 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-09 21:38 . 2012-08-10 16:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-08-09 21:38 . 2012-08-10 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-08-09 21:38 . 2012-08-10 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-08-09 21:38 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2012-08-09 21:38 . 2012-08-10 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2012-08-09 21:38 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2011-04-18 19:14 . 2012-08-10 16:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-18 19:14 . 2012-08-10 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-18 19:14 . 2012-08-10 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-18 19:14 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-10 16:04 . 2012-08-10 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-10 14:26 . 2012-08-10 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-10 14:26 . 2012-08-10 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-10 16:04 . 2012-08-10 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:05 . 2012-08-10 15:02 689252 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2012-08-10 16:12 689252 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2012-08-10 16:12 130238 c:\windows\System32\perfc009.dat
    - 2009-07-14 02:05 . 2012-08-10 15:02 130238 c:\windows\System32\perfc009.dat
    - 2011-04-18 19:09 . 2012-08-10 14:26 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-04-18 19:09 . 2012-08-10 15:49 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-08-09 15:55 . 2012-08-10 16:05 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-08-09 15:55 . 2012-08-10 15:08 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:47 . 2012-08-10 14:26 455532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:47 . 2012-08-10 16:03 455532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-06-09 19:13 . 2012-08-10 15:28 920252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4217141809-3760335584-1917686362-1000-12288.dat
    - 2011-06-09 19:13 . 2012-08-10 14:26 920252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4217141809-3760335584-1917686362-1000-12288.dat
    + 2011-04-18 22:04 . 2012-08-10 16:05 3686400 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-18 22:04 . 2012-08-10 15:08 3686400 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:41 . 2012-08-10 16:05 1097728 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_22\bin\jusched.exe" [2009-10-09 75648]
    "QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-08-18 678912]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-11-11 537968]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
    SideACT!.lnk - c:\program files\ACT\SideACT.exe [2012-2-6 278589]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\43w999ll.default\
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1772)
    c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Completion time: 2012-08-10 12:20:07
    ComboFix-quarantined-files.txt 2012-08-10 16:20
    ComboFix2.txt 2012-08-10 15:16
    ComboFix3.txt 2011-06-13 17:19
    ComboFix4.txt 2011-06-13 16:57
    ComboFix5.txt 2012-08-10 15:41
    .
    Pre-Run: 374,213,595,136 bytes free
    Post-Run: 374,107,889,664 bytes free
    .
    - - End Of File - - 85E21B8E742727B83D08D9A84EFB9051
  15. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  16. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.09.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Derrick Hedstrom :: TREASURY [administrator]

