Solved Shut down in one minute

[Derrick]

I'm running Windows 7 32 bit and have the svchost.exe issue where several instances are running and increase in RAM usage infinitely. While running mbam.exe has been run twice and handled 6 items twice (same items) Trendmicro begins to work and then the Critical issue / one minute warning occurs and then the pc shuts down.
I've followed another active thread through downloading and running "First.exe" and here is the log.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 09-08-2012 14:48:01
Running from E:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe" [75648 2009-10-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickBooksDB20] C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_TREASURY_20 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~2\Intuit\QUICKB~2\DBSTAR~1.LOG -y [3271 2012-08-09] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Derrick Hedstrom\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Users\Derrick Hedstrom\AppData\Local\o4wsy.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SideACT!.lnk
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Users\Derrick Hedstrom\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

4 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MSSQL$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" -sACT7 [42884448 2010-05-05] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [44896 2010-05-05] (Microsoft Corporation)
2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2011-11-11] (Intuit)
3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.)
4 QuickBooksDB20; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [678912 2009-08-17] (Intuit, Inc.)
4 SQLAgent$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE" -I ACT7 [367456 2010-05-05] (Microsoft Corporation)
2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
2 adfs; [x]
3 catchme; \??\C:\Users\DERRIC~1\AppData\Local\Temp\catchme.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-09 14:47 - 2012-08-09 14:48 - 00000000 ____D C:\FRST
2012-08-09 10:03 - 2012-08-09 10:12 - 00000000 ____D C:\Windows\pss
2012-08-09 07:50 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-08-09 07:49 - 2012-08-09 07:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
2012-08-08 12:04 - 2012-08-08 12:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
2012-08-08 11:17 - 2012-08-08 11:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-08 11:14 - 2012-08-08 11:14 - 00000000 ____D C:\Program Files\Axantum
2012-08-08 11:13 - 2012-08-08 11:13 - 00000000 ____D C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
2012-08-08 11:13 - 2012-08-08 11:13 - 00000000 ____D C:\Users\All Users\Real
2012-08-08 11:12 - 2012-08-08 11:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
2012-08-08 08:10 - 2012-08-08 08:10 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\vostro 1000
2012-08-07 10:52 - 2012-08-07 10:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
2012-08-07 10:52 - 2012-08-07 10:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
2012-08-07 10:42 - 2012-08-07 10:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
2012-08-07 10:41 - 2012-08-07 10:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
2012-08-07 06:22 - 2012-08-07 06:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
2012-08-02 09:12 - 2012-08-06 12:30 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
2012-07-26 13:55 - 2012-07-26 14:02 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
2012-07-26 12:30 - 2012-08-02 09:54 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
2012-07-26 09:29 - 2012-07-26 09:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
2012-07-16 11:02 - 2012-07-16 11:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat

============ 3 Months Modified Files ========================

2012-08-09 10:22 - 2011-12-07 12:02 - 00000312 ____A C:\Windows\Tasks\AutoKMS.job
2012-08-09 10:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 10:22 - 2009-07-13 20:39 - 00037389 ____A C:\Windows\setupact.log
2012-08-09 10:20 - 2009-07-13 20:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 09:45 - 2012-07-09 05:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 09:34 - 2011-04-18 11:11 - 00817474 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 09:28 - 2011-04-19 02:53 - 00066006 ____A C:\Windows\PFRO.log
2012-08-09 07:49 - 2012-08-09 07:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
2012-08-08 12:49 - 2012-06-29 05:12 - 00001149 ____A C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
2012-08-08 12:04 - 2012-08-08 12:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
2012-08-08 12:03 - 2011-06-09 08:34 - 94921048 ____A C:\Windows\MEMORY.DMP
2012-08-08 11:12 - 2012-08-08 11:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
2012-08-08 10:56 - 2011-10-03 07:25 - 88104960 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW
2012-08-08 10:56 - 2011-10-03 07:25 - 00589824 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.TLG
2012-08-08 10:56 - 2011-10-03 07:25 - 00000398 ____A C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.ND
2012-08-08 10:29 - 2012-05-16 10:06 - 00851968 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
2012-08-08 10:29 - 2012-05-16 10:06 - 00000393 ____A C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
2012-08-08 10:29 - 2011-07-27 05:42 - 10752000 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
2012-08-07 10:52 - 2012-08-07 10:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
2012-08-07 10:52 - 2012-08-07 10:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
2012-08-07 10:42 - 2012-08-07 10:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
2012-08-07 10:41 - 2012-08-07 10:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
2012-08-07 06:22 - 2012-08-07 06:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
2012-08-06 12:32 - 2011-11-21 13:03 - 00001185 ____A C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
2012-08-02 16:45 - 2012-04-09 05:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 16:45 - 2011-05-17 02:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 09:54 - 2012-07-26 12:30 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
2012-07-26 14:02 - 2012-07-26 13:55 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
2012-07-26 09:29 - 2012-07-26 09:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
2012-07-25 09:28 - 2012-06-08 06:17 - 00015802 ____A C:\Users\Derrick Hedstrom\Desktop\Screen Bonuses 2012.xlsx
2012-07-17 04:53 - 2012-07-06 09:01 - 02162176 ____A C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
2012-07-16 11:02 - 2012-07-16 11:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
2012-07-13 10:14 - 2011-04-18 11:09 - 01342680 ____A C:\Windows\WindowsUpdate.log
2012-07-05 13:03 - 2012-07-05 13:03 - 00026295 ____A C:\Users\Derrick Hedstrom\Documents\Scale of Function.XtoDVD
2012-07-03 09:46 - 2011-06-10 15:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 04:28 - 2012-06-25 04:28 - 00005681 ____A C:\Users\Derrick Hedstrom\Documents\Drefs
2012-06-19 09:47 - 2012-06-19 09:47 - 00483738 ____A C:\Users\Derrick Hedstrom\Downloads\legalaccounts.zip
2012-06-11 11:03 - 2012-06-11 08:19 - 00011417 ____A C:\Users\Derrick Hedstrom\Downloads\Eaton Health Fair.xlsx
2012-06-04 23:37 - 2012-08-09 07:50 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-05-29 11:53 - 2012-05-29 06:01 - 00011127 ____A C:\Users\Derrick Hedstrom\Documents\Hope Network Attendees.xlsx
2012-05-25 08:18 - 2012-05-25 07:32 - 00010898 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending (Autosaved).xlsx
2012-05-23 06:44 - 2012-05-23 06:44 - 00139616 ____A C:\Windows\Minidump\052312-36562-01.dmp
2012-05-22 08:49 - 2012-05-22 08:49 - 00000165 ___AH C:\Users\Derrick Hedstrom\Documents\~$Copy of Hope Network Vendor Attending.xlsx
2012-05-17 10:56 - 2012-05-17 10:56 - 00010519 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending.xlsx
2012-05-16 10:27 - 2012-05-12 08:24 - 00010901 ____A C:\Users\Derrick Hedstrom\Documents\Hope NETwork.xlsx
2012-05-16 10:06 - 2012-05-16 10:06 - 00000496 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.lgb
2012-05-15 11:26 - 2012-05-15 11:26 - 00010627 ____A C:\Users\Derrick Hedstrom\Desktop\today
2012-05-14 10:53 - 2012-05-14 10:53 - 00001821 ____A C:\Users\Derrick Hedstrom\Documents\week3
2012-05-12 09:01 - 2012-05-12 08:59 - 00113664 ____A C:\Users\Derrick Hedstrom\Documents\Shelly Commend.pub

ZeroAccess:
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\00000004.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\201d3dde
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 1535.05 MB
Available physical RAM: 1152.16 MB
Total Pagefile: 1535.05 MB
Available Pagefile: 1166.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:346.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
4 Drive e: (Lexar) (Removable) (Total:0.47 GB) (Free:0.37 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 483 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 483 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Lexar FAT Removable 483 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 04:38

======================= End Of Log ==========================

 

[Derrick]

I meant Farbar....frst.exe not first.exe

 

[Derrick]

Ok, so in looking at a few others, here are the rest of the things needed.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.08

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 8.0.7601.17514
Derrick Hedstrom :: TREASURY [administrator]

8/9/2012 12:04:59 PM
mbam-log-2012-08-09 (12-04-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397133
Time elapsed: 40 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-09 16:21:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKX-001CA0 rev.15.01H15
Running: gmer.exe; Driver: C:\Users\DERRIC~1\AppData\Local\Temp\kfdiipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Derrick Hedstrom at 16:24:30 on 2012-08-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.703 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ACT\SideACT.exe
C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_22\bin\jusched.exe"
mRun: [QuickBooksDB20] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_treasury_20 -qs -gd all -gk all -gp 4096 -gu all -ch 256m -c 128m -x tcpip(broadcastlistener=no;port=55338) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\progra~2\intuit\quickb~2\DBSTAR~1.LOG -y
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\derric~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\derrick hedstrom\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sideact!.lnk - c:\program files\act\SideACT.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2CA5AAF4-0DED-407A-B9DE-605B3484DA8A} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: c:\users\derrick hedstrom\appdata\local\o4wsy.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derrick hedstrom\appdata\roaming\mozilla\firefox\profiles\yqgsz9bx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B388dd59f-5def-49c8-9eae-8cad82ce394a%7D&mid=7ab287a32c6947d1a28ed15857d1350b-7e2094d31d03b33de90c8ba60db7f82b52859b9c&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-15%2010%3A11%3A19&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-20 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-25 1343400]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-08-09 22:47:56 -------- d-----w- C:\FRST
2012-08-09 18:03:42 -------- d-----w- c:\windows\pss
2012-08-09 15:50:18 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-08 19:17:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-08 19:14:07 -------- d-----w- c:\program files\Axantum
2012-08-08 19:13:10 -------- d-----w- c:\users\derrick hedstrom\appdata\roaming\OpenCandy
.
==================== Find3M ====================
.
2012-08-03 00:45:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 00:45:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:26:10.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/18/2011 6:04:01 PM
System Uptime: 8/9/2012 4:08:55 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 346.011 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: JD SECURE
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_SECURE&REV_1100#106A6809151545110607&0#
Manufacturer: LEXAR
Name: Lexar
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_SECURE&REV_1100#106A6809151545110607&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP83: 6/15/2012 12:00:06 AM - Scheduled Checkpoint
RP84: 6/25/2012 12:33:28 PM - Scheduled Checkpoint
RP85: 7/3/2012 12:00:06 AM - Scheduled Checkpoint
RP86: 7/11/2012 12:00:06 AM - Scheduled Checkpoint
RP87: 7/18/2012 12:37:38 PM - Scheduled Checkpoint
RP88: 7/26/2012 11:08:13 AM - Scheduled Checkpoint
RP89: 8/3/2012 12:00:10 AM - Scheduled Checkpoint
RP90: 8/8/2012 3:13:18 PM - Installed AxCrypt 1.7.2931.0
.
==== Installed Programs ======================
.
.
.NET Framework Machine Code Access Security Policy
Acrobat.com
ACT!
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup 2011
AxCrypt 1.7.2931.0
Bonjour
ConvertXtoDVD 4.1.19.365
Dropbox
ESET Online Scanner v3
Foxit PDF Creator
Foxit PDF Editor
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
iTunes
J2SE Runtime Environment 5.0 Update 22
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.62.0.1300
MasterTech Personnel Potential Analysis
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2010
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
VirtualCloneDrive
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 8:34:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
8/9/2012 8:34:30 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2012 4:10:01 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/9/2012 4:09:59 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/9/2012 4:09:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/9/2012 4:09:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/9/2012 4:09:58 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
8/9/2012 2:21:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:21:03 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:20:51 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:20:46 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
8/9/2012 2:20:27 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
8/9/2012 2:20:14 PM, Error: Service Control Manager [7034] - The SQL Server (ACT7) service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:20:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 2:20:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 2:20:09 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 2:20:03 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:20:03 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:19:58 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:19:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:45 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:19:27 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/9/2012 2:19:07 PM, Error: Service Control Manager [7034] - The vToolbarUpdater11.2.0 service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:18:51 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:18:39 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/9/2012 2:18:20 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:17:37 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:17:37 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:17:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/9/2012 2:05:26 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:04:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:04:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:04:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:03:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Superfetch service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:03:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Themes service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/9/2012 2:02:14 PM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 2:02:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 12:04:51 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/9/2012 12:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/9/2012 12:04:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2012 12:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/9/2012 12:03:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:03:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:03:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 11:58:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache ElbyCDIO spldr Wanarpv6
8/9/2012 11:57:45 AM, Error: volmgr [46] - Crash dump initialization failed!
8/9/2012 11:55:52 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:55:33 AM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:55:33 AM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:55:33 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 11:55:24 AM, Error: Service Control Manager [7023] -
8/9/2012 11:55:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 11:54:16 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:53:19 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:53:19 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:52:47 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 11:52:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
8/9/2012 11:51:44 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 11:36:51 AM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 4 time(s).
8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Offline Files service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:54:46 AM, Error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:44:04 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 10:38:24 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 10:37:20 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 10:36:51 AM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/9/2012 10:36:24 AM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 10:34:43 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
8/9/2012 10:26:49 AM, Error: Service Control Manager [7034] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:24:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 10:20:54 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
8/8/2012 4:04:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x828b2ab5, 0x80e47b4c, 0x80e47730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-50125-01.
8/8/2012 3:47:18 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
8/8/2012 3:23:22 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
8/3/2012 2:05:26 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

 

[Derrick]

I was unsure as to whether you wanted me to run the scan again as well. Here that, and the frst.txt as well.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by Derrick Hedstrom at 09-08-2012 17:00:04
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-08-09 18:47 - 2012-08-09 17:00 - 00000000 ____D C:\FRST
2012-08-09 16:15 - 2012-08-09 16:06 - 00607260 ____R (Swearware) C:\Users\Derrick Hedstrom\Desktop\dds.com
2012-08-09 16:15 - 2011-07-16 22:21 - 00302592 ____A C:\Users\Derrick Hedstrom\Desktop\gmer.exe
2012-08-09 14:03 - 2012-08-09 14:12 - 00000000 ____D C:\Windows\pss
2012-08-09 11:50 - 2012-06-05 03:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-08-09 11:49 - 2012-08-09 11:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
2012-08-08 16:04 - 2012-08-08 16:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
2012-08-08 15:17 - 2012-08-08 15:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-08 15:14 - 2012-08-08 15:14 - 00000000 ____D C:\Program Files\Axantum
2012-08-08 15:13 - 2012-08-08 15:13 - 00000000 ____D C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
2012-08-08 15:13 - 2012-08-08 15:13 - 00000000 ____D C:\Users\All Users\Real
2012-08-08 15:12 - 2012-08-08 15:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
2012-08-08 12:10 - 2012-08-08 12:10 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\vostro 1000
2012-08-07 14:52 - 2012-08-07 14:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
2012-08-07 14:52 - 2012-08-07 14:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
2012-08-07 14:42 - 2012-08-07 14:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
2012-08-07 14:41 - 2012-08-07 14:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
2012-08-07 10:22 - 2012-08-07 10:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
2012-08-02 13:12 - 2012-08-06 16:30 - 00000000 ____D C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
2012-07-26 17:55 - 2012-07-26 18:02 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
2012-07-26 16:30 - 2012-08-02 13:54 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
2012-07-26 13:29 - 2012-07-26 13:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
2012-07-16 15:02 - 2012-07-16 15:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat

============ 3 Months Modified Files ========================

2012-08-09 16:45 - 2012-07-09 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 16:19 - 2011-04-18 15:11 - 00817474 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 16:09 - 2011-12-07 16:02 - 00000312 ____A C:\Windows\Tasks\AutoKMS.job
2012-08-09 16:09 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 16:09 - 2009-07-14 00:39 - 00037445 ____A C:\Windows\setupact.log
2012-08-09 16:06 - 2012-08-09 16:15 - 00607260 ____R (Swearware) C:\Users\Derrick Hedstrom\Desktop\dds.com
2012-08-09 14:20 - 2009-07-14 00:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 13:28 - 2011-04-19 06:53 - 00066006 ____A C:\Windows\PFRO.log
2012-08-09 11:49 - 2012-08-09 11:49 - 02002944 ____A (Trend Micro Inc.) C:\Users\Derrick Hedstrom\Downloads\HousecallLauncher.exe
2012-08-08 16:49 - 2012-06-29 09:12 - 00001149 ____A C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
2012-08-08 16:04 - 2012-08-08 16:04 - 00139616 ____A C:\Windows\Minidump\080812-50125-01.dmp
2012-08-08 16:03 - 2011-06-09 12:34 - 94921048 ____A C:\Windows\MEMORY.DMP
2012-08-08 15:12 - 2012-08-08 15:12 - 03396552 ____A (Axantum Software AB) C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
2012-08-08 14:56 - 2011-10-03 11:25 - 88104960 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW
2012-08-08 14:56 - 2011-10-03 11:25 - 00589824 ___RA C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.TLG
2012-08-08 14:56 - 2011-10-03 11:25 - 00000398 ____A C:\Users\Public\AppData\HealthMotionPhysicalTherapy,Inc.QBW.ND
2012-08-08 14:29 - 2012-05-16 14:06 - 00851968 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
2012-08-08 14:29 - 2012-05-16 14:06 - 00000393 ____A C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
2012-08-08 14:29 - 2011-07-27 09:42 - 10752000 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
2012-08-07 14:52 - 2012-08-07 14:52 - 00274353 ____A C:\Users\Derrick Hedstrom\Desktop\2011SCR.txt
2012-08-07 14:52 - 2012-08-07 14:52 - 00128639 ____A C:\Users\Derrick Hedstrom\Desktop\SCR2012.txt
2012-08-07 14:42 - 2012-08-07 14:42 - 00055803 ____A C:\Users\Derrick Hedstrom\Desktop\2012 DR.txt
2012-08-07 14:41 - 2012-08-07 14:41 - 00090474 ____A C:\Users\Derrick Hedstrom\Desktop\2011 DR.txt
2012-08-07 10:22 - 2012-08-07 10:22 - 13404730 ____A C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
2012-08-06 16:32 - 2011-11-21 17:03 - 00001185 ____A C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
2012-08-02 20:45 - 2012-04-09 09:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 20:45 - 2011-05-17 06:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 13:54 - 2012-07-26 16:30 - 00063680 ____A C:\Users\Derrick Hedstrom\Desktop\Doctor project.xlsx
2012-07-26 18:02 - 2012-07-26 17:55 - 00025600 ____A C:\Users\Derrick Hedstrom\Desktop\THis is to route.xls
2012-07-26 13:29 - 2012-07-26 13:29 - 00177959 ____A C:\Users\Derrick Hedstrom\Documents\Doctor project
2012-07-25 13:28 - 2012-06-08 10:17 - 00015802 ____A C:\Users\Derrick Hedstrom\Desktop\Screen Bonuses 2012.xlsx
2012-07-17 08:53 - 2012-07-06 13:01 - 02162176 ____A C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
2012-07-16 15:02 - 2012-07-16 15:02 - 00027520 ____A C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
2012-07-13 14:14 - 2011-04-18 15:09 - 01342680 ____A C:\Windows\WindowsUpdate.log
2012-07-05 17:03 - 2012-07-05 17:03 - 00026295 ____A C:\Users\Derrick Hedstrom\Documents\Scale of Function.XtoDVD
2012-07-03 13:46 - 2011-06-10 19:18 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 08:28 - 2012-06-25 08:28 - 00005681 ____A C:\Users\Derrick Hedstrom\Documents\Drefs
2012-06-19 13:47 - 2012-06-19 13:47 - 00483738 ____A C:\Users\Derrick Hedstrom\Downloads\legalaccounts.zip
2012-06-11 15:03 - 2012-06-11 12:19 - 00011417 ____A C:\Users\Derrick Hedstrom\Downloads\Eaton Health Fair.xlsx
2012-06-05 03:37 - 2012-08-09 11:50 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-05-29 15:53 - 2012-05-29 10:01 - 00011127 ____A C:\Users\Derrick Hedstrom\Documents\Hope Network Attendees.xlsx
2012-05-25 12:18 - 2012-05-25 11:32 - 00010898 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending (Autosaved).xlsx
2012-05-23 10:44 - 2012-05-23 10:44 - 00139616 ____A C:\Windows\Minidump\052312-36562-01.dmp
2012-05-22 12:49 - 2012-05-22 12:49 - 00000165 ___AH C:\Users\Derrick Hedstrom\Documents\~$Copy of Hope Network Vendor Attending.xlsx
2012-05-17 14:56 - 2012-05-17 14:56 - 00010519 ____A C:\Users\Derrick Hedstrom\Documents\Copy of Hope Network Vendor Attending.xlsx
2012-05-16 14:27 - 2012-05-12 12:24 - 00010901 ____A C:\Users\Derrick Hedstrom\Documents\Hope NETwork.xlsx
2012-05-16 14:06 - 2012-05-16 14:06 - 00000496 ___RA C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.lgb
2012-05-15 15:26 - 2012-05-15 15:26 - 00010627 ____A C:\Users\Derrick Hedstrom\Desktop\today
2012-05-14 14:53 - 2012-05-14 14:53 - 00001821 ____A C:\Users\Derrick Hedstrom\Documents\week3
2012-05-12 13:01 - 2012-05-12 12:59 - 00113664 ____A C:\Users\Derrick Hedstrom\Documents\Shelly Commend.pub