    8/10/2012 12:35:23 PM
    mbam-log-2012-08-10 (12-35-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228018
    Time elapsed: 4 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  17. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Please read my previous reply.
  18. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    12:45:02.0635 2660 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    12:45:02.0939 2660 ============================================================
    12:45:02.0939 2660 Current date / time: 2012/08/10 12:45:02.0939
    12:45:02.0940 2660 SystemInfo:
    12:45:02.0940 2660
    12:45:02.0940 2660 OS Version: 6.1.7601 ServicePack: 1.0
    12:45:02.0940 2660 Product type: Workstation
    12:45:02.0940 2660 ComputerName: TREASURY
    12:45:02.0940 2660 UserName: Derrick Hedstrom
    12:45:02.0940 2660 Windows directory: C:\Windows
    12:45:02.0940 2660 System windows directory: C:\Windows
    12:45:02.0940 2660 Processor architecture: Intel x86
    12:45:02.0940 2660 Number of processors: 2
    12:45:02.0940 2660 Page size: 0x1000
    12:45:02.0940 2660 Boot type: Normal boot
    12:45:02.0940 2660 ============================================================
    12:45:03.0930 2660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:45:03.0933 2660 Drive \Device\Harddisk1\DR1 - Size: 0x1E380000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:45:03.0935 2660 ============================================================
    12:45:03.0935 2660 \Device\Harddisk0\DR0:
    12:45:03.0935 2660 MBR partitions:
    12:45:03.0935 2660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    12:45:03.0935 2660 \Device\Harddisk1\DR1:
    12:45:03.0935 2660 MBR partitions:
    12:45:03.0936 2660 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0xF1BE0
    12:45:03.0936 2660 ============================================================
    12:45:03.0945 2660 C: <-> \Device\Harddisk0\DR0\Partition0
    12:45:03.0945 2660 ============================================================
    12:45:03.0945 2660 Initialize success
    12:45:03.0945 2660 ============================================================
    12:45:12.0918 0736 ============================================================
    12:45:12.0919 0736 Scan started
    12:45:12.0919 0736 Mode: Manual;
    12:45:12.0919 0736 ============================================================
    12:45:13.0939 0736 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    12:45:13.0940 0736 1394ohci - ok
    12:45:13.0976 0736 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    12:45:13.0978 0736 ACPI - ok
    12:45:14.0016 0736 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    12:45:14.0017 0736 AcpiPmi - ok
    12:45:14.0030 0736 adfs - ok
    12:45:14.0161 0736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    12:45:14.0163 0736 AdobeARMservice - ok
    12:45:14.0226 0736 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    12:45:14.0234 0736 AdobeFlashPlayerUpdateSvc - ok
    12:45:14.0276 0736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:45:14.0280 0736 adp94xx - ok
    12:45:14.0317 0736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    12:45:14.0320 0736 adpahci - ok
    12:45:14.0344 0736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    12:45:14.0346 0736 adpu320 - ok
    12:45:14.0378 0736 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    12:45:14.0380 0736 AeLookupSvc - ok
    12:45:14.0464 0736 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
    12:45:14.0467 0736 AFD - ok
    12:45:14.0514 0736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    12:45:14.0515 0736 agp440 - ok
    12:45:14.0536 0736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    12:45:14.0537 0736 aic78xx - ok
    12:45:14.0566 0736 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    12:45:14.0568 0736 ALG - ok
    12:45:14.0589 0736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    12:45:14.0590 0736 aliide - ok
    12:45:14.0608 0736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    12:45:14.0609 0736 amdagp - ok
    12:45:14.0625 0736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    12:45:14.0626 0736 amdide - ok
    12:45:14.0650 0736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    12:45:14.0651 0736 AmdK8 - ok
    12:45:14.0663 0736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    12:45:14.0664 0736 AmdPPM - ok
    12:45:14.0711 0736 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
    12:45:14.0712 0736 amdsata - ok
    12:45:14.0736 0736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:45:14.0738 0736 amdsbs - ok
    12:45:14.0767 0736 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
    12:45:14.0768 0736 amdxata - ok
    12:45:14.0813 0736 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    12:45:14.0814 0736 AppID - ok
    12:45:14.0859 0736 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    12:45:14.0860 0736 AppIDSvc - ok
    12:45:14.0905 0736 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    12:45:14.0907 0736 Appinfo - ok
    12:45:14.0985 0736 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:45:14.0987 0736 Apple Mobile Device - ok
    12:45:15.0031 0736 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    12:45:15.0034 0736 AppMgmt - ok
    12:45:15.0088 0736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    12:45:15.0089 0736 arc - ok
    12:45:15.0116 0736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    12:45:15.0117 0736 arcsas - ok
    12:45:15.0147 0736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:45:15.0148 0736 AsyncMac - ok
    12:45:15.0187 0736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    12:45:15.0188 0736 atapi - ok
    12:45:15.0262 0736 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    12:45:15.0273 0736 AudioEndpointBuilder - ok
    12:45:15.0288 0736 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    12:45:15.0292 0736 Audiosrv - ok
    12:45:15.0367 0736 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    12:45:15.0370 0736 AxInstSV - ok
    12:45:15.0421 0736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    12:45:15.0425 0736 b06bdrv - ok
    12:45:15.0464 0736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    12:45:15.0466 0736 b57nd60x - ok
    12:45:15.0500 0736 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    12:45:15.0502 0736 BDESVC - ok
    12:45:15.0516 0736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    12:45:15.0517 0736 Beep - ok
    12:45:15.0601 0736 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    12:45:15.0611 0736 BFE - ok
    12:45:15.0645 0736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    12:45:15.0647 0736 blbdrive - ok
    12:45:15.0774 0736 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    12:45:15.0788 0736 Bonjour Service - ok
    12:45:15.0828 0736 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    12:45:15.0829 0736 bowser - ok
    12:45:15.0843 0736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:45:15.0844 0736 BrFiltLo - ok
    12:45:15.0864 0736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:45:15.0865 0736 BrFiltUp - ok
    12:45:15.0893 0736 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    12:45:15.0894 0736 BridgeMP - ok
    12:45:15.0944 0736 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    12:45:15.0947 0736 Browser - ok
    12:45:15.0982 0736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    12:45:15.0984 0736 Brserid - ok
    12:45:16.0003 0736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:45:16.0004 0736 BrSerWdm - ok
    12:45:16.0019 0736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:45:16.0020 0736 BrUsbMdm - ok
    12:45:16.0033 0736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:45:16.0034 0736 BrUsbSer - ok
    12:45:16.0063 0736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    12:45:16.0064 0736 BTHMODEM - ok
    12:45:16.0113 0736 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    12:45:16.0115 0736 bthserv - ok
    12:45:16.0223 0736 catchme - ok
    12:45:16.0259 0736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    12:45:16.0260 0736 cdfs - ok
    12:45:16.0321 0736 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    12:45:16.0323 0736 cdrom - ok
    12:45:16.0373 0736 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    12:45:16.0375 0736 CertPropSvc - ok
    12:45:16.0392 0736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    12:45:16.0393 0736 circlass - ok
    12:45:16.0438 0736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    12:45:16.0443 0736 CLFS - ok
    12:45:16.0511 0736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:45:16.0513 0736 clr_optimization_v2.0.50727_32 - ok
    12:45:16.0583 0736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:45:16.0585 0736 clr_optimization_v4.0.30319_32 - ok
    12:45:16.0605 0736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:45:16.0606 0736 CmBatt - ok
    12:45:16.0649 0736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    12:45:16.0650 0736 cmdide - ok
    12:45:16.0685 0736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    12:45:16.0689 0736 CNG - ok
    12:45:16.0719 0736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    12:45:16.0719 0736 Compbatt - ok
    12:45:16.0769 0736 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    12:45:16.0770 0736 CompositeBus - ok
    12:45:16.0780 0736 COMSysApp - ok
    12:45:16.0808 0736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    12:45:16.0809 0736 crcdisk - ok
    12:45:16.0864 0736 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    12:45:16.0867 0736 CryptSvc - ok
    12:45:16.0908 0736 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    12:45:16.0912 0736 CSC - ok
    12:45:16.0952 0736 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    12:45:16.0967 0736 CscService - ok
    12:45:17.0011 0736 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    12:45:17.0021 0736 DcomLaunch - ok
    12:45:17.0069 0736 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    12:45:17.0075 0736 defragsvc - ok
    12:45:17.0149 0736 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    12:45:17.0150 0736 DfsC - ok
    12:45:17.0190 0736 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    12:45:17.0199 0736 Dhcp - ok
    12:45:17.0226 0736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    12:45:17.0227 0736 discache - ok
    12:45:17.0271 0736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    12:45:17.0272 0736 Disk - ok
    12:45:17.0301 0736 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    12:45:17.0304 0736 Dnscache - ok
    12:45:17.0357 0736 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    12:45:17.0367 0736 dot3svc - ok
    12:45:17.0421 0736 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    12:45:17.0424 0736 DPS - ok
    12:45:17.0481 0736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    12:45:17.0482 0736 drmkaud - ok
    12:45:17.0547 0736 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    12:45:17.0553 0736 DXGKrnl - ok
    12:45:17.0595 0736 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
    12:45:17.0597 0736 E100B - ok
    12:45:17.0631 0736 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    12:45:17.0634 0736 EapHost - ok
    12:45:17.0788 0736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    12:45:17.0819 0736 ebdrv - ok
    12:45:17.0909 0736 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
    12:45:17.0911 0736 EFS - ok
    12:45:17.0993 0736 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    12:45:18.0010 0736 ehRecvr - ok
    12:45:18.0042 0736 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    12:45:18.0045 0736 ehSched - ok
    12:45:18.0124 0736 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    12:45:18.0125 0736 ElbyCDIO - ok
    12:45:18.0202 0736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    12:45:18.0208 0736 elxstor - ok
    12:45:18.0255 0736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    12:45:18.0256 0736 ErrDev - ok
    12:45:18.0307 0736 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    12:45:18.0315 0736 EventSystem - ok
    12:45:18.0337 0736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    12:45:18.0339 0736 exfat - ok
    12:45:18.0368 0736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    12:45:18.0370 0736 fastfat - ok
    12:45:18.0431 0736 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    12:45:18.0451 0736 Fax - ok
    12:45:18.0466 0736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    12:45:18.0467 0736 fdc - ok
    12:45:18.0479 0736 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    12:45:18.0482 0736 fdPHost - ok
    12:45:18.0506 0736 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    12:45:18.0508 0736 FDResPub - ok
    12:45:18.0525 0736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    12:45:18.0526 0736 FileInfo - ok
    12:45:18.0543 0736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    12:45:18.0544 0736 Filetrace - ok
    12:45:18.0562 0736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:45:18.0563 0736 flpydisk - ok
    12:45:18.0591 0736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    12:45:18.0593 0736 FltMgr - ok
    12:45:18.0656 0736 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    12:45:18.0673 0736 FontCache - ok
    12:45:18.0751 0736 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    12:45:18.0753 0736 FontCache3.0.0.0 - ok
    12:45:18.0765 0736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    12:45:18.0766 0736 FsDepends - ok
    12:45:18.0779 0736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    12:45:18.0780 0736 Fs_Rec - ok
    12:45:18.0863 0736 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    12:45:18.0865 0736 fvevol - ok
    12:45:18.0890 0736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:45:18.0891 0736 gagp30kx - ok
    12:45:18.0940 0736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:45:18.0941 0736 GEARAspiWDM - ok
    12:45:19.0011 0736 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    12:45:19.0017 0736 gpsvc - ok
    12:45:19.0039 0736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    12:45:19.0040 0736 hcw85cir - ok
    12:45:19.0109 0736 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    12:45:19.0111 0736 HDAudBus - ok
    12:45:19.0127 0736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    12:45:19.0128 0736 HidBatt - ok
    12:45:19.0151 0736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    12:45:19.0153 0736 HidBth - ok
    12:45:19.0174 0736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    12:45:19.0175 0736 HidIr - ok
    12:45:19.0206 0736 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    12:45:19.0208 0736 hidserv - ok
    12:45:19.0235 0736 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    12:45:19.0236 0736 HidUsb - ok
    12:45:19.0293 0736 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    12:45:19.0297 0736 hkmsvc - ok
    12:45:19.0324 0736 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    12:45:19.0333 0736 HomeGroupListener - ok
    12:45:19.0383 0736 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    12:45:19.0389 0736 HomeGroupProvider - ok
    12:45:19.0422 0736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    12:45:19.0424 0736 HpSAMD - ok
    12:45:19.0505 0736 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    12:45:19.0510 0736 HTTP - ok
    12:45:19.0529 0736 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    12:45:19.0530 0736 hwpolicy - ok
    12:45:19.0566 0736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    12:45:19.0567 0736 i8042prt - ok
    12:45:19.0600 0736 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
    12:45:19.0604 0736 iaStorV - ok
    12:45:19.0720 0736 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:45:19.0743 0736 idsvc - ok
    12:45:19.0789 0736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    12:45:19.0790 0736 iirsp - ok
    12:45:19.0869 0736 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    12:45:19.0889 0736 IKEEXT - ok
    12:45:19.0913 0736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    12:45:19.0914 0736 intelide - ok
    12:45:19.0937 0736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    12:45:19.0938 0736 intelppm - ok
    12:45:19.0964 0736 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    12:45:19.0967 0736 IPBusEnum - ok
    12:45:20.0049 0736 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    12:45:20.0060 0736 iphlpsvc - ok
    12:45:20.0083 0736 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    12:45:20.0083 0736 IPMIDRV - ok
    12:45:20.0119 0736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    12:45:20.0120 0736 IPNAT - ok
    12:45:20.0233 0736 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
    12:45:20.0254 0736 iPod Service - ok
    12:45:20.0279 0736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    12:45:20.0280 0736 IRENUM - ok
    12:45:20.0302 0736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    12:45:20.0303 0736 isapnp - ok
    12:45:20.0333 0736 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    12:45:20.0335 0736 iScsiPrt - ok
    12:45:20.0359 0736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    12:45:20.0361 0736 kbdclass - ok
    12:45:20.0389 0736 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    12:45:20.0390 0736 kbdhid - ok
    12:45:20.0425 0736 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:20.0427 0736 KeyIso - ok
    12:45:20.0473 0736 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    12:45:20.0476 0736 KSecDD - ok
    12:45:20.0511 0736 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    12:45:20.0513 0736 KSecPkg - ok
    12:45:20.0549 0736 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    12:45:20.0565 0736 KtmRm - ok
    12:45:20.0628 0736 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    12:45:20.0632 0736 LanmanServer - ok
    12:45:20.0682 0736 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    12:45:20.0686 0736 LanmanWorkstation - ok
    12:45:20.0725 0736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    12:45:20.0726 0736 lltdio - ok
    12:45:20.0764 0736 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    12:45:20.0774 0736 lltdsvc - ok
    12:45:20.0801 0736 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    12:45:20.0803 0736 lmhosts - ok
    12:45:20.0842 0736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:45:20.0843 0736 LSI_FC - ok
    12:45:20.0869 0736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:45:20.0870 0736 LSI_SAS - ok
    12:45:20.0886 0736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:45:20.0888 0736 LSI_SAS2 - ok
    12:45:20.0910 0736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:45:20.0911 0736 LSI_SCSI - ok
    12:45:20.0941 0736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    12:45:20.0942 0736 luafv - ok
    12:45:20.0990 0736 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    12:45:20.0994 0736 Mcx2Svc - ok
    12:45:21.0012 0736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    12:45:21.0012 0736 megasas - ok
    12:45:21.0042 0736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    12:45:21.0044 0736 MegaSR - ok
    12:45:21.0077 0736 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    12:45:21.0081 0736 MMCSS - ok
    12:45:21.0099 0736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    12:45:21.0100 0736 Modem - ok
    12:45:21.0125 0736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    12:45:21.0125 0736 monitor - ok
    12:45:21.0186 0736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    12:45:21.0187 0736 mouclass - ok
    12:45:21.0215 0736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    12:45:21.0216 0736 mouhid - ok
    12:45:21.0270 0736 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    12:45:21.0271 0736 mountmgr - ok
    12:45:21.0358 0736 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance
     