ZeroAccess:
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\00000004.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L\201d3dde
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000004.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\00000008.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\000000cb.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000000.@
C:\Windows\Installer\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U\80000032.@

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 50%
Total physical RAM: 1535.05 MB
Available physical RAM: 760.26 MB
Total Pagefile: 3070.11 MB
Available Pagefile: 2072.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.55 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:346 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive e: (Lexar) (Removable) (Total:0.47 GB) (Free:0.37 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 483 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy System (partition with boot components)

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 483 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lexar FAT Removable 483 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 08:38

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by Derrick Hedstrom at 2012-08-09 17:02:46
Running from E:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\system32\services.exe
[2003-03-31 08:00] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\Windows.old\Windows\ServicePackFiles\i386\services.exe
[2011-04-18 14:26] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185

C:\Windows.old\Windows\$NtServicePackUninstall$\services.exe
[2011-04-18 14:24] - [2003-03-31 08:00] - 0101376 ___AC (Microsoft Corporation) E3DF4A0252D287C44606EE55355E1623

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 19:11] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 19:11] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\ERDNT\cache\services.exe
[2011-06-09 12:53] - [2009-07-13 21:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

 

[Derrick]

As is obvious, I didn't run this from command prompt in recovery console. Did you need that to be done that way again?

 

[Broni]

You ran the tool from within Windows.
It's OK for search purposes but make sure you read carefully following instructions and run them accordingly.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Derrick]

I left work last night with combofix.exe running. I came back into work this morning and "windows has recovered from an unexpected shutdown". I have a generic blue background... Many of my folders appear to have been duplicated. I noticed that AVG did not completely uninstall last night (linkscanner) still there. So I'm currently struggling to remove that using the appremover.exe that you've referenced. I've run it again which didn't remove AVG 2012 from apps in control panel. I just ran it using the "complete a failed uninstallation" setting and while it runs (tried twice) "you are being logged off [something about a DCOM Server was stopped unexpectedly]". Please advise.

 

[Derrick]

Upon rebooting, I have my normal desktop back. AVG still installed...I'm going to try to uninstall it once more with appremover

 

[Derrick]

I should state, I followed all instructions up to running combofix, I left while it was running and I don't know what occurred. So I"m starting over at removing AVG (again) with appremover it is still running and is currently my background pic w/no desktop icons or task bar.

 

[Derrick]

ComboFix 12-08-09.01 - Derrick Hedstrom 08/10/2012 10:56:37.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.957 [GMT -4:00]
Running from: c:\users\Derrick Hedstrom\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html
c:\users\Derrick Hedstrom\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 15:07 . 2012-08-10 15:09 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Local\temp
2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 15:07 . 2012-08-10 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 13:52 . 2012-08-10 13:52 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-10 13:42 . 2012-08-10 13:42 -------- d-----w- C:\AVG2012
2012-08-09 22:47 . 2012-08-09 21:00 -------- d-----w- C:\FRST
2012-08-09 15:50 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-08 19:17 . 2012-08-08 19:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-08 19:14 . 2012-08-08 19:14 -------- d-----w- c:\program files\Axantum
2012-08-08 19:13 . 2012-08-08 19:13 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 00:45 . 2012-04-09 13:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 00:45 . 2011-05-17 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-10 23:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 14:37 . 2011-07-29 13:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 12:33 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_22\bin\jusched.exe" [2009-10-09 75648]
"QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-08-18 678912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-11-11 537968]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
SideACT!.lnk - c:\program files\ACT\SideACT.exe [2012-2-6 278589]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\43w999ll.default\
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2700)
c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2012-08-10 11:16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 15:16
ComboFix2.txt 2011-06-13 17:19
ComboFix3.txt 2011-06-13 16:57
ComboFix4.txt 2011-06-09 16:55
.
Pre-Run: 373,621,530,624 bytes free
Post-Run: 373,749,776,384 bytes free
.
- - End Of File - - 5B3A28747DFA4730F5BEA5A870A94A40

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2012 10:53:12 AM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/10/2012 10:53:25 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

 

[Broni]

Try AVG Remover: http://www.avg.com/us-en/utilities

Combofix log looks good.

Any current issues?

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Derrick]

svchost.exe still going nuts. I successfully removed AVG by running appremover in safe mode. Then I attemped to run combofix again in normal mode. it crashed. I just ran combofix in safe mode, that log I will post next, I will run mbam next.

 

[Derrick]

ComboFix 12-08-09.01 - Derrick Hedstrom 08/10/2012 12:09:35.6.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1535.997 [GMT -4:00]
Running from: c:\users\Derrick Hedstrom\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 16:17 . 2012-08-10 16:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 15:07 . 2012-08-10 16:17 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Local\temp
2012-08-10 13:52 . 2012-08-10 15:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-10 13:42 . 2012-08-10 13:42 -------- d-----w- C:\AVG2012
2012-08-09 22:47 . 2012-08-09 21:00 -------- d-----w- C:\FRST
2012-08-09 15:50 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-08 19:17 . 2012-08-08 19:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-08 19:14 . 2012-08-08 19:14 -------- d-----w- c:\program files\Axantum
2012-08-08 19:13 . 2012-08-08 19:13 -------- d-----w- c:\users\Derrick Hedstrom\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 00:45 . 2012-04-09 13:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 00:45 . 2011-05-17 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-10 23:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 14:37 . 2011-07-29 13:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_15.09.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 20:09 . 2012-08-10 15:41 38836 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-08-10 15:41 38944 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-18 19:15 . 2012-08-10 15:41 13764 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4217141809-3760335584-1917686362-1000_UserData.bin
+ 2012-08-08 19:11 . 2012-08-10 15:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-08-08 19:11 . 2012-08-10 14:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-04-18 19:14 . 2012-08-10 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-18 19:14 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-09 21:38 . 2012-08-10 16:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-09 21:38 . 2012-08-10 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-09 21:38 . 2012-08-10 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-08-09 21:38 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-08-09 21:38 . 2012-08-10 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-08-09 21:38 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-04-18 19:14 . 2012-08-10 16:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-18 19:14 . 2012-08-10 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-18 19:14 . 2012-08-10 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-18 19:14 . 2012-08-10 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-10 16:04 . 2012-08-10 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-10 14:26 . 2012-08-10 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-10 14:26 . 2012-08-10 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 16:04 . 2012-08-10 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2012-08-10 15:02 689252 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-08-10 16:12 689252 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-08-10 16:12 130238 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-08-10 15:02 130238 c:\windows\System32\perfc009.dat
- 2011-04-18 19:09 . 2012-08-10 14:26 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-18 19:09 . 2012-08-10 15:49 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-09 15:55 . 2012-08-10 16:05 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-09 15:55 . 2012-08-10 15:08 147456 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2012-08-10 14:26 455532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-08-10 16:03 455532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 19:13 . 2012-08-10 15:28 920252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4217141809-3760335584-1917686362-1000-12288.dat
- 2011-06-09 19:13 . 2012-08-10 14:26 920252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4217141809-3760335584-1917686362-1000-12288.dat
+ 2011-04-18 22:04 . 2012-08-10 16:05 3686400 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-18 22:04 . 2012-08-10 15:08 3686400 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-08-10 16:05 1097728 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_22\bin\jusched.exe" [2009-10-09 75648]
"QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-08-18 678912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-11-11 537968]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
SideACT!.lnk - c:\program files\ACT\SideACT.exe [2012-2-6 278589]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\43w999ll.default\
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1772)
c:\users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-10 12:20:07
ComboFix-quarantined-files.txt 2012-08-10 16:20
ComboFix2.txt 2012-08-10 15:16
ComboFix3.txt 2011-06-13 17:19
ComboFix4.txt 2011-06-13 16:57
ComboFix5.txt 2012-08-10 15:41
.
Pre-Run: 374,213,595,136 bytes free
Post-Run: 374,107,889,664 bytes free
.
- - End Of File - - 85E21B8E742727B83D08D9A84EFB9051

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Derrick]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Derrick Hedstrom :: TREASURY [administrator]

8/10/2012 12:35:23 PM
mbam-log-2012-08-10 (12-35-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228018
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Please read my previous reply.

 

[Derrick]