  19. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Service\maintenanceservice.exe
    12:45:21.0361 0736 MozillaMaintenance - ok
    12:45:21.0406 0736 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    12:45:21.0408 0736 mpio - ok
    12:45:21.0429 0736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    12:45:21.0430 0736 mpsdrv - ok
    12:45:21.0526 0736 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    12:45:21.0541 0736 MpsSvc - ok
    12:45:21.0593 0736 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    12:45:21.0594 0736 MRxDAV - ok
    12:45:21.0631 0736 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:45:21.0632 0736 mrxsmb - ok
    12:45:21.0658 0736 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:45:21.0660 0736 mrxsmb10 - ok
    12:45:21.0677 0736 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:45:21.0679 0736 mrxsmb20 - ok
    12:45:21.0717 0736 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    12:45:21.0719 0736 msahci - ok
    12:45:21.0761 0736 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    12:45:21.0763 0736 msdsm - ok
    12:45:21.0793 0736 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    12:45:21.0798 0736 MSDTC - ok
    12:45:21.0842 0736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    12:45:21.0843 0736 Msfs - ok
    12:45:21.0860 0736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    12:45:21.0861 0736 mshidkmdf - ok
    12:45:21.0876 0736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    12:45:21.0877 0736 msisadrv - ok
    12:45:21.0924 0736 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    12:45:21.0928 0736 MSiSCSI - ok
    12:45:21.0937 0736 msiserver - ok
    12:45:21.0971 0736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    12:45:21.0971 0736 MSKSSRV - ok
    12:45:21.0993 0736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:45:21.0994 0736 MSPCLOCK - ok
    12:45:22.0014 0736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    12:45:22.0015 0736 MSPQM - ok
    12:45:22.0041 0736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    12:45:22.0042 0736 MsRPC - ok
    12:45:22.0093 0736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    12:45:22.0094 0736 mssmbios - ok
    12:45:22.0219 0736 MSSQL$ACT7 - ok
    12:45:22.0347 0736 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    12:45:22.0349 0736 MSSQLServerADHelper100 - ok
    12:45:22.0505 0736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    12:45:22.0506 0736 MSTEE - ok
    12:45:22.0519 0736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:45:22.0521 0736 MTConfig - ok
    12:45:22.0540 0736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    12:45:22.0541 0736 Mup - ok
    12:45:22.0598 0736 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    12:45:22.0603 0736 napagent - ok
    12:45:22.0646 0736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    12:45:22.0649 0736 NativeWifiP - ok
    12:45:22.0700 0736 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    12:45:22.0705 0736 NDIS - ok
    12:45:22.0729 0736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:45:22.0730 0736 NdisCap - ok
    12:45:22.0761 0736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:45:22.0762 0736 NdisTapi - ok
    12:45:22.0800 0736 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:45:22.0801 0736 Ndisuio - ok
    12:45:22.0848 0736 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:45:22.0849 0736 NdisWan - ok
    12:45:22.0896 0736 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    12:45:22.0897 0736 NDProxy - ok
    12:45:22.0913 0736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    12:45:22.0914 0736 NetBIOS - ok
    12:45:22.0960 0736 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    12:45:22.0962 0736 NetBT - ok
    12:45:22.0992 0736 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:22.0994 0736 Netlogon - ok
    12:45:23.0050 0736 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    12:45:23.0067 0736 Netman - ok
    12:45:23.0097 0736 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    12:45:23.0111 0736 netprofm - ok
    12:45:23.0219 0736 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:45:23.0221 0736 NetTcpPortSharing - ok
    12:45:23.0250 0736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:45:23.0250 0736 nfrd960 - ok
    12:45:23.0302 0736 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    12:45:23.0311 0736 NlaSvc - ok
    12:45:23.0325 0736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    12:45:23.0327 0736 Npfs - ok
    12:45:23.0341 0736 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    12:45:23.0344 0736 nsi - ok
    12:45:23.0360 0736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    12:45:23.0362 0736 nsiproxy - ok
    12:45:23.0444 0736 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    12:45:23.0454 0736 Ntfs - ok
    12:45:23.0471 0736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    12:45:23.0472 0736 Null - ok
    12:45:23.0532 0736 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
    12:45:23.0533 0736 nvraid - ok
    12:45:23.0558 0736 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
    12:45:23.0560 0736 nvstor - ok
    12:45:23.0581 0736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    12:45:23.0582 0736 nv_agp - ok
    12:45:23.0628 0736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    12:45:23.0629 0736 ohci1394 - ok
    12:45:23.0694 0736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:45:23.0697 0736 ose - ok
    12:45:23.0927 0736 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:45:24.0019 0736 osppsvc - ok
    12:45:24.0142 0736 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    12:45:24.0146 0736 p2pimsvc - ok
    12:45:24.0174 0736 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    12:45:24.0180 0736 p2psvc - ok
    12:45:24.0227 0736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    12:45:24.0228 0736 Parport - ok
    12:45:24.0274 0736 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    12:45:24.0275 0736 partmgr - ok
    12:45:24.0291 0736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    12:45:24.0291 0736 Parvdm - ok
    12:45:24.0312 0736 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    12:45:24.0316 0736 PcaSvc - ok
    12:45:24.0351 0736 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    12:45:24.0353 0736 pci - ok
    12:45:24.0377 0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    12:45:24.0378 0736 pciide - ok
    12:45:24.0402 0736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:45:24.0404 0736 pcmcia - ok
    12:45:24.0425 0736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    12:45:24.0426 0736 pcw - ok
    12:45:24.0486 0736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    12:45:24.0491 0736 PEAUTH - ok
    12:45:24.0552 0736 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    12:45:24.0562 0736 PeerDistSvc - ok
    12:45:24.0786 0736 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    12:45:24.0799 0736 pla - ok
    12:45:24.0916 0736 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
    12:45:24.0922 0736 PlugPlay - ok
    12:45:24.0975 0736 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\System32\hpzipm12.dll
    12:45:24.0977 0736 Pml Driver HPZ12 - ok
    12:45:25.0003 0736 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    12:45:25.0007 0736 PNRPAutoReg - ok
    12:45:25.0034 0736 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    12:45:25.0038 0736 PNRPsvc - ok
    12:45:25.0076 0736 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    12:45:25.0089 0736 PolicyAgent - ok
    12:45:25.0147 0736 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    12:45:25.0151 0736 Power - ok
    12:45:25.0225 0736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    12:45:25.0226 0736 PptpMiniport - ok
    12:45:25.0254 0736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    12:45:25.0255 0736 Processor - ok
    12:45:25.0291 0736 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    12:45:25.0295 0736 ProfSvc - ok
    12:45:25.0325 0736 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:25.0327 0736 ProtectedStorage - ok
    12:45:25.0346 0736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    12:45:25.0348 0736 Psched - ok
    12:45:25.0442 0736 QBCFMonitorService (45ff9e4ec506fca0c263a3299809b73a) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    12:45:25.0444 0736 QBCFMonitorService - ok
    12:45:25.0477 0736 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    12:45:25.0479 0736 QBFCService - ok
    12:45:25.0565 0736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    12:45:25.0576 0736 ql2300 - ok
    12:45:25.0680 0736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:45:25.0682 0736 ql40xx - ok
    12:45:25.0741 0736 QuickBooksDB20 - ok
    12:45:25.0793 0736 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    12:45:25.0799 0736 QWAVE - ok
    12:45:25.0817 0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    12:45:25.0819 0736 QWAVEdrv - ok
    12:45:25.0836 0736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    12:45:25.0837 0736 RasAcd - ok
    12:45:25.0879 0736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:45:25.0880 0736 RasAgileVpn - ok
    12:45:25.0902 0736 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    12:45:25.0905 0736 RasAuto - ok
    12:45:25.0923 0736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:45:25.0924 0736 Rasl2tp - ok
    12:45:25.0994 0736 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    12:45:25.0999 0736 RasMan - ok
    12:45:26.0022 0736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:45:26.0024 0736 RasPppoe - ok
    12:45:26.0046 0736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    12:45:26.0047 0736 RasSstp - ok
    12:45:26.0074 0736 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    12:45:26.0076 0736 rdbss - ok
    12:45:26.0092 0736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:45:26.0093 0736 rdpbus - ok
    12:45:26.0138 0736 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:45:26.0139 0736 RDPCDD - ok
    12:45:26.0194 0736 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    12:45:26.0196 0736 RDPDR - ok
    12:45:26.0221 0736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    12:45:26.0221 0736 RDPENCDD - ok
    12:45:26.0236 0736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    12:45:26.0238 0736 RDPREFMP - ok
    12:45:26.0274 0736 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    12:45:26.0276 0736 RdpVideoMiniport - ok
    12:45:26.0332 0736 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    12:45:26.0333 0736 RDPWD - ok
    12:45:26.0394 0736 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    12:45:26.0396 0736 rdyboost - ok
    12:45:26.0442 0736 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    12:45:26.0446 0736 RemoteAccess - ok
    12:45:26.0479 0736 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    12:45:26.0483 0736 RemoteRegistry - ok
    12:45:26.0502 0736 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    12:45:26.0505 0736 RpcEptMapper - ok
    12:45:26.0531 0736 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    12:45:26.0533 0736 RpcLocator - ok
    12:45:26.0593 0736 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    12:45:26.0600 0736 RpcSs - ok
    12:45:26.0654 0736 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
    12:45:26.0657 0736 RsFx0150 - ok
    12:45:26.0704 0736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    12:45:26.0705 0736 rspndr - ok
    12:45:26.0748 0736 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    12:45:26.0749 0736 s3cap - ok
    12:45:26.0768 0736 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:26.0772 0736 SamSs - ok
    12:45:26.0820 0736 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    12:45:26.0822 0736 sbp2port - ok
    12:45:26.0854 0736 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    12:45:26.0858 0736 SCardSvr - ok
    12:45:26.0899 0736 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    12:45:26.0900 0736 scfilter - ok
    12:45:26.0979 0736 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    12:45:26.0988 0736 Schedule - ok
    12:45:27.0047 0736 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    12:45:27.0048 0736 SCPolicySvc - ok
    12:45:27.0094 0736 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    12:45:27.0098 0736 SDRSVC - ok
    12:45:27.0127 0736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    12:45:27.0128 0736 secdrv - ok
    12:45:27.0147 0736 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    12:45:27.0150 0736 seclogon - ok
    12:45:27.0185 0736 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    12:45:27.0188 0736 SENS - ok
    12:45:27.0200 0736 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    12:45:27.0205 0736 SensrSvc - ok
    12:45:27.0229 0736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    12:45:27.0230 0736 Serenum - ok
    12:45:27.0250 0736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    12:45:27.0252 0736 Serial - ok
    12:45:27.0297 0736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    12:45:27.0298 0736 sermouse - ok
    12:45:27.0366 0736 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    12:45:27.0370 0736 SessionEnv - ok
    12:45:27.0411 0736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    12:45:27.0412 0736 sffdisk - ok
    12:45:27.0424 0736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    12:45:27.0426 0736 sffp_mmc - ok
    12:45:27.0444 0736 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    12:45:27.0444 0736 sffp_sd - ok
    12:45:27.0458 0736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:45:27.0459 0736 sfloppy - ok
    12:45:27.0534 0736 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    12:45:27.0540 0736 SharedAccess - ok
    12:45:27.0599 0736 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    12:45:27.0604 0736 ShellHWDetection - ok
    12:45:27.0628 0736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    12:45:27.0630 0736 sisagp - ok
    12:45:27.0661 0736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:45:27.0662 0736 SiSRaid2 - ok
    12:45:27.0685 0736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:45:27.0687 0736 SiSRaid4 - ok
    12:45:27.0715 0736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    12:45:27.0716 0736 Smb - ok
    12:45:27.0761 0736 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
    12:45:27.0765 0736 smwdm - ok
    12:45:27.0802 0736 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    12:45:27.0805 0736 SNMPTRAP - ok
    12:45:27.0817 0736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    12:45:27.0819 0736 spldr - ok
    12:45:27.0895 0736 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    12:45:27.0900 0736 Spooler - ok
    12:45:28.0078 0736 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    12:45:28.0105 0736 sppsvc - ok
    12:45:28.0240 0736 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    12:45:28.0244 0736 sppuinotify - ok
    12:45:28.0367 0736 SQLAgent$ACT7 (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
    12:45:28.0379 0736 SQLAgent$ACT7 - ok
    12:45:28.0429 0736 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    12:45:28.0437 0736 SQLBrowser - ok
    12:45:28.0472 0736 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    12:45:28.0474 0736 SQLWriter - ok
    12:45:28.0535 0736 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
    12:45:28.0539 0736 srv - ok
    12:45:28.0563 0736 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
    12:45:28.0566 0736 srv2 - ok
    12:45:28.0586 0736 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
    12:45:28.0588 0736 srvnet - ok
    12:45:28.0625 0736 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    12:45:28.0630 0736 SSDPSRV - ok
    12:45:28.0649 0736 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    12:45:28.0653 0736 SstpSvc - ok
    12:45:28.0685 0736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    12:45:28.0686 0736 stexstor - ok
    12:45:28.0752 0736 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    12:45:28.0759 0736 StiSvc - ok
    12:45:28.0820 0736 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    12:45:28.0821 0736 storflt - ok
    12:45:28.0851 0736 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    12:45:28.0852 0736 storvsc - ok
    12:45:28.0870 0736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    12:45:28.0871 0736 swenum - ok
    12:45:28.0900 0736 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    12:45:28.0906 0736 swprv - ok
    12:45:28.0930 0736 Synth3dVsc - ok
    12:45:29.0030 0736 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    12:45:29.0041 0736 SysMain - ok
    12:45:29.0093 0736 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    12:45:29.0096 0736 TabletInputService - ok
    12:45:29.0154 0736 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    12:45:29.0159 0736 TapiSrv - ok
    12:45:29.0178 0736 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    12:45:29.0181 0736 TBS - ok
    12:45:29.0305 0736 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
    12:45:29.0315 0736 Tcpip - ok
    12:45:29.0351 0736 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
    12:45:29.0361 0736 TCPIP6 - ok
    12:45:29.0414 0736 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    12:45:29.0415 0736 tcpipreg - ok
    12:45:29.0461 0736 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    12:45:29.0462 0736 TDPIPE - ok
    12:45:29.0477 0736 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    12:45:29.0478 0736 TDTCP - ok
    12:45:29.0527 0736 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    12:45:29.0528 0736 tdx - ok
    12:45:29.0574 0736 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    12:45:29.0575 0736 TermDD - ok
    12:45:29.0650 0736 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    12:45:29.0657 0736 TermService - ok
    12:45:29.0686 0736 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    12:45:29.0689 0736 Themes - ok
    12:45:29.0718 0736 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    12:45:29.0720 0736 THREADORDER - ok
    12:45:29.0740 0736 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    12:45:29.0744 0736 TrkWks - ok
    12:45:29.0810 0736 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    12:45:29.0821 0736 TrustedInstaller - ok
    12:45:29.0837 0736 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:45:29.0839 0736 tssecsrv - ok
    12:45:29.0902 0736 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    12:45:29.0904 0736 TsUsbFlt - ok
    12:45:29.0921 0736 tsusbhub - ok
    12:45:29.0985 0736 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    12:45:29.0986 0736 tunnel - ok
    12:45:30.0031 0736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    12:45:30.0033 0736 uagp35 - ok
    12:45:30.0095 0736 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    12:45:30.0098 0736 udfs - ok
    12:45:30.0138 0736 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    12:45:30.0142 0736 UI0Detect - ok
    12:45:30.0201 0736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    12:45:30.0202 0736 uliagpkx - ok
    12:45:30.0250 0736 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    12:45:30.0250 0736 umbus - ok
    12:45:30.0283 0736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    12:45:30.0284 0736 UmPass - ok
    12:45:30.0340 0736 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    12:45:30.0344 0736 UmRdpService - ok
    12:45:30.0377 0736 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    12:45:30.0382 0736 upnphost - ok
    12:45:30.0427 0736 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:45:30.0428 0736 usbccgp - ok
    12:45:30.0476 0736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    12:45:30.0477 0736 usbcir - ok
    12:45:30.0501 0736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    12:45:30.0502 0736 usbehci - ok
    12:45:30.0528 0736 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    12:45:30.0531 0736 usbhub - ok
    12:45:30.0551 0736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    12:45:30.0552 0736 usbohci - ok
    12:45:30.0577 0736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    12:45:30.0578 0736 usbprint - ok
    12:45:30.0600 0736 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    12:45:30.0602 0736 usbscan - ok
    12:45:30.0622 0736 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:45:30.0623 0736 USBSTOR - ok
    12:45:30.0640 0736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    12:45:30.0641 0736 usbuhci - ok
    12:45:30.0667 0736 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    12:45:30.0671 0736 UxSms - ok
    12:45:30.0700 0736 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:30.0702 0736 VaultSvc - ok
    12:45:30.0747 0736 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
    12:45:30.0748 0736 VClone - ok
    12:45:30.0801 0736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    12:45:30.0802 0736 vdrvroot - ok
    12:45:30.0873 0736 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    12:45:30.0879 0736 vds - ok
    12:45:30.0903 0736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:45:30.0904 0736 vga - ok
    12:45:30.0917 0736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    12:45:30.0918 0736 VgaSave - ok
    12:45:30.0927 0736 VGPU - ok
    12:45:30.0989 0736 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    12:45:30.0991 0736 vhdmp - ok
    12:45:31.0021 0736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    12:45:31.0023 0736 viaagp - ok
    12:45:31.0057 0736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    12:45:31.0058 0736 ViaC7 - ok
    12:45:31.0079 0736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    12:45:31.0080 0736 viaide - ok
    12:45:31.0107 0736 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    12:45:31.0109 0736 vmbus - ok
    12:45:31.0128 0736 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    12:45:31.0130 0736 VMBusHID - ok
    12:45:31.0148 0736 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    12:45:31.0149 0736 volmgr - ok
    12:45:31.0176 0736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    12:45:31.0179 0736 volmgrx - ok
    12:45:31.0225 0736 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    12:45:31.0228 0736 volsnap - ok
    12:45:31.0266 0736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:45:31.0268 0736 vsmraid - ok
    12:45:31.0369 0736 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    12:45:31.0378 0736 VSS - ok
    12:45:31.0428 0736 vToolbarUpdater11.2.0 - ok
    12:45:31.0452 0736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    12:45:31.0453 0736 vwifibus - ok
    12:45:31.0505 0736 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    12:45:31.0511 0736 W32Time - ok
    12:45:31.0539 0736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    12:45:31.0540 0736 WacomPen - ok
    12:45:31.0592 0736 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    12:45:31.0593 0736 WANARP - ok
    12:45:31.0600 0736 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    12:45:31.0603 0736 Wanarpv6 - ok
    12:45:31.0707 0736 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    12:45:31.0733 0736 WatAdminSvc - ok
    12:45:31.0834 0736 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    12:45:31.0847 0736 wbengine - ok
    12:45:31.0873 0736 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    12:45:31.0876 0736 WbioSrvc - ok
    12:45:31.0936 0736 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    12:45:31.0941 0736 wcncsvc - ok
    12:45:31.0960 0736 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    12:45:31.0963 0736 WcsPlugInService - ok
    12:45:32.0017 0736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    12:45:32.0018 0736 Wd - ok
    12:45:32.0060 0736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    12:45:32.0065 0736 Wdf01000 - ok
    12:45:32.0086 0736 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    12:45:32.0090 0736 WdiServiceHost - ok
    12:45:32.0098 0736 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    12:45:32.0104 0736 WdiSystemHost - ok
    12:45:32.0160 0736 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    12:45:32.0165 0736 WebClient - ok
    12:45:32.0186 0736 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    12:45:32.0190 0736 Wecsvc - ok
    12:45:32.0205 0736 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    12:45:32.0210 0736 wercplsupport - ok
    12:45:32.0239 0736 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    12:45:32.0243 0736 WerSvc - ok
    12:45:32.0268 0736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:45:32.0269 0736 WfpLwf - ok
    12:45:32.0297 0736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    12:45:32.0298 0736 WIMMount - ok
    12:45:32.0400 0736 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    12:45:32.0420 0736 WinDefend - ok
    12:45:32.0434 0736 WinHttpAutoProxySvc - ok
    12:45:32.0492 0736 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    12:45:32.0494 0736 Winmgmt - ok
    12:45:32.0589 0736 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    12:45:32.0602 0736 WinRM - ok
    12:45:32.0678 0736 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    12:45:32.0679 0736 WinUsb - ok
    12:45:32.0752 0736 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    12:45:32.0762 0736 Wlansvc - ok
    12:45:32.0809 0736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    12:45:32.0810 0736 WmiAcpi - ok
    12:45:32.0864 0736 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    12:45:32.0866 0736 wmiApSrv - ok
    12:45:32.0989 0736 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    12:45:33.0013 0736 WMPNetworkSvc - ok
    12:45:33.0026 0736 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    12:45:33.0032 0736 WPCSvc - ok
    12:45:33.0081 0736 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    12:45:33.0084 0736 WPDBusEnum - ok
    12:45:33.0135 0736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    12:45:33.0136 0736 ws2ifsl - ok
    12:45:33.0179 0736 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    12:45:33.0183 0736 wscsvc - ok
    12:45:33.0191 0736 WSearch - ok
    12:45:33.0347 0736 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    12:45:33.0366 0736 wuauserv - ok
    12:45:33.0501 0736 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    12:45:33.0503 0736 WudfPf - ok
    12:45:33.0524 0736 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:45:33.0526 0736 WUDFRd - ok
    12:45:33.0582 0736 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    12:45:33.0585 0736 wudfsvc - ok
    12:45:33.0617 0736 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    12:45:33.0622 0736 WwanSvc - ok
    12:45:33.0659 0736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:45:33.0685 0736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    12:45:33.0685 0736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    12:45:33.0698 0736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    12:45:33.0706 0736 \Device\Harddisk1\DR1 - ok
    12:45:33.0711 0736 Boot (0x1200) (abc49a7be8d0ec074a4d9b937d39bd43) \Device\Harddisk0\DR0\Partition0
    12:45:33.0715 0736 \Device\Harddisk0\DR0\Partition0 - ok
    12:45:33.0724 0736 Boot (0x1200) (0301c1836343c2cd574a370ec0c2a1fd) \Device\Harddisk1\DR1\Partition0
    12:45:33.0727 0736 \Device\Harddisk1\DR1\Partition0 - ok
    12:45:33.0729 0736 ============================================================
    12:45:33.0729 0736 Scan finished
    12:45:33.0729 0736 ============================================================
    12:45:33.0750 1128 Detected object count: 1
    12:45:33.0750 1128 Actual detected object count: 1
    12:45:46.0243 1128 \Device\Harddisk0\DR0\# - copied to quarantine
    12:45:46.0244 1128 \Device\Harddisk0\DR0 - copied to quarantine
    12:45:46.0276 1128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    12:45:46.0285 1128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    12:45:46.0289 1128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    12:45:46.0294 1128 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    12:45:46.0301 1128 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    12:45:46.0311 1128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    12:45:46.0321 1128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    12:45:46.0324 1128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    12:45:46.0327 1128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    12:45:46.0331 1128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    12:45:46.0334 1128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    12:45:46.0338 1128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    12:45:46.0341 1128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    12:45:46.0344 1128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    12:45:46.0376 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    12:45:46.0377 1128 \Device\Harddisk0\DR0 - ok
    12:45:52.0289 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    12:45:58.0738 3416 Deinitialize success
  20. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Service\maintenanceservice.exe