12:45:02.0635 2660 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:45:02.0939 2660 ============================================================
12:45:02.0939 2660 Current date / time: 2012/08/10 12:45:02.0939
12:45:02.0940 2660 SystemInfo:
12:45:02.0940 2660
12:45:02.0940 2660 OS Version: 6.1.7601 ServicePack: 1.0
12:45:02.0940 2660 Product type: Workstation
12:45:02.0940 2660 ComputerName: TREASURY
12:45:02.0940 2660 UserName: Derrick Hedstrom
12:45:02.0940 2660 Windows directory: C:\Windows
12:45:02.0940 2660 System windows directory: C:\Windows
12:45:02.0940 2660 Processor architecture: Intel x86
12:45:02.0940 2660 Number of processors: 2
12:45:02.0940 2660 Page size: 0x1000
12:45:02.0940 2660 Boot type: Normal boot
12:45:02.0940 2660 ============================================================
12:45:03.0930 2660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:45:03.0933 2660 Drive \Device\Harddisk1\DR1 - Size: 0x1E380000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:45:03.0935 2660 ============================================================
12:45:03.0935 2660 \Device\Harddisk0\DR0:
12:45:03.0935 2660 MBR partitions:
12:45:03.0935 2660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
12:45:03.0935 2660 \Device\Harddisk1\DR1:
12:45:03.0935 2660 MBR partitions:
12:45:03.0936 2660 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0xF1BE0
12:45:03.0936 2660 ============================================================
12:45:03.0945 2660 C: <-> \Device\Harddisk0\DR0\Partition0
12:45:03.0945 2660 ============================================================
12:45:03.0945 2660 Initialize success
12:45:03.0945 2660 ============================================================
12:45:12.0918 0736 ============================================================
12:45:12.0919 0736 Scan started
12:45:12.0919 0736 Mode: Manual;
12:45:12.0919 0736 ============================================================
12:45:13.0939 0736 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:45:13.0940 0736 1394ohci - ok
12:45:13.0976 0736 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:45:13.0978 0736 ACPI - ok
12:45:14.0016 0736 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:45:14.0017 0736 AcpiPmi - ok
12:45:14.0030 0736 adfs - ok
12:45:14.0161 0736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:45:14.0163 0736 AdobeARMservice - ok
12:45:14.0226 0736 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:14.0234 0736 AdobeFlashPlayerUpdateSvc - ok
12:45:14.0276 0736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:14.0280 0736 adp94xx - ok
12:45:14.0317 0736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:14.0320 0736 adpahci - ok
12:45:14.0344 0736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:14.0346 0736 adpu320 - ok
12:45:14.0378 0736 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:45:14.0380 0736 AeLookupSvc - ok
12:45:14.0464 0736 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
12:45:14.0467 0736 AFD - ok
12:45:14.0514 0736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:45:14.0515 0736 agp440 - ok
12:45:14.0536 0736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:45:14.0537 0736 aic78xx - ok
12:45:14.0566 0736 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:45:14.0568 0736 ALG - ok
12:45:14.0589 0736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:45:14.0590 0736 aliide - ok
12:45:14.0608 0736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:45:14.0609 0736 amdagp - ok
12:45:14.0625 0736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:45:14.0626 0736 amdide - ok
12:45:14.0650 0736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:14.0651 0736 AmdK8 - ok
12:45:14.0663 0736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:14.0664 0736 AmdPPM - ok
12:45:14.0711 0736 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
12:45:14.0712 0736 amdsata - ok
12:45:14.0736 0736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:14.0738 0736 amdsbs - ok
12:45:14.0767 0736 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
12:45:14.0768 0736 amdxata - ok
12:45:14.0813 0736 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:45:14.0814 0736 AppID - ok
12:45:14.0859 0736 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:45:14.0860 0736 AppIDSvc - ok
12:45:14.0905 0736 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:45:14.0907 0736 Appinfo - ok
12:45:14.0985 0736 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:14.0987 0736 Apple Mobile Device - ok
12:45:15.0031 0736 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:45:15.0034 0736 AppMgmt - ok
12:45:15.0088 0736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:45:15.0089 0736 arc - ok
12:45:15.0116 0736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:15.0117 0736 arcsas - ok
12:45:15.0147 0736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:15.0148 0736 AsyncMac - ok
12:45:15.0187 0736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:45:15.0188 0736 atapi - ok
12:45:15.0262 0736 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:15.0273 0736 AudioEndpointBuilder - ok
12:45:15.0288 0736 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:15.0292 0736 Audiosrv - ok
12:45:15.0367 0736 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:45:15.0370 0736 AxInstSV - ok
12:45:15.0421 0736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:45:15.0425 0736 b06bdrv - ok
12:45:15.0464 0736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:45:15.0466 0736 b57nd60x - ok
12:45:15.0500 0736 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:45:15.0502 0736 BDESVC - ok
12:45:15.0516 0736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:45:15.0517 0736 Beep - ok
12:45:15.0601 0736 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:45:15.0611 0736 BFE - ok
12:45:15.0645 0736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:15.0647 0736 blbdrive - ok
12:45:15.0774 0736 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:45:15.0788 0736 Bonjour Service - ok
12:45:15.0828 0736 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:45:15.0829 0736 bowser - ok
12:45:15.0843 0736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:15.0844 0736 BrFiltLo - ok
12:45:15.0864 0736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:15.0865 0736 BrFiltUp - ok
12:45:15.0893 0736 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:45:15.0894 0736 BridgeMP - ok
12:45:15.0944 0736 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:45:15.0947 0736 Browser - ok
12:45:15.0982 0736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:45:15.0984 0736 Brserid - ok
12:45:16.0003 0736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:16.0004 0736 BrSerWdm - ok
12:45:16.0019 0736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:16.0020 0736 BrUsbMdm - ok
12:45:16.0033 0736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:16.0034 0736 BrUsbSer - ok
12:45:16.0063 0736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:16.0064 0736 BTHMODEM - ok
12:45:16.0113 0736 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:45:16.0115 0736 bthserv - ok
12:45:16.0223 0736 catchme - ok
12:45:16.0259 0736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:16.0260 0736 cdfs - ok
12:45:16.0321 0736 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:16.0323 0736 cdrom - ok
12:45:16.0373 0736 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:45:16.0375 0736 CertPropSvc - ok
12:45:16.0392 0736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:45:16.0393 0736 circlass - ok
12:45:16.0438 0736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:45:16.0443 0736 CLFS - ok
12:45:16.0511 0736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:16.0513 0736 clr_optimization_v2.0.50727_32 - ok
12:45:16.0583 0736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:16.0585 0736 clr_optimization_v4.0.30319_32 - ok
12:45:16.0605 0736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:16.0606 0736 CmBatt - ok
12:45:16.0649 0736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:45:16.0650 0736 cmdide - ok
12:45:16.0685 0736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
12:45:16.0689 0736 CNG - ok
12:45:16.0719 0736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:16.0719 0736 Compbatt - ok
12:45:16.0769 0736 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:45:16.0770 0736 CompositeBus - ok
12:45:16.0780 0736 COMSysApp - ok
12:45:16.0808 0736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:16.0809 0736 crcdisk - ok
12:45:16.0864 0736 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:45:16.0867 0736 CryptSvc - ok
12:45:16.0908 0736 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:45:16.0912 0736 CSC - ok
12:45:16.0952 0736 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:45:16.0967 0736 CscService - ok
12:45:17.0011 0736 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:45:17.0021 0736 DcomLaunch - ok
12:45:17.0069 0736 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:45:17.0075 0736 defragsvc - ok
12:45:17.0149 0736 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:45:17.0150 0736 DfsC - ok
12:45:17.0190 0736 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:45:17.0199 0736 Dhcp - ok
12:45:17.0226 0736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:45:17.0227 0736 discache - ok
12:45:17.0271 0736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:45:17.0272 0736 Disk - ok
12:45:17.0301 0736 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:45:17.0304 0736 Dnscache - ok
12:45:17.0357 0736 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:45:17.0367 0736 dot3svc - ok
12:45:17.0421 0736 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:45:17.0424 0736 DPS - ok
12:45:17.0481 0736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:45:17.0482 0736 drmkaud - ok
12:45:17.0547 0736 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:17.0553 0736 DXGKrnl - ok
12:45:17.0595 0736 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
12:45:17.0597 0736 E100B - ok
12:45:17.0631 0736 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:45:17.0634 0736 EapHost - ok
12:45:17.0788 0736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:45:17.0819 0736 ebdrv - ok
12:45:17.0909 0736 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
12:45:17.0911 0736 EFS - ok
12:45:17.0993 0736 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:45:18.0010 0736 ehRecvr - ok
12:45:18.0042 0736 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:45:18.0045 0736 ehSched - ok
12:45:18.0124 0736 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:45:18.0125 0736 ElbyCDIO - ok
12:45:18.0202 0736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:18.0208 0736 elxstor - ok
12:45:18.0255 0736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:45:18.0256 0736 ErrDev - ok
12:45:18.0307 0736 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:45:18.0315 0736 EventSystem - ok
12:45:18.0337 0736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:45:18.0339 0736 exfat - ok
12:45:18.0368 0736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:45:18.0370 0736 fastfat - ok
12:45:18.0431 0736 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:45:18.0451 0736 Fax - ok
12:45:18.0466 0736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:45:18.0467 0736 fdc - ok
12:45:18.0479 0736 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:45:18.0482 0736 fdPHost - ok
12:45:18.0506 0736 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:45:18.0508 0736 FDResPub - ok
12:45:18.0525 0736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:45:18.0526 0736 FileInfo - ok
12:45:18.0543 0736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:45:18.0544 0736 Filetrace - ok
12:45:18.0562 0736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:18.0563 0736 flpydisk - ok
12:45:18.0591 0736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:45:18.0593 0736 FltMgr - ok
12:45:18.0656 0736 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:45:18.0673 0736 FontCache - ok
12:45:18.0751 0736 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:45:18.0753 0736 FontCache3.0.0.0 - ok
12:45:18.0765 0736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:45:18.0766 0736 FsDepends - ok
12:45:18.0779 0736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:18.0780 0736 Fs_Rec - ok
12:45:18.0863 0736 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:18.0865 0736 fvevol - ok
12:45:18.0890 0736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:18.0891 0736 gagp30kx - ok
12:45:18.0940 0736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:45:18.0941 0736 GEARAspiWDM - ok
12:45:19.0011 0736 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:45:19.0017 0736 gpsvc - ok
12:45:19.0039 0736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:45:19.0040 0736 hcw85cir - ok
12:45:19.0109 0736 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:45:19.0111 0736 HDAudBus - ok
12:45:19.0127 0736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:19.0128 0736 HidBatt - ok
12:45:19.0151 0736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:19.0153 0736 HidBth - ok
12:45:19.0174 0736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:45:19.0175 0736 HidIr - ok
12:45:19.0206 0736 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:45:19.0208 0736 hidserv - ok
12:45:19.0235 0736 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:19.0236 0736 HidUsb - ok
12:45:19.0293 0736 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:45:19.0297 0736 hkmsvc - ok
12:45:19.0324 0736 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:45:19.0333 0736 HomeGroupListener - ok
12:45:19.0383 0736 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:45:19.0389 0736 HomeGroupProvider - ok
12:45:19.0422 0736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:45:19.0424 0736 HpSAMD - ok
12:45:19.0505 0736 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:45:19.0510 0736 HTTP - ok
12:45:19.0529 0736 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:45:19.0530 0736 hwpolicy - ok
12:45:19.0566 0736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:45:19.0567 0736 i8042prt - ok
12:45:19.0600 0736 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
12:45:19.0604 0736 iaStorV - ok
12:45:19.0720 0736 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:45:19.0743 0736 idsvc - ok
12:45:19.0789 0736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:19.0790 0736 iirsp - ok
12:45:19.0869 0736 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:45:19.0889 0736 IKEEXT - ok
12:45:19.0913 0736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:45:19.0914 0736 intelide - ok
12:45:19.0937 0736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:19.0938 0736 intelppm - ok
12:45:19.0964 0736 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:45:19.0967 0736 IPBusEnum - ok
12:45:20.0049 0736 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:45:20.0060 0736 iphlpsvc - ok
12:45:20.0083 0736 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:20.0083 0736 IPMIDRV - ok
12:45:20.0119 0736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:45:20.0120 0736 IPNAT - ok
12:45:20.0233 0736 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
12:45:20.0254 0736 iPod Service - ok
12:45:20.0279 0736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:45:20.0280 0736 IRENUM - ok
12:45:20.0302 0736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:45:20.0303 0736 isapnp - ok
12:45:20.0333 0736 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:45:20.0335 0736 iScsiPrt - ok
12:45:20.0359 0736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:20.0361 0736 kbdclass - ok
12:45:20.0389 0736 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:20.0390 0736 kbdhid - ok
12:45:20.0425 0736 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:20.0427 0736 KeyIso - ok
12:45:20.0473 0736 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
12:45:20.0476 0736 KSecDD - ok
12:45:20.0511 0736 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:20.0513 0736 KSecPkg - ok
12:45:20.0549 0736 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:45:20.0565 0736 KtmRm - ok
12:45:20.0628 0736 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:45:20.0632 0736 LanmanServer - ok
12:45:20.0682 0736 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:45:20.0686 0736 LanmanWorkstation - ok
12:45:20.0725 0736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:20.0726 0736 lltdio - ok
12:45:20.0764 0736 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:45:20.0774 0736 lltdsvc - ok
12:45:20.0801 0736 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:45:20.0803 0736 lmhosts - ok
12:45:20.0842 0736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:20.0843 0736 LSI_FC - ok
12:45:20.0869 0736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:20.0870 0736 LSI_SAS - ok
12:45:20.0886 0736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:20.0888 0736 LSI_SAS2 - ok
12:45:20.0910 0736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:20.0911 0736 LSI_SCSI - ok
12:45:20.0941 0736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:45:20.0942 0736 luafv - ok
12:45:20.0990 0736 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:45:20.0994 0736 Mcx2Svc - ok
12:45:21.0012 0736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:45:21.0012 0736 megasas - ok
12:45:21.0042 0736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:21.0044 0736 MegaSR - ok
12:45:21.0077 0736 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:45:21.0081 0736 MMCSS - ok
12:45:21.0099 0736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:45:21.0100 0736 Modem - ok
12:45:21.0125 0736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:45:21.0125 0736 monitor - ok
12:45:21.0186 0736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:21.0187 0736 mouclass - ok
12:45:21.0215 0736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:21.0216 0736 mouhid - ok
12:45:21.0270 0736 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:45:21.0271 0736 mountmgr - ok
12:45:21.0358 0736 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance

 

[Derrick]

Service\maintenanceservice.exe
12:45:21.0361 0736 MozillaMaintenance - ok
12:45:21.0406 0736 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:45:21.0408 0736 mpio - ok
12:45:21.0429 0736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:45:21.0430 0736 mpsdrv - ok
12:45:21.0526 0736 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:45:21.0541 0736 MpsSvc - ok
12:45:21.0593 0736 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:45:21.0594 0736 MRxDAV - ok
12:45:21.0631 0736 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:21.0632 0736 mrxsmb - ok
12:45:21.0658 0736 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:21.0660 0736 mrxsmb10 - ok
12:45:21.0677 0736 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:21.0679 0736 mrxsmb20 - ok
12:45:21.0717 0736 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:45:21.0719 0736 msahci - ok
12:45:21.0761 0736 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:45:21.0763 0736 msdsm - ok
12:45:21.0793 0736 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:45:21.0798 0736 MSDTC - ok
12:45:21.0842 0736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:45:21.0843 0736 Msfs - ok
12:45:21.0860 0736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:21.0861 0736 mshidkmdf - ok
12:45:21.0876 0736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:45:21.0877 0736 msisadrv - ok
12:45:21.0924 0736 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:45:21.0928 0736 MSiSCSI - ok
12:45:21.0937 0736 msiserver - ok
12:45:21.0971 0736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:21.0971 0736 MSKSSRV - ok
12:45:21.0993 0736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:21.0994 0736 MSPCLOCK - ok
12:45:22.0014 0736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:45:22.0015 0736 MSPQM - ok
12:45:22.0041 0736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:45:22.0042 0736 MsRPC - ok
12:45:22.0093 0736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:45:22.0094 0736 mssmbios - ok
12:45:22.0219 0736 MSSQL$ACT7 - ok
12:45:22.0347 0736 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:45:22.0349 0736 MSSQLServerADHelper100 - ok
12:45:22.0505 0736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:45:22.0506 0736 MSTEE - ok
12:45:22.0519 0736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:22.0521 0736 MTConfig - ok
12:45:22.0540 0736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:45:22.0541 0736 Mup - ok
12:45:22.0598 0736 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:45:22.0603 0736 napagent - ok
12:45:22.0646 0736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:22.0649 0736 NativeWifiP - ok
12:45:22.0700 0736 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:45:22.0705 0736 NDIS - ok
12:45:22.0729 0736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:22.0730 0736 NdisCap - ok
12:45:22.0761 0736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:22.0762 0736 NdisTapi - ok
12:45:22.0800 0736 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:22.0801 0736 Ndisuio - ok
12:45:22.0848 0736 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:22.0849 0736 NdisWan - ok
12:45:22.0896 0736 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:45:22.0897 0736 NDProxy - ok
12:45:22.0913 0736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:45:22.0914 0736 NetBIOS - ok
12:45:22.0960 0736 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:45:22.0962 0736 NetBT - ok
12:45:22.0992 0736 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:22.0994 0736 Netlogon - ok
12:45:23.0050 0736 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:45:23.0067 0736 Netman - ok
12:45:23.0097 0736 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:45:23.0111 0736 netprofm - ok
12:45:23.0219 0736 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:23.0221 0736 NetTcpPortSharing - ok
12:45:23.0250 0736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:23.0250 0736 nfrd960 - ok
12:45:23.0302 0736 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:45:23.0311 0736 NlaSvc - ok
12:45:23.0325 0736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:45:23.0327 0736 Npfs - ok
12:45:23.0341 0736 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:45:23.0344 0736 nsi - ok
12:45:23.0360 0736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:45:23.0362 0736 nsiproxy - ok
12:45:23.0444 0736 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
12:45:23.0454 0736 Ntfs - ok
12:45:23.0471 0736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:45:23.0472 0736 Null - ok
12:45:23.0532 0736 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
12:45:23.0533 0736 nvraid - ok
12:45:23.0558 0736 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
12:45:23.0560 0736 nvstor - ok
12:45:23.0581 0736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:45:23.0582 0736 nv_agp - ok
12:45:23.0628 0736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:45:23.0629 0736 ohci1394 - ok
12:45:23.0694 0736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:23.0697 0736 ose - ok
12:45:23.0927 0736 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:24.0019 0736 osppsvc - ok
12:45:24.0142 0736 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:45:24.0146 0736 p2pimsvc - ok
12:45:24.0174 0736 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:45:24.0180 0736 p2psvc - ok
12:45:24.0227 0736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:45:24.0228 0736 Parport - ok
12:45:24.0274 0736 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:45:24.0275 0736 partmgr - ok
12:45:24.0291 0736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:45:24.0291 0736 Parvdm - ok
12:45:24.0312 0736 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:45:24.0316 0736 PcaSvc - ok
12:45:24.0351 0736 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:45:24.0353 0736 pci - ok
12:45:24.0377 0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:45:24.0378 0736 pciide - ok
12:45:24.0402 0736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:24.0404 0736 pcmcia - ok
12:45:24.0425 0736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:45:24.0426 0736 pcw - ok
12:45:24.0486 0736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:45:24.0491 0736 PEAUTH - ok
12:45:24.0552 0736 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:45:24.0562 0736 PeerDistSvc - ok
12:45:24.0786 0736 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:45:24.0799 0736 pla - ok
12:45:24.0916 0736 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
12:45:24.0922 0736 PlugPlay - ok
12:45:24.0975 0736 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\System32\hpzipm12.dll
12:45:24.0977 0736 Pml Driver HPZ12 - ok
12:45:25.0003 0736 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:45:25.0007 0736 PNRPAutoReg - ok
12:45:25.0034 0736 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:45:25.0038 0736 PNRPsvc - ok
12:45:25.0076 0736 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:45:25.0089 0736 PolicyAgent - ok
12:45:25.0147 0736 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:45:25.0151 0736 Power - ok
12:45:25.0225 0736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:25.0226 0736 PptpMiniport - ok
12:45:25.0254 0736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:45:25.0255 0736 Processor - ok
12:45:25.0291 0736 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:45:25.0295 0736 ProfSvc - ok
12:45:25.0325 0736 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:25.0327 0736 ProtectedStorage - ok
12:45:25.0346 0736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:45:25.0348 0736 Psched - ok
12:45:25.0442 0736 QBCFMonitorService (45ff9e4ec506fca0c263a3299809b73a) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:45:25.0444 0736 QBCFMonitorService - ok
12:45:25.0477 0736 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:45:25.0479 0736 QBFCService - ok
12:45:25.0565 0736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:25.0576 0736 ql2300 - ok
12:45:25.0680 0736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:25.0682 0736 ql40xx - ok
12:45:25.0741 0736 QuickBooksDB20 - ok
12:45:25.0793 0736 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:45:25.0799 0736 QWAVE - ok
12:45:25.0817 0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:45:25.0819 0736 QWAVEdrv - ok
12:45:25.0836 0736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:25.0837 0736 RasAcd - ok
12:45:25.0879 0736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:25.0880 0736 RasAgileVpn - ok
12:45:25.0902 0736 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:45:25.0905 0736 RasAuto - ok
12:45:25.0923 0736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:25.0924 0736 Rasl2tp - ok
12:45:25.0994 0736 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:45:25.0999 0736 RasMan - ok
12:45:26.0022 0736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:26.0024 0736 RasPppoe - ok
12:45:26.0046 0736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:26.0047 0736 RasSstp - ok
12:45:26.0074 0736 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:26.0076 0736 rdbss - ok
12:45:26.0092 0736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:26.0093 0736 rdpbus - ok
12:45:26.0138 0736 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:26.0139 0736 RDPCDD - ok
12:45:26.0194 0736 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:45:26.0196 0736 RDPDR - ok
12:45:26.0221 0736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:45:26.0221 0736 RDPENCDD - ok
12:45:26.0236 0736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:45:26.0238 0736 RDPREFMP - ok
12:45:26.0274 0736 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:45:26.0276 0736 RdpVideoMiniport - ok
12:45:26.0332 0736 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:45:26.0333 0736 RDPWD - ok
12:45:26.0394 0736 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:45:26.0396 0736 rdyboost - ok
12:45:26.0442 0736 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:45:26.0446 0736 RemoteAccess - ok
12:45:26.0479 0736 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:45:26.0483 0736 RemoteRegistry - ok
12:45:26.0502 0736 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:45:26.0505 0736 RpcEptMapper - ok
12:45:26.0531 0736 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:45:26.0533 0736 RpcLocator - ok
12:45:26.0593 0736 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:45:26.0600 0736 RpcSs - ok
12:45:26.0654 0736 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
12:45:26.0657 0736 RsFx0150 - ok
12:45:26.0704 0736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:26.0705 0736 rspndr - ok
12:45:26.0748 0736 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:45:26.0749 0736 s3cap - ok
12:45:26.0768 0736 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:26.0772 0736 SamSs - ok
12:45:26.0820 0736 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:45:26.0822 0736 sbp2port - ok
12:45:26.0854 0736 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:45:26.0858 0736 SCardSvr - ok
12:45:26.0899 0736 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:26.0900 0736 scfilter - ok
12:45:26.0979 0736 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:45:26.0988 0736 Schedule - ok
12:45:27.0047 0736 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:45:27.0048 0736 SCPolicySvc - ok
12:45:27.0094 0736 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:45:27.0098 0736 SDRSVC - ok
12:45:27.0127 0736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:45:27.0128 0736 secdrv - ok
12:45:27.0147 0736 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:45:27.0150 0736 seclogon - ok
12:45:27.0185 0736 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:45:27.0188 0736 SENS - ok
12:45:27.0200 0736 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:45:27.0205 0736 SensrSvc - ok
12:45:27.0229 0736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:45:27.0230 0736 Serenum - ok
12:45:27.0250 0736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:45:27.0252 0736 Serial - ok
12:45:27.0297 0736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:27.0298 0736 sermouse - ok
12:45:27.0366 0736 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:45:27.0370 0736 SessionEnv - ok
12:45:27.0411 0736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:45:27.0412 0736 sffdisk - ok
12:45:27.0424 0736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:27.0426 0736 sffp_mmc - ok
12:45:27.0444 0736 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:45:27.0444 0736 sffp_sd - ok
12:45:27.0458 0736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:27.0459 0736 sfloppy - ok
12:45:27.0534 0736 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:45:27.0540 0736 SharedAccess - ok
12:45:27.0599 0736 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:45:27.0604 0736 ShellHWDetection - ok
12:45:27.0628 0736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:45:27.0630 0736 sisagp - ok
12:45:27.0661 0736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:27.0662 0736 SiSRaid2 - ok
12:45:27.0685 0736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:27.0687 0736 SiSRaid4 - ok
12:45:27.0715 0736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:45:27.0716 0736 Smb - ok
12:45:27.0761 0736 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
12:45:27.0765 0736 smwdm - ok
12:45:27.0802 0736 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:45:27.0805 0736 SNMPTRAP - ok