    12:45:21.0361 0736 MozillaMaintenance - ok
    12:45:21.0406 0736 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    12:45:21.0408 0736 mpio - ok
    12:45:21.0429 0736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    12:45:21.0430 0736 mpsdrv - ok
    12:45:21.0526 0736 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    12:45:21.0541 0736 MpsSvc - ok
    12:45:21.0593 0736 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    12:45:21.0594 0736 MRxDAV - ok
    12:45:21.0631 0736 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:45:21.0632 0736 mrxsmb - ok
    12:45:21.0658 0736 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:45:21.0660 0736 mrxsmb10 - ok
    12:45:21.0677 0736 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:45:21.0679 0736 mrxsmb20 - ok
    12:45:21.0717 0736 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    12:45:21.0719 0736 msahci - ok
    12:45:21.0761 0736 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    12:45:21.0763 0736 msdsm - ok
    12:45:21.0793 0736 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    12:45:21.0798 0736 MSDTC - ok
    12:45:21.0842 0736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    12:45:21.0843 0736 Msfs - ok
    12:45:21.0860 0736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    12:45:21.0861 0736 mshidkmdf - ok
    12:45:21.0876 0736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    12:45:21.0877 0736 msisadrv - ok
    12:45:21.0924 0736 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    12:45:21.0928 0736 MSiSCSI - ok
    12:45:21.0937 0736 msiserver - ok
    12:45:21.0971 0736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    12:45:21.0971 0736 MSKSSRV - ok
    12:45:21.0993 0736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:45:21.0994 0736 MSPCLOCK - ok
    12:45:22.0014 0736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    12:45:22.0015 0736 MSPQM - ok
    12:45:22.0041 0736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    12:45:22.0042 0736 MsRPC - ok
    12:45:22.0093 0736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    12:45:22.0094 0736 mssmbios - ok
    12:45:22.0219 0736 MSSQL$ACT7 - ok
    12:45:22.0347 0736 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    12:45:22.0349 0736 MSSQLServerADHelper100 - ok
    12:45:22.0505 0736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    12:45:22.0506 0736 MSTEE - ok
    12:45:22.0519 0736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:45:22.0521 0736 MTConfig - ok
    12:45:22.0540 0736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    12:45:22.0541 0736 Mup - ok
    12:45:22.0598 0736 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    12:45:22.0603 0736 napagent - ok
    12:45:22.0646 0736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    12:45:22.0649 0736 NativeWifiP - ok
    12:45:22.0700 0736 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    12:45:22.0705 0736 NDIS - ok
    12:45:22.0729 0736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:45:22.0730 0736 NdisCap - ok
    12:45:22.0761 0736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:45:22.0762 0736 NdisTapi - ok
    12:45:22.0800 0736 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:45:22.0801 0736 Ndisuio - ok
    12:45:22.0848 0736 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:45:22.0849 0736 NdisWan - ok
    12:45:22.0896 0736 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    12:45:22.0897 0736 NDProxy - ok
    12:45:22.0913 0736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    12:45:22.0914 0736 NetBIOS - ok
    12:45:22.0960 0736 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    12:45:22.0962 0736 NetBT - ok
    12:45:22.0992 0736 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:22.0994 0736 Netlogon - ok
    12:45:23.0050 0736 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    12:45:23.0067 0736 Netman - ok
    12:45:23.0097 0736 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    12:45:23.0111 0736 netprofm - ok
    12:45:23.0219 0736 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:45:23.0221 0736 NetTcpPortSharing - ok
    12:45:23.0250 0736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:45:23.0250 0736 nfrd960 - ok
    12:45:23.0302 0736 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    12:45:23.0311 0736 NlaSvc - ok
    12:45:23.0325 0736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    12:45:23.0327 0736 Npfs - ok
    12:45:23.0341 0736 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    12:45:23.0344 0736 nsi - ok
    12:45:23.0360 0736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    12:45:23.0362 0736 nsiproxy - ok
    12:45:23.0444 0736 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    12:45:23.0454 0736 Ntfs - ok
    12:45:23.0471 0736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    12:45:23.0472 0736 Null - ok
    12:45:23.0532 0736 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
    12:45:23.0533 0736 nvraid - ok
    12:45:23.0558 0736 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
    12:45:23.0560 0736 nvstor - ok
    12:45:23.0581 0736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    12:45:23.0582 0736 nv_agp - ok
    12:45:23.0628 0736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    12:45:23.0629 0736 ohci1394 - ok
    12:45:23.0694 0736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:45:23.0697 0736 ose - ok
    12:45:23.0927 0736 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:45:24.0019 0736 osppsvc - ok
    12:45:24.0142 0736 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    12:45:24.0146 0736 p2pimsvc - ok
    12:45:24.0174 0736 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    12:45:24.0180 0736 p2psvc - ok
    12:45:24.0227 0736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    12:45:24.0228 0736 Parport - ok
    12:45:24.0274 0736 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    12:45:24.0275 0736 partmgr - ok
    12:45:24.0291 0736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    12:45:24.0291 0736 Parvdm - ok
    12:45:24.0312 0736 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    12:45:24.0316 0736 PcaSvc - ok
    12:45:24.0351 0736 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    12:45:24.0353 0736 pci - ok
    12:45:24.0377 0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    12:45:24.0378 0736 pciide - ok
    12:45:24.0402 0736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:45:24.0404 0736 pcmcia - ok
    12:45:24.0425 0736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    12:45:24.0426 0736 pcw - ok
    12:45:24.0486 0736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    12:45:24.0491 0736 PEAUTH - ok
    12:45:24.0552 0736 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    12:45:24.0562 0736 PeerDistSvc - ok
    12:45:24.0786 0736 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    12:45:24.0799 0736 pla - ok
    12:45:24.0916 0736 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
    12:45:24.0922 0736 PlugPlay - ok
    12:45:24.0975 0736 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\System32\hpzipm12.dll
    12:45:24.0977 0736 Pml Driver HPZ12 - ok
    12:45:25.0003 0736 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    12:45:25.0007 0736 PNRPAutoReg - ok
    12:45:25.0034 0736 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    12:45:25.0038 0736 PNRPsvc - ok
    12:45:25.0076 0736 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    12:45:25.0089 0736 PolicyAgent - ok
    12:45:25.0147 0736 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    12:45:25.0151 0736 Power - ok
    12:45:25.0225 0736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    12:45:25.0226 0736 PptpMiniport - ok
    12:45:25.0254 0736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    12:45:25.0255 0736 Processor - ok
    12:45:25.0291 0736 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    12:45:25.0295 0736 ProfSvc - ok
    12:45:25.0325 0736 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:25.0327 0736 ProtectedStorage - ok
    12:45:25.0346 0736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    12:45:25.0348 0736 Psched - ok
    12:45:25.0442 0736 QBCFMonitorService (45ff9e4ec506fca0c263a3299809b73a) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    12:45:25.0444 0736 QBCFMonitorService - ok
    12:45:25.0477 0736 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    12:45:25.0479 0736 QBFCService - ok
    12:45:25.0565 0736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    12:45:25.0576 0736 ql2300 - ok
    12:45:25.0680 0736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:45:25.0682 0736 ql40xx - ok
    12:45:25.0741 0736 QuickBooksDB20 - ok
    12:45:25.0793 0736 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    12:45:25.0799 0736 QWAVE - ok
    12:45:25.0817 0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    12:45:25.0819 0736 QWAVEdrv - ok
    12:45:25.0836 0736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    12:45:25.0837 0736 RasAcd - ok
    12:45:25.0879 0736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:45:25.0880 0736 RasAgileVpn - ok
    12:45:25.0902 0736 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    12:45:25.0905 0736 RasAuto - ok
    12:45:25.0923 0736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:45:25.0924 0736 Rasl2tp - ok
    12:45:25.0994 0736 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    12:45:25.0999 0736 RasMan - ok
    12:45:26.0022 0736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:45:26.0024 0736 RasPppoe - ok
    12:45:26.0046 0736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    12:45:26.0047 0736 RasSstp - ok
    12:45:26.0074 0736 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    12:45:26.0076 0736 rdbss - ok
    12:45:26.0092 0736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:45:26.0093 0736 rdpbus - ok
    12:45:26.0138 0736 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:45:26.0139 0736 RDPCDD - ok
    12:45:26.0194 0736 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    12:45:26.0196 0736 RDPDR - ok
    12:45:26.0221 0736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    12:45:26.0221 0736 RDPENCDD - ok
    12:45:26.0236 0736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    12:45:26.0238 0736 RDPREFMP - ok
    12:45:26.0274 0736 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    12:45:26.0276 0736 RdpVideoMiniport - ok
    12:45:26.0332 0736 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    12:45:26.0333 0736 RDPWD - ok
    12:45:26.0394 0736 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    12:45:26.0396 0736 rdyboost - ok
    12:45:26.0442 0736 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    12:45:26.0446 0736 RemoteAccess - ok
    12:45:26.0479 0736 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    12:45:26.0483 0736 RemoteRegistry - ok
    12:45:26.0502 0736 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    12:45:26.0505 0736 RpcEptMapper - ok
    12:45:26.0531 0736 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    12:45:26.0533 0736 RpcLocator - ok
    12:45:26.0593 0736 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    12:45:26.0600 0736 RpcSs - ok
    12:45:26.0654 0736 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
    12:45:26.0657 0736 RsFx0150 - ok
    12:45:26.0704 0736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    12:45:26.0705 0736 rspndr - ok
    12:45:26.0748 0736 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    12:45:26.0749 0736 s3cap - ok
    12:45:26.0768 0736 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:26.0772 0736 SamSs - ok
    12:45:26.0820 0736 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    12:45:26.0822 0736 sbp2port - ok
    12:45:26.0854 0736 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    12:45:26.0858 0736 SCardSvr - ok
    12:45:26.0899 0736 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    12:45:26.0900 0736 scfilter - ok
    12:45:26.0979 0736 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    12:45:26.0988 0736 Schedule - ok
    12:45:27.0047 0736 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    12:45:27.0048 0736 SCPolicySvc - ok
    12:45:27.0094 0736 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    12:45:27.0098 0736 SDRSVC - ok
    12:45:27.0127 0736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    12:45:27.0128 0736 secdrv - ok
    12:45:27.0147 0736 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    12:45:27.0150 0736 seclogon - ok
    12:45:27.0185 0736 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    12:45:27.0188 0736 SENS - ok
    12:45:27.0200 0736 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    12:45:27.0205 0736 SensrSvc - ok
    12:45:27.0229 0736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    12:45:27.0230 0736 Serenum - ok
    12:45:27.0250 0736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    12:45:27.0252 0736 Serial - ok
    12:45:27.0297 0736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    12:45:27.0298 0736 sermouse - ok
    12:45:27.0366 0736 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    12:45:27.0370 0736 SessionEnv - ok
    12:45:27.0411 0736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    12:45:27.0412 0736 sffdisk - ok
    12:45:27.0424 0736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    12:45:27.0426 0736 sffp_mmc - ok
    12:45:27.0444 0736 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    12:45:27.0444 0736 sffp_sd - ok
    12:45:27.0458 0736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:45:27.0459 0736 sfloppy - ok
    12:45:27.0534 0736 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    12:45:27.0540 0736 SharedAccess - ok
    12:45:27.0599 0736 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    12:45:27.0604 0736 ShellHWDetection - ok
    12:45:27.0628 0736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    12:45:27.0630 0736 sisagp - ok
    12:45:27.0661 0736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:45:27.0662 0736 SiSRaid2 - ok
    12:45:27.0685 0736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:45:27.0687 0736 SiSRaid4 - ok
    12:45:27.0715 0736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    12:45:27.0716 0736 Smb - ok
    12:45:27.0761 0736 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
    12:45:27.0765 0736 smwdm - ok
    12:45:27.0802 0736 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    12:45:27.0805 0736 SNMPTRAP - ok
    12:45:27.0817 0736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    12:45:27.0819 0736 spldr - ok
    12:45:27.0895 0736 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    12:45:27.0900 0736 Spooler - ok
    12:45:28.0078 0736 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    12:45:28.0105 0736 sppsvc - ok
    12:45:28.0240 0736 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    12:45:28.0244 0736 sppuinotify - ok
    12:45:28.0367 0736 SQLAgent$ACT7 (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
    12:45:28.0379 0736 SQLAgent$ACT7 - ok
    12:45:28.0429 0736 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    12:45:28.0437 0736 SQLBrowser - ok
    12:45:28.0472 0736 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    12:45:28.0474 0736 SQLWriter - ok
    12:45:28.0535 0736 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
    12:45:28.0539 0736 srv - ok
    12:45:28.0563 0736 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
    12:45:28.0566 0736 srv2 - ok
    12:45:28.0586 0736 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
    12:45:28.0588 0736 srvnet - ok
    12:45:28.0625 0736 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    12:45:28.0630 0736 SSDPSRV - ok
    12:45:28.0649 0736 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    12:45:28.0653 0736 SstpSvc - ok
    12:45:28.0685 0736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    12:45:28.0686 0736 stexstor - ok
    12:45:28.0752 0736 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    12:45:28.0759 0736 StiSvc - ok
    12:45:28.0820 0736 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    12:45:28.0821 0736 storflt - ok
    12:45:28.0851 0736 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    12:45:28.0852 0736 storvsc - ok
    12:45:28.0870 0736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    12:45:28.0871 0736 swenum - ok
    12:45:28.0900 0736 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    12:45:28.0906 0736 swprv - ok
    12:45:28.0930 0736 Synth3dVsc - ok
    12:45:29.0030 0736 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    12:45:29.0041 0736 SysMain - ok
    12:45:29.0093 0736 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    12:45:29.0096 0736 TabletInputService - ok
    12:45:29.0154 0736 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    12:45:29.0159 0736 TapiSrv - ok
    12:45:29.0178 0736 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    12:45:29.0181 0736 TBS - ok
    12:45:29.0305 0736 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
    12:45:29.0315 0736 Tcpip - ok
    12:45:29.0351 0736 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
    12:45:29.0361 0736 TCPIP6 - ok
    12:45:29.0414 0736 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    12:45:29.0415 0736 tcpipreg - ok
    12:45:29.0461 0736 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    12:45:29.0462 0736 TDPIPE - ok
    12:45:29.0477 0736 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    12:45:29.0478 0736 TDTCP - ok
    12:45:29.0527 0736 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    12:45:29.0528 0736 tdx - ok
    12:45:29.0574 0736 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    12:45:29.0575 0736 TermDD - ok
    12:45:29.0650 0736 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    12:45:29.0657 0736 TermService - ok
    12:45:29.0686 0736 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    12:45:29.0689 0736 Themes - ok
    12:45:29.0718 0736 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    12:45:29.0720 0736 THREADORDER - ok
    12:45:29.0740 0736 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    12:45:29.0744 0736 TrkWks - ok
    12:45:29.0810 0736 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    12:45:29.0821 0736 TrustedInstaller - ok
    12:45:29.0837 0736 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:45:29.0839 0736 tssecsrv - ok
    12:45:29.0902 0736 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    12:45:29.0904 0736 TsUsbFlt - ok
    12:45:29.0921 0736 tsusbhub - ok
    12:45:29.0985 0736 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    12:45:29.0986 0736 tunnel - ok
    12:45:30.0031 0736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    12:45:30.0033 0736 uagp35 - ok
    12:45:30.0095 0736 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    12:45:30.0098 0736 udfs - ok
    12:45:30.0138 0736 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    12:45:30.0142 0736 UI0Detect - ok
    12:45:30.0201 0736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    12:45:30.0202 0736 uliagpkx - ok
    12:45:30.0250 0736 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    12:45:30.0250 0736 umbus - ok
    12:45:30.0283 0736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    12:45:30.0284 0736 UmPass - ok
    12:45:30.0340 0736 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    12:45:30.0344 0736 UmRdpService - ok
    12:45:30.0377 0736 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    12:45:30.0382 0736 upnphost - ok
    12:45:30.0427 0736 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:45:30.0428 0736 usbccgp - ok
    12:45:30.0476 0736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    12:45:30.0477 0736 usbcir - ok
    12:45:30.0501 0736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    12:45:30.0502 0736 usbehci - ok
    12:45:30.0528 0736 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    12:45:30.0531 0736 usbhub - ok
    12:45:30.0551 0736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    12:45:30.0552 0736 usbohci - ok
    12:45:30.0577 0736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    12:45:30.0578 0736 usbprint - ok
    12:45:30.0600 0736 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    12:45:30.0602 0736 usbscan - ok
    12:45:30.0622 0736 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:45:30.0623 0736 USBSTOR - ok
    12:45:30.0640 0736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    12:45:30.0641 0736 usbuhci - ok
    12:45:30.0667 0736 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    12:45:30.0671 0736 UxSms - ok
    12:45:30.0700 0736 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
    12:45:30.0702 0736 VaultSvc - ok
    12:45:30.0747 0736 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
    12:45:30.0748 0736 VClone - ok
    12:45:30.0801 0736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    12:45:30.0802 0736 vdrvroot - ok
    12:45:30.0873 0736 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    12:45:30.0879 0736 vds - ok
    12:45:30.0903 0736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:45:30.0904 0736 vga - ok
    12:45:30.0917 0736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    12:45:30.0918 0736 VgaSave - ok
    12:45:30.0927 0736 VGPU - ok
    12:45:30.0989 0736 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    12:45:30.0991 0736 vhdmp - ok
    12:45:31.0021 0736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    12:45:31.0023 0736 viaagp - ok
    12:45:31.0057 0736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    12:45:31.0058 0736 ViaC7 - ok
    12:45:31.0079 0736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    12:45:31.0080 0736 viaide - ok
    12:45:31.0107 0736 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    12:45:31.0109 0736 vmbus - ok
    12:45:31.0128 0736 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    12:45:31.0130 0736 VMBusHID - ok
    12:45:31.0148 0736 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    12:45:31.0149 0736 volmgr - ok
    12:45:31.0176 0736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    12:45:31.0179 0736 volmgrx - ok
    12:45:31.0225 0736 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    12:45:31.0228 0736 volsnap - ok
    12:45:31.0266 0736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:45:31.0268 0736 vsmraid - ok
    12:45:31.0369 0736 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    12:45:31.0378 0736 VSS - ok
    12:45:31.0428 0736 vToolbarUpdater11.2.0 - ok
    12:45:31.0452 0736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    12:45:31.0453 0736 vwifibus - ok
    12:45:31.0505 0736 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    12:45:31.0511 0736 W32Time - ok
    12:45:31.0539 0736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    12:45:31.0540 0736 WacomPen - ok
    12:45:31.0592 0736 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    12:45:31.0593 0736 WANARP - ok
    12:45:31.0600 0736 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    12:45:31.0603 0736 Wanarpv6 - ok
    12:45:31.0707 0736 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    12:45:31.0733 0736 WatAdminSvc - ok
    12:45:31.0834 0736 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    12:45:31.0847 0736 wbengine - ok
    12:45:31.0873 0736 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    12:45:31.0876 0736 WbioSrvc - ok
    12:45:31.0936 0736 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    12:45:31.0941 0736 wcncsvc - ok
    12:45:31.0960 0736 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    12:45:31.0963 0736 WcsPlugInService - ok
    12:45:32.0017 0736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    12:45:32.0018 0736 Wd - ok
    12:45:32.0060 0736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    12:45:32.0065 0736 Wdf01000 - ok
    12:45:32.0086 0736 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    12:45:32.0090 0736 WdiServiceHost - ok
    12:45:32.0098 0736 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    12:45:32.0104 0736 WdiSystemHost - ok
    12:45:32.0160 0736 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    12:45:32.0165 0736 WebClient - ok
    12:45:32.0186 0736 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    12:45:32.0190 0736 Wecsvc - ok
    12:45:32.0205 0736 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    12:45:32.0210 0736 wercplsupport - ok
    12:45:32.0239 0736 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    12:45:32.0243 0736 WerSvc - ok
    12:45:32.0268 0736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:45:32.0269 0736 WfpLwf - ok
    12:45:32.0297 0736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    12:45:32.0298 0736 WIMMount - ok
    12:45:32.0400 0736 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    12:45:32.0420 0736 WinDefend - ok
    12:45:32.0434 0736 WinHttpAutoProxySvc - ok
    12:45:32.0492 0736 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    12:45:32.0494 0736 Winmgmt - ok
    12:45:32.0589 0736 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    12:45:32.0602 0736 WinRM - ok
    12:45:32.0678 0736 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    12:45:32.0679 0736 WinUsb - ok
    12:45:32.0752 0736 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    12:45:32.0762 0736 Wlansvc - ok
    12:45:32.0809 0736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    12:45:32.0810 0736 WmiAcpi - ok
    12:45:32.0864 0736 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    12:45:32.0866 0736 wmiApSrv - ok
    12:45:32.0989 0736 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    12:45:33.0013 0736 WMPNetworkSvc - ok
    12:45:33.0026 0736 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    12:45:33.0032 0736 WPCSvc - ok
    12:45:33.0081 0736 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    12:45:33.0084 0736 WPDBusEnum - ok
    12:45:33.0135 0736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    12:45:33.0136 0736 ws2ifsl - ok
    12:45:33.0179 0736 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    12:45:33.0183 0736 wscsvc - ok
    12:45:33.0191 0736 WSearch - ok
    12:45:33.0347 0736 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    12:45:33.0366 0736 wuauserv - ok
    12:45:33.0501 0736 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    12:45:33.0503 0736 WudfPf - ok
    12:45:33.0524 0736 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:45:33.0526 0736 WUDFRd - ok
    12:45:33.0582 0736 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    12:45:33.0585 0736 wudfsvc - ok
    12:45:33.0617 0736 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    12:45:33.0622 0736 WwanSvc - ok
    12:45:33.0659 0736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:45:33.0685 0736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    12:45:33.0685 0736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    12:45:33.0698 0736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    12:45:33.0706 0736 \Device\Harddisk1\DR1 - ok
    12:45:33.0711 0736 Boot (0x1200) (abc49a7be8d0ec074a4d9b937d39bd43) \Device\Harddisk0\DR0\Partition0
    12:45:33.0715 0736 \Device\Harddisk0\DR0\Partition0 - ok
    12:45:33.0724 0736 Boot (0x1200) (0301c1836343c2cd574a370ec0c2a1fd) \Device\Harddisk1\DR1\Partition0
    12:45:33.0727 0736 \Device\Harddisk1\DR1\Partition0 - ok
    12:45:33.0729 0736 ============================================================
    12:45:33.0729 0736 Scan finished
    12:45:33.0729 0736 ============================================================
    12:45:33.0750 1128 Detected object count: 1
    12:45:33.0750 1128 Actual detected object count: 1
    12:45:46.0243 1128 \Device\Harddisk0\DR0\# - copied to quarantine
    12:45:46.0244 1128 \Device\Harddisk0\DR0 - copied to quarantine
    12:45:46.0276 1128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    12:45:46.0285 1128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    12:45:46.0289 1128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    12:45:46.0294 1128 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    12:45:46.0301 1128 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    12:45:46.0311 1128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    12:45:46.0321 1128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    12:45:46.0324 1128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    12:45:46.0327 1128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    12:45:46.0331 1128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    12:45:46.0334 1128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    12:45:46.0338 1128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    12:45:46.0341 1128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    12:45:46.0344 1128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    12:45:46.0376 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    12:45:46.0377 1128 \Device\Harddisk0\DR0 - ok
    12:45:52.0289 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    12:45:58.0738 3416 Deinitialize success
  21. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    How are things now?