12:45:27.0817 0736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:45:27.0819 0736 spldr - ok
12:45:27.0895 0736 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:45:27.0900 0736 Spooler - ok
12:45:28.0078 0736 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:45:28.0105 0736 sppsvc - ok
12:45:28.0240 0736 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:45:28.0244 0736 sppuinotify - ok
12:45:28.0367 0736 SQLAgent$ACT7 (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
12:45:28.0379 0736 SQLAgent$ACT7 - ok
12:45:28.0429 0736 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:45:28.0437 0736 SQLBrowser - ok
12:45:28.0472 0736 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:45:28.0474 0736 SQLWriter - ok
12:45:28.0535 0736 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
12:45:28.0539 0736 srv - ok
12:45:28.0563 0736 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
12:45:28.0566 0736 srv2 - ok
12:45:28.0586 0736 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:28.0588 0736 srvnet - ok
12:45:28.0625 0736 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:45:28.0630 0736 SSDPSRV - ok
12:45:28.0649 0736 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:45:28.0653 0736 SstpSvc - ok
12:45:28.0685 0736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:28.0686 0736 stexstor - ok
12:45:28.0752 0736 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:45:28.0759 0736 StiSvc - ok
12:45:28.0820 0736 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:45:28.0821 0736 storflt - ok
12:45:28.0851 0736 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:45:28.0852 0736 storvsc - ok
12:45:28.0870 0736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:45:28.0871 0736 swenum - ok
12:45:28.0900 0736 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:45:28.0906 0736 swprv - ok
12:45:28.0930 0736 Synth3dVsc - ok
12:45:29.0030 0736 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:45:29.0041 0736 SysMain - ok
12:45:29.0093 0736 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:45:29.0096 0736 TabletInputService - ok
12:45:29.0154 0736 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:45:29.0159 0736 TapiSrv - ok
12:45:29.0178 0736 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:45:29.0181 0736 TBS - ok
12:45:29.0305 0736 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
12:45:29.0315 0736 Tcpip - ok
12:45:29.0351 0736 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:29.0361 0736 TCPIP6 - ok
12:45:29.0414 0736 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:45:29.0415 0736 tcpipreg - ok
12:45:29.0461 0736 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:45:29.0462 0736 TDPIPE - ok
12:45:29.0477 0736 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:45:29.0478 0736 TDTCP - ok
12:45:29.0527 0736 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:45:29.0528 0736 tdx - ok
12:45:29.0574 0736 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:45:29.0575 0736 TermDD - ok
12:45:29.0650 0736 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:45:29.0657 0736 TermService - ok
12:45:29.0686 0736 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:45:29.0689 0736 Themes - ok
12:45:29.0718 0736 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:45:29.0720 0736 THREADORDER - ok
12:45:29.0740 0736 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:45:29.0744 0736 TrkWks - ok
12:45:29.0810 0736 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:45:29.0821 0736 TrustedInstaller - ok
12:45:29.0837 0736 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:29.0839 0736 tssecsrv - ok
12:45:29.0902 0736 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:45:29.0904 0736 TsUsbFlt - ok
12:45:29.0921 0736 tsusbhub - ok
12:45:29.0985 0736 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:29.0986 0736 tunnel - ok
12:45:30.0031 0736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:30.0033 0736 uagp35 - ok
12:45:30.0095 0736 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:45:30.0098 0736 udfs - ok
12:45:30.0138 0736 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:45:30.0142 0736 UI0Detect - ok
12:45:30.0201 0736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:45:30.0202 0736 uliagpkx - ok
12:45:30.0250 0736 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:45:30.0250 0736 umbus - ok
12:45:30.0283 0736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:45:30.0284 0736 UmPass - ok
12:45:30.0340 0736 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:45:30.0344 0736 UmRdpService - ok
12:45:30.0377 0736 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:45:30.0382 0736 upnphost - ok
12:45:30.0427 0736 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:30.0428 0736 usbccgp - ok
12:45:30.0476 0736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:45:30.0477 0736 usbcir - ok
12:45:30.0501 0736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:30.0502 0736 usbehci - ok
12:45:30.0528 0736 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
12:45:30.0531 0736 usbhub - ok
12:45:30.0551 0736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:30.0552 0736 usbohci - ok
12:45:30.0577 0736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:30.0578 0736 usbprint - ok
12:45:30.0600 0736 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:30.0602 0736 usbscan - ok
12:45:30.0622 0736 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:30.0623 0736 USBSTOR - ok
12:45:30.0640 0736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:30.0641 0736 usbuhci - ok
12:45:30.0667 0736 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:45:30.0671 0736 UxSms - ok
12:45:30.0700 0736 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:30.0702 0736 VaultSvc - ok
12:45:30.0747 0736 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
12:45:30.0748 0736 VClone - ok
12:45:30.0801 0736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:45:30.0802 0736 vdrvroot - ok
12:45:30.0873 0736 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:45:30.0879 0736 vds - ok
12:45:30.0903 0736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:30.0904 0736 vga - ok
12:45:30.0917 0736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:45:30.0918 0736 VgaSave - ok
12:45:30.0927 0736 VGPU - ok
12:45:30.0989 0736 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:45:30.0991 0736 vhdmp - ok
12:45:31.0021 0736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:45:31.0023 0736 viaagp - ok
12:45:31.0057 0736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:45:31.0058 0736 ViaC7 - ok
12:45:31.0079 0736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:45:31.0080 0736 viaide - ok
12:45:31.0107 0736 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:45:31.0109 0736 vmbus - ok
12:45:31.0128 0736 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:45:31.0130 0736 VMBusHID - ok
12:45:31.0148 0736 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:45:31.0149 0736 volmgr - ok
12:45:31.0176 0736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:45:31.0179 0736 volmgrx - ok
12:45:31.0225 0736 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:45:31.0228 0736 volsnap - ok
12:45:31.0266 0736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:31.0268 0736 vsmraid - ok
12:45:31.0369 0736 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:45:31.0378 0736 VSS - ok
12:45:31.0428 0736 vToolbarUpdater11.2.0 - ok
12:45:31.0452 0736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:45:31.0453 0736 vwifibus - ok
12:45:31.0505 0736 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:45:31.0511 0736 W32Time - ok
12:45:31.0539 0736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:31.0540 0736 WacomPen - ok
12:45:31.0592 0736 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:31.0593 0736 WANARP - ok
12:45:31.0600 0736 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:31.0603 0736 Wanarpv6 - ok
12:45:31.0707 0736 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:31.0733 0736 WatAdminSvc - ok
12:45:31.0834 0736 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:45:31.0847 0736 wbengine - ok
12:45:31.0873 0736 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:45:31.0876 0736 WbioSrvc - ok
12:45:31.0936 0736 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:45:31.0941 0736 wcncsvc - ok
12:45:31.0960 0736 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:45:31.0963 0736 WcsPlugInService - ok
12:45:32.0017 0736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:45:32.0018 0736 Wd - ok
12:45:32.0060 0736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:45:32.0065 0736 Wdf01000 - ok
12:45:32.0086 0736 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:45:32.0090 0736 WdiServiceHost - ok
12:45:32.0098 0736 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:45:32.0104 0736 WdiSystemHost - ok
12:45:32.0160 0736 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:45:32.0165 0736 WebClient - ok
12:45:32.0186 0736 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:45:32.0190 0736 Wecsvc - ok
12:45:32.0205 0736 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:45:32.0210 0736 wercplsupport - ok
12:45:32.0239 0736 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:45:32.0243 0736 WerSvc - ok
12:45:32.0268 0736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:32.0269 0736 WfpLwf - ok
12:45:32.0297 0736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:45:32.0298 0736 WIMMount - ok
12:45:32.0400 0736 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:45:32.0420 0736 WinDefend - ok
12:45:32.0434 0736 WinHttpAutoProxySvc - ok
12:45:32.0492 0736 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:45:32.0494 0736 Winmgmt - ok
12:45:32.0589 0736 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:45:32.0602 0736 WinRM - ok
12:45:32.0678 0736 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:32.0679 0736 WinUsb - ok
12:45:32.0752 0736 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:45:32.0762 0736 Wlansvc - ok
12:45:32.0809 0736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:45:32.0810 0736 WmiAcpi - ok
12:45:32.0864 0736 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:32.0866 0736 wmiApSrv - ok
12:45:32.0989 0736 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:45:33.0013 0736 WMPNetworkSvc - ok
12:45:33.0026 0736 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:45:33.0032 0736 WPCSvc - ok
12:45:33.0081 0736 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:45:33.0084 0736 WPDBusEnum - ok
12:45:33.0135 0736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:33.0136 0736 ws2ifsl - ok
12:45:33.0179 0736 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:45:33.0183 0736 wscsvc - ok
12:45:33.0191 0736 WSearch - ok
12:45:33.0347 0736 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:45:33.0366 0736 wuauserv - ok
12:45:33.0501 0736 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:45:33.0503 0736 WudfPf - ok
12:45:33.0524 0736 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:33.0526 0736 WUDFRd - ok
12:45:33.0582 0736 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:45:33.0585 0736 wudfsvc - ok
12:45:33.0617 0736 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:45:33.0622 0736 WwanSvc - ok
12:45:33.0659 0736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:45:33.0685 0736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:45:33.0685 0736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:45:33.0698 0736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:45:33.0706 0736 \Device\Harddisk1\DR1 - ok
12:45:33.0711 0736 Boot (0x1200) (abc49a7be8d0ec074a4d9b937d39bd43) \Device\Harddisk0\DR0\Partition0
12:45:33.0715 0736 \Device\Harddisk0\DR0\Partition0 - ok
12:45:33.0724 0736 Boot (0x1200) (0301c1836343c2cd574a370ec0c2a1fd) \Device\Harddisk1\DR1\Partition0
12:45:33.0727 0736 \Device\Harddisk1\DR1\Partition0 - ok
12:45:33.0729 0736 ============================================================
12:45:33.0729 0736 Scan finished
12:45:33.0729 0736 ============================================================
12:45:33.0750 1128 Detected object count: 1
12:45:33.0750 1128 Actual detected object count: 1
12:45:46.0243 1128 \Device\Harddisk0\DR0\# - copied to quarantine
12:45:46.0244 1128 \Device\Harddisk0\DR0 - copied to quarantine
12:45:46.0276 1128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:45:46.0285 1128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:45:46.0289 1128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:45:46.0294 1128 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:45:46.0301 1128 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:45:46.0311 1128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:45:46.0321 1128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:45:46.0324 1128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:45:46.0327 1128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:45:46.0331 1128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:45:46.0334 1128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:45:46.0338 1128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:45:46.0341 1128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:45:46.0344 1128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:45:46.0376 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:45:46.0377 1128 \Device\Harddisk0\DR0 - ok
12:45:52.0289 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:45:58.0738 3416 Deinitialize success