    If fine continue with OTL.
  22. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    OTL logfile created on: 8/10/2012 1:01:31 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Derrick Hedstrom\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 74.64% Memory free
    3.00 Gb Paging File | 2.47 Gb Available in Paging File | 82.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 348.61 Gb Free Space | 74.85% Space Free | Partition Type: NTFS
    Drive E: | 483.23 Mb Total Space | 361.41 Mb Free Space | 74.79% Space Free | Partition Type: FAT
    Drive S: | 25.69 Gb Total Space | 4.13 Gb Free Space | 16.06% Space Free | Partition Type: NTFS

    Computer Name: TREASURY | User Name: Derrick Hedstrom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/10 13:00:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/11 17:41:46 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2011/11/11 16:36:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/09 03:16:02 | 000,075,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
    PRC - [2009/09/25 16:57:30 | 000,537,968 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    PRC - [2003/04/24 05:21:56 | 000,278,589 | ---- | M] () -- C:\Program Files\ACT\SideACT.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/07/21 15:42:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
    MOD - [2003/04/24 05:21:56 | 000,278,589 | ---- | M] () -- C:\Program Files\ACT\SideACT.exe
    MOD - [2003/04/24 04:47:20 | 000,286,773 | ---- | M] () -- C:\Program Files\ACT\sharenui.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/08/02 20:45:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/26 10:37:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/11 16:36:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/04/25 08:27:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
    SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DERRIC~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E DB 30 95 FE FD CB 01 [binary data]
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...82b52859b9c&lang=en&ds=AVG&pr=fr&d=2012-05-15 10:11:19&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2012-05-15 10:11:19&sap=ku&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/26 10:37:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/06/08 13:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 09:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Firefox\Profiles\yqgsz9bx.default\extensions
    [2011/10/19 10:04:14 | 000,003,739 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Firefox\Profiles\yqgsz9bx.default\searchplugins\avg-secure-search.xml
    [2012/03/26 09:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/26 10:37:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/09 08:33:53 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/20 11:31:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/20 11:31:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/10 11:09:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [QuickBooksDB20] C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - Startup: C:\Users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA5AAF4-0DED-407A-B9DE-605B3484DA8A}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/10 13:00:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
    [2012/08/10 12:45:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/10 12:44:58 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derrick Hedstrom\Desktop\TDSSKiller.exe
    [2012/08/10 12:20:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/10 12:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/10 11:07:02 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\AppData\Local\temp
    [2012/08/10 10:29:42 | 010,665,032 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Derrick Hedstrom\Desktop\AppRemover.exe
    [2012/08/10 09:52:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
    [2012/08/10 09:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/08/10 09:42:27 | 000,000,000 | ---D | C] -- C:\AVG2012
    [2012/08/09 18:47:56 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/09 17:26:10 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.scr
    [2012/08/09 17:26:10 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.exe
    [2012/08/09 17:26:06 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\ComboFix.exe
    [2012/08/09 16:15:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\dds.com
    [2012/08/09 14:03:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/08/09 11:50:18 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2012/08/08 15:17:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/08/08 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum
    [2012/08/08 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
    [2012/08/08 15:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2012/08/08 15:13:10 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    [2012/08/08 15:12:37 | 003,396,552 | ---- | C] (Axantum Software AB) -- C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    [2012/08/08 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\Desktop\vostro 1000
    [2012/08/02 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
    [2012/02/06 17:11:01 | 009,202,080 | ---- | C] (Sage Software ) -- C:\Users\Derrick Hedstrom\AppData\Roaming\ACT2012HotFix_UK_SS.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/08/10 13:00:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
    [2012/08/10 12:51:29 | 000,689,252 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/10 12:51:29 | 000,130,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/10 12:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/10 12:46:39 | 1207,214,080 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/10 12:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/10 12:44:31 | 002,117,108 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\tdsskiller.zip
    [2012/08/10 11:47:44 | 204,845,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/10 11:09:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/10 09:57:14 | 010,665,032 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Derrick Hedstrom\Desktop\AppRemover.exe
    [2012/08/09 17:19:38 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.scr
    [2012/08/09 17:19:14 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.exe
    [2012/08/09 17:17:30 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\ComboFix.exe
    [2012/08/09 16:06:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\dds.com
    [2012/08/08 16:49:48 | 000,001,149 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
    [2012/08/08 15:12:40 | 003,396,552 | ---- | M] (Axantum Software AB) -- C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
    [2012/08/08 14:29:50 | 000,000,393 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
    [2012/08/08 14:29:49 | 010,752,000 | R--- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
    [2012/08/08 14:29:49 | 000,851,968 | R--- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
    [2012/08/08 11:02:42 | 000,101,491 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\August8.pdf
    [2012/08/07 10:22:31 | 013,404,730 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    [2012/08/07 10:20:36 | 010,995,891 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.pdf
    [2012/08/07 09:16:20 | 000,016,414 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\statement-Jul-2012 - 0020189080.pdf
    [2012/08/06 16:32:40 | 000,001,185 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
    [2012/07/26 13:29:34 | 000,177,959 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Doctor project
    [2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derrick Hedstrom\Desktop\TDSSKiller.exe
    [2012/07/17 08:53:54 | 002,162,176 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
    [2012/07/16 15:02:14 | 000,027,520 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
    [2012/07/12 18:18:17 | 000,260,604 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

    ========== Files Created - No Company Name ==========

    [2012/08/10 12:44:29 | 002,117,108 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\tdsskiller.zip
    [2012/08/09 16:15:22 | 000,302,592 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\gmer.exe
    [2012/08/09 14:12:34 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    [2012/08/09 14:12:34 | 000,001,281 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
    [2012/08/09 14:12:34 | 000,001,060 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/08/09 14:12:34 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SideACT!.lnk
    [2012/08/08 11:02:41 | 000,101,491 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\August8.pdf
    [2012/08/07 10:22:02 | 013,404,730 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
    [2012/08/07 10:19:32 | 010,995,891 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.pdf
    [2012/08/07 09:16:19 | 000,016,414 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\statement-Jul-2012 - 0020189080.pdf
    [2012/07/26 13:29:34 | 000,177,959 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Doctor project
    [2012/07/16 15:02:14 | 000,027,520 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
    [2012/07/12 18:18:17 | 000,260,604 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/02/06 16:46:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\EmailShared.dll
    [2012/01/03 10:20:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2011/11/21 17:03:30 | 000,001,185 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
    [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf
    [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\ProgramData\5650k7l7ap22v34yf
    [2011/06/09 15:08:42 | 000,000,033 | ---- | C] () -- C:\Windows\MTPPA.BIN
    [2011/06/09 12:36:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/09 12:36:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/09 12:36:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/09 12:36:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/09 12:36:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/08 14:54:36 | 000,000,000 | ---- | C] () -- C:\Users\Derrick Hedstrom\defogger_reenable
    [2011/06/08 09:12:41 | 000,000,036 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\housecall.guid.cache
    [2011/05/23 10:52:15 | 000,017,600 | -H-- | C] () -- C:\Users\Derrick Hedstrom\11-05-23.asc
    [2011/04/20 09:18:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/04/20 09:18:29 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
    [2011/04/20 09:17:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/04/18 16:12:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

    ========== LOP Check ==========

    [2011/12/20 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\ACT
    [2011/10/19 13:45:42 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\AVG
    [2012/08/10 12:57:03 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox
    [2011/12/20 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Interact Commerce
    [2011/12/20 14:28:04 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\IsolatedStorage
    [2012/08/08 15:13:10 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
    [2012/08/06 09:52:32 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Vso
    [2012/08/10 12:31:58 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


    OTL Extras logfile created on: 8/10/2012 1:01:31 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Derrick Hedstrom\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 74.64% Memory free
    3.00 Gb Paging File | 2.47 Gb Available in Paging File | 82.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 348.61 Gb Free Space | 74.85% Space Free | Partition Type: NTFS
    Drive E: | 483.23 Mb Total Space | 361.41 Mb Free Space | 74.79% Space Free | Partition Type: FAT
    Drive S: | 25.69 Gb Total Space | 4.13 Gb Free Space | 16.06% Space Free | Partition Type: NTFS

    Computer Name: TREASURY | User Name: Derrick Hedstrom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
    "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{19ABDEEB-3B53-4C40-B00C-7C2994393F19}" = AxCrypt 1.7.2931.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
    "{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
    "{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
    "{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
    "{D0027269-84EB-467B-9726-C0FDCAE422D6}" = .NET Framework Machine Code Access Security Policy
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
    "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ESET Online Scanner" = ESET Online Scanner v3
    "Foxit PDF Creator" = Foxit PDF Creator
    "Foxit PDF Editor" = Foxit PDF Editor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Product_Name" = MasterTech Personnel Potential Analysis
    "VirtualCloneDrive" = VirtualCloneDrive
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ACT!" = ACT!
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/10/2012 10:33:54 AM | Computer Name = Treasury | Source = MsiInstaller | ID = 10005
    Description =

    Error - 8/10/2012 11:09:03 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 11:32:02 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 11:39:40 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 12:02:14 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 12:05:10 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = VSS | ID = 18
    Description =

    Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = VSS | ID = 8193
    Description =

    Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = System Restore | ID = 8193
    Description =

    Error - 8/10/2012 12:29:49 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 8/10/2012 12:46:56 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ System Events ]
    Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
    Description = The Shell Hardware Detection service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
    Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 60000 milliseconds: Restart the
    service.

    Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
    Description = The Windows Management Instrumentation service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
    Description = The Windows Update service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/10/2012 12:32:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Server service, but this action
    failed with the following error: %%1056

    Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Multimedia Class Scheduler
    service, but this action failed with the following error: %%1056

    Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Computer Browser service,
    but this action failed with the following error: %%1056

    Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 8/10/2012 12:46:51 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7000
    Description = The adfs service failed to start due to the following error: %%2

    Error - 8/10/2012 12:46:56 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater11.2.0 service failed to start due to the following
    error: %%2


    < End of report >
  23. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    Now it seems to be back to normal. I no longer have any "creeping up" svchost.exe's. Although there still appears to be far too many in my task manager.
  24. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    =================================

    You can reinstall AVG at any time.

    ================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      [2012/08/09 18:47:56 | 000,000,000 | ---D | C] -- C:\FRST
      [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf
      [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\ProgramData\5650k7l7ap22v34yf
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

    ===================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. Derrick

    Derrick Newcomer, in training Topic Starter Posts: 26

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
    C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U folder moved successfully.
    C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L folder moved successfully.
    C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf moved successfully.
    C:\ProgramData\5650k7l7ap22v34yf moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U folder moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L folder moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Derrick Hedstrom
    ->Temp folder emptied: 1676 bytes
    ->Temporary Internet Files folder emptied: 656003 bytes
    ->Java cache emptied: 1484906 bytes
    ->FireFox cache emptied: 63557996 bytes
    ->Flash cache emptied: 647 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: QBDataServiceUser20
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 577459 bytes

    Total Files Cleaned = 63.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Derrick Hedstrom
    ->Java cache emptied: 0 bytes

    User: Public

    User: QBDataServiceUser20

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Derrick Hedstrom
    ->Flash cache emptied: 0 bytes

    User: Public

    User: QBDataServiceUser20

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08102012_133157

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.