 

[Derrick]

Service\maintenanceservice.exe
12:45:21.0361 0736 MozillaMaintenance - ok
12:45:21.0406 0736 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:45:21.0408 0736 mpio - ok
12:45:21.0429 0736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:45:21.0430 0736 mpsdrv - ok
12:45:21.0526 0736 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:45:21.0541 0736 MpsSvc - ok
12:45:21.0593 0736 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:45:21.0594 0736 MRxDAV - ok
12:45:21.0631 0736 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:21.0632 0736 mrxsmb - ok
12:45:21.0658 0736 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:21.0660 0736 mrxsmb10 - ok
12:45:21.0677 0736 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:21.0679 0736 mrxsmb20 - ok
12:45:21.0717 0736 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:45:21.0719 0736 msahci - ok
12:45:21.0761 0736 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:45:21.0763 0736 msdsm - ok
12:45:21.0793 0736 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:45:21.0798 0736 MSDTC - ok
12:45:21.0842 0736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:45:21.0843 0736 Msfs - ok
12:45:21.0860 0736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:21.0861 0736 mshidkmdf - ok
12:45:21.0876 0736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:45:21.0877 0736 msisadrv - ok
12:45:21.0924 0736 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:45:21.0928 0736 MSiSCSI - ok
12:45:21.0937 0736 msiserver - ok
12:45:21.0971 0736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:21.0971 0736 MSKSSRV - ok
12:45:21.0993 0736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:21.0994 0736 MSPCLOCK - ok
12:45:22.0014 0736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:45:22.0015 0736 MSPQM - ok
12:45:22.0041 0736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:45:22.0042 0736 MsRPC - ok
12:45:22.0093 0736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:45:22.0094 0736 mssmbios - ok
12:45:22.0219 0736 MSSQL$ACT7 - ok
12:45:22.0347 0736 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:45:22.0349 0736 MSSQLServerADHelper100 - ok
12:45:22.0505 0736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:45:22.0506 0736 MSTEE - ok
12:45:22.0519 0736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:22.0521 0736 MTConfig - ok
12:45:22.0540 0736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:45:22.0541 0736 Mup - ok
12:45:22.0598 0736 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:45:22.0603 0736 napagent - ok
12:45:22.0646 0736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:22.0649 0736 NativeWifiP - ok
12:45:22.0700 0736 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:45:22.0705 0736 NDIS - ok
12:45:22.0729 0736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:22.0730 0736 NdisCap - ok
12:45:22.0761 0736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:22.0762 0736 NdisTapi - ok
12:45:22.0800 0736 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:22.0801 0736 Ndisuio - ok
12:45:22.0848 0736 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:22.0849 0736 NdisWan - ok
12:45:22.0896 0736 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:45:22.0897 0736 NDProxy - ok
12:45:22.0913 0736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:45:22.0914 0736 NetBIOS - ok
12:45:22.0960 0736 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:45:22.0962 0736 NetBT - ok
12:45:22.0992 0736 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:22.0994 0736 Netlogon - ok
12:45:23.0050 0736 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:45:23.0067 0736 Netman - ok
12:45:23.0097 0736 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:45:23.0111 0736 netprofm - ok
12:45:23.0219 0736 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:23.0221 0736 NetTcpPortSharing - ok
12:45:23.0250 0736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:23.0250 0736 nfrd960 - ok
12:45:23.0302 0736 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:45:23.0311 0736 NlaSvc - ok
12:45:23.0325 0736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:45:23.0327 0736 Npfs - ok
12:45:23.0341 0736 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:45:23.0344 0736 nsi - ok
12:45:23.0360 0736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:45:23.0362 0736 nsiproxy - ok
12:45:23.0444 0736 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
12:45:23.0454 0736 Ntfs - ok
12:45:23.0471 0736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:45:23.0472 0736 Null - ok
12:45:23.0532 0736 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
12:45:23.0533 0736 nvraid - ok
12:45:23.0558 0736 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
12:45:23.0560 0736 nvstor - ok
12:45:23.0581 0736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:45:23.0582 0736 nv_agp - ok
12:45:23.0628 0736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:45:23.0629 0736 ohci1394 - ok
12:45:23.0694 0736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:23.0697 0736 ose - ok
12:45:23.0927 0736 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:24.0019 0736 osppsvc - ok
12:45:24.0142 0736 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:45:24.0146 0736 p2pimsvc - ok
12:45:24.0174 0736 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:45:24.0180 0736 p2psvc - ok
12:45:24.0227 0736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:45:24.0228 0736 Parport - ok
12:45:24.0274 0736 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:45:24.0275 0736 partmgr - ok
12:45:24.0291 0736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:45:24.0291 0736 Parvdm - ok
12:45:24.0312 0736 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:45:24.0316 0736 PcaSvc - ok
12:45:24.0351 0736 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:45:24.0353 0736 pci - ok
12:45:24.0377 0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:45:24.0378 0736 pciide - ok
12:45:24.0402 0736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:24.0404 0736 pcmcia - ok
12:45:24.0425 0736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:45:24.0426 0736 pcw - ok
12:45:24.0486 0736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:45:24.0491 0736 PEAUTH - ok
12:45:24.0552 0736 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:45:24.0562 0736 PeerDistSvc - ok
12:45:24.0786 0736 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:45:24.0799 0736 pla - ok
12:45:24.0916 0736 PlugPlay (92dc6e68d2c856c5c2f21ae9e22112b8) C:\Windows\system32\umpnpmgr.dll
12:45:24.0922 0736 PlugPlay - ok
12:45:24.0975 0736 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\Windows\System32\hpzipm12.dll
12:45:24.0977 0736 Pml Driver HPZ12 - ok
12:45:25.0003 0736 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:45:25.0007 0736 PNRPAutoReg - ok
12:45:25.0034 0736 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:45:25.0038 0736 PNRPsvc - ok
12:45:25.0076 0736 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:45:25.0089 0736 PolicyAgent - ok
12:45:25.0147 0736 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:45:25.0151 0736 Power - ok
12:45:25.0225 0736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:25.0226 0736 PptpMiniport - ok
12:45:25.0254 0736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:45:25.0255 0736 Processor - ok
12:45:25.0291 0736 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:45:25.0295 0736 ProfSvc - ok
12:45:25.0325 0736 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:25.0327 0736 ProtectedStorage - ok
12:45:25.0346 0736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:45:25.0348 0736 Psched - ok
12:45:25.0442 0736 QBCFMonitorService (45ff9e4ec506fca0c263a3299809b73a) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:45:25.0444 0736 QBCFMonitorService - ok
12:45:25.0477 0736 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:45:25.0479 0736 QBFCService - ok
12:45:25.0565 0736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:25.0576 0736 ql2300 - ok
12:45:25.0680 0736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:25.0682 0736 ql40xx - ok
12:45:25.0741 0736 QuickBooksDB20 - ok
12:45:25.0793 0736 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:45:25.0799 0736 QWAVE - ok
12:45:25.0817 0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:45:25.0819 0736 QWAVEdrv - ok
12:45:25.0836 0736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:25.0837 0736 RasAcd - ok
12:45:25.0879 0736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:25.0880 0736 RasAgileVpn - ok
12:45:25.0902 0736 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:45:25.0905 0736 RasAuto - ok
12:45:25.0923 0736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:25.0924 0736 Rasl2tp - ok
12:45:25.0994 0736 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:45:25.0999 0736 RasMan - ok
12:45:26.0022 0736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:26.0024 0736 RasPppoe - ok
12:45:26.0046 0736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:26.0047 0736 RasSstp - ok
12:45:26.0074 0736 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:26.0076 0736 rdbss - ok
12:45:26.0092 0736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:26.0093 0736 rdpbus - ok
12:45:26.0138 0736 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:26.0139 0736 RDPCDD - ok
12:45:26.0194 0736 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:45:26.0196 0736 RDPDR - ok
12:45:26.0221 0736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:45:26.0221 0736 RDPENCDD - ok
12:45:26.0236 0736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:45:26.0238 0736 RDPREFMP - ok
12:45:26.0274 0736 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:45:26.0276 0736 RdpVideoMiniport - ok
12:45:26.0332 0736 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:45:26.0333 0736 RDPWD - ok
12:45:26.0394 0736 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:45:26.0396 0736 rdyboost - ok
12:45:26.0442 0736 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:45:26.0446 0736 RemoteAccess - ok
12:45:26.0479 0736 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:45:26.0483 0736 RemoteRegistry - ok
12:45:26.0502 0736 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:45:26.0505 0736 RpcEptMapper - ok
12:45:26.0531 0736 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:45:26.0533 0736 RpcLocator - ok
12:45:26.0593 0736 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:45:26.0600 0736 RpcSs - ok
12:45:26.0654 0736 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
12:45:26.0657 0736 RsFx0150 - ok
12:45:26.0704 0736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:26.0705 0736 rspndr - ok
12:45:26.0748 0736 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:45:26.0749 0736 s3cap - ok
12:45:26.0768 0736 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:26.0772 0736 SamSs - ok
12:45:26.0820 0736 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:45:26.0822 0736 sbp2port - ok
12:45:26.0854 0736 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:45:26.0858 0736 SCardSvr - ok
12:45:26.0899 0736 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:26.0900 0736 scfilter - ok
12:45:26.0979 0736 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:45:26.0988 0736 Schedule - ok
12:45:27.0047 0736 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:45:27.0048 0736 SCPolicySvc - ok
12:45:27.0094 0736 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:45:27.0098 0736 SDRSVC - ok
12:45:27.0127 0736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:45:27.0128 0736 secdrv - ok
12:45:27.0147 0736 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:45:27.0150 0736 seclogon - ok
12:45:27.0185 0736 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:45:27.0188 0736 SENS - ok
12:45:27.0200 0736 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:45:27.0205 0736 SensrSvc - ok
12:45:27.0229 0736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:45:27.0230 0736 Serenum - ok
12:45:27.0250 0736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:45:27.0252 0736 Serial - ok
12:45:27.0297 0736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:27.0298 0736 sermouse - ok
12:45:27.0366 0736 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:45:27.0370 0736 SessionEnv - ok
12:45:27.0411 0736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:45:27.0412 0736 sffdisk - ok
12:45:27.0424 0736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:27.0426 0736 sffp_mmc - ok
12:45:27.0444 0736 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:45:27.0444 0736 sffp_sd - ok
12:45:27.0458 0736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:27.0459 0736 sfloppy - ok
12:45:27.0534 0736 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:45:27.0540 0736 SharedAccess - ok
12:45:27.0599 0736 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:45:27.0604 0736 ShellHWDetection - ok
12:45:27.0628 0736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:45:27.0630 0736 sisagp - ok
12:45:27.0661 0736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:27.0662 0736 SiSRaid2 - ok
12:45:27.0685 0736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:27.0687 0736 SiSRaid4 - ok
12:45:27.0715 0736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:45:27.0716 0736 Smb - ok
12:45:27.0761 0736 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
12:45:27.0765 0736 smwdm - ok
12:45:27.0802 0736 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:45:27.0805 0736 SNMPTRAP - ok
12:45:27.0817 0736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:45:27.0819 0736 spldr - ok
12:45:27.0895 0736 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:45:27.0900 0736 Spooler - ok
12:45:28.0078 0736 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:45:28.0105 0736 sppsvc - ok
12:45:28.0240 0736 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:45:28.0244 0736 sppuinotify - ok
12:45:28.0367 0736 SQLAgent$ACT7 (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
12:45:28.0379 0736 SQLAgent$ACT7 - ok
12:45:28.0429 0736 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:45:28.0437 0736 SQLBrowser - ok
12:45:28.0472 0736 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:45:28.0474 0736 SQLWriter - ok
12:45:28.0535 0736 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
12:45:28.0539 0736 srv - ok
12:45:28.0563 0736 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
12:45:28.0566 0736 srv2 - ok
12:45:28.0586 0736 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:28.0588 0736 srvnet - ok
12:45:28.0625 0736 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:45:28.0630 0736 SSDPSRV - ok
12:45:28.0649 0736 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:45:28.0653 0736 SstpSvc - ok
12:45:28.0685 0736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:28.0686 0736 stexstor - ok
12:45:28.0752 0736 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:45:28.0759 0736 StiSvc - ok
12:45:28.0820 0736 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:45:28.0821 0736 storflt - ok
12:45:28.0851 0736 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:45:28.0852 0736 storvsc - ok
12:45:28.0870 0736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:45:28.0871 0736 swenum - ok
12:45:28.0900 0736 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:45:28.0906 0736 swprv - ok
12:45:28.0930 0736 Synth3dVsc - ok
12:45:29.0030 0736 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:45:29.0041 0736 SysMain - ok
12:45:29.0093 0736 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:45:29.0096 0736 TabletInputService - ok
12:45:29.0154 0736 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:45:29.0159 0736 TapiSrv - ok
12:45:29.0178 0736 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:45:29.0181 0736 TBS - ok
12:45:29.0305 0736 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
12:45:29.0315 0736 Tcpip - ok
12:45:29.0351 0736 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:29.0361 0736 TCPIP6 - ok
12:45:29.0414 0736 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:45:29.0415 0736 tcpipreg - ok
12:45:29.0461 0736 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:45:29.0462 0736 TDPIPE - ok
12:45:29.0477 0736 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:45:29.0478 0736 TDTCP - ok
12:45:29.0527 0736 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:45:29.0528 0736 tdx - ok
12:45:29.0574 0736 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:45:29.0575 0736 TermDD - ok
12:45:29.0650 0736 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:45:29.0657 0736 TermService - ok
12:45:29.0686 0736 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:45:29.0689 0736 Themes - ok
12:45:29.0718 0736 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:45:29.0720 0736 THREADORDER - ok
12:45:29.0740 0736 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:45:29.0744 0736 TrkWks - ok
12:45:29.0810 0736 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:45:29.0821 0736 TrustedInstaller - ok
12:45:29.0837 0736 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:29.0839 0736 tssecsrv - ok
12:45:29.0902 0736 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:45:29.0904 0736 TsUsbFlt - ok
12:45:29.0921 0736 tsusbhub - ok
12:45:29.0985 0736 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:29.0986 0736 tunnel - ok
12:45:30.0031 0736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:30.0033 0736 uagp35 - ok
12:45:30.0095 0736 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:45:30.0098 0736 udfs - ok
12:45:30.0138 0736 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:45:30.0142 0736 UI0Detect - ok
12:45:30.0201 0736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:45:30.0202 0736 uliagpkx - ok
12:45:30.0250 0736 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:45:30.0250 0736 umbus - ok
12:45:30.0283 0736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:45:30.0284 0736 UmPass - ok
12:45:30.0340 0736 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:45:30.0344 0736 UmRdpService - ok
12:45:30.0377 0736 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:45:30.0382 0736 upnphost - ok
12:45:30.0427 0736 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:30.0428 0736 usbccgp - ok
12:45:30.0476 0736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:45:30.0477 0736 usbcir - ok
12:45:30.0501 0736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:30.0502 0736 usbehci - ok
12:45:30.0528 0736 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
12:45:30.0531 0736 usbhub - ok
12:45:30.0551 0736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:30.0552 0736 usbohci - ok
12:45:30.0577 0736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:30.0578 0736 usbprint - ok
12:45:30.0600 0736 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:30.0602 0736 usbscan - ok
12:45:30.0622 0736 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:30.0623 0736 USBSTOR - ok
12:45:30.0640 0736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:30.0641 0736 usbuhci - ok
12:45:30.0667 0736 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:45:30.0671 0736 UxSms - ok
12:45:30.0700 0736 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
12:45:30.0702 0736 VaultSvc - ok
12:45:30.0747 0736 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
12:45:30.0748 0736 VClone - ok
12:45:30.0801 0736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:45:30.0802 0736 vdrvroot - ok
12:45:30.0873 0736 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:45:30.0879 0736 vds - ok
12:45:30.0903 0736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:30.0904 0736 vga - ok
12:45:30.0917 0736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:45:30.0918 0736 VgaSave - ok
12:45:30.0927 0736 VGPU - ok
12:45:30.0989 0736 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:45:30.0991 0736 vhdmp - ok
12:45:31.0021 0736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:45:31.0023 0736 viaagp - ok
12:45:31.0057 0736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:45:31.0058 0736 ViaC7 - ok
12:45:31.0079 0736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:45:31.0080 0736 viaide - ok
12:45:31.0107 0736 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:45:31.0109 0736 vmbus - ok
12:45:31.0128 0736 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:45:31.0130 0736 VMBusHID - ok
12:45:31.0148 0736 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:45:31.0149 0736 volmgr - ok
12:45:31.0176 0736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:45:31.0179 0736 volmgrx - ok
12:45:31.0225 0736 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:45:31.0228 0736 volsnap - ok
12:45:31.0266 0736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:31.0268 0736 vsmraid - ok
12:45:31.0369 0736 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:45:31.0378 0736 VSS - ok
12:45:31.0428 0736 vToolbarUpdater11.2.0 - ok
12:45:31.0452 0736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:45:31.0453 0736 vwifibus - ok
12:45:31.0505 0736 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:45:31.0511 0736 W32Time - ok
12:45:31.0539 0736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:31.0540 0736 WacomPen - ok
12:45:31.0592 0736 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:31.0593 0736 WANARP - ok
12:45:31.0600 0736 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:31.0603 0736 Wanarpv6 - ok
12:45:31.0707 0736 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:31.0733 0736 WatAdminSvc - ok
12:45:31.0834 0736 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:45:31.0847 0736 wbengine - ok
12:45:31.0873 0736 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:45:31.0876 0736 WbioSrvc - ok
12:45:31.0936 0736 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:45:31.0941 0736 wcncsvc - ok
12:45:31.0960 0736 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:45:31.0963 0736 WcsPlugInService - ok
12:45:32.0017 0736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:45:32.0018 0736 Wd - ok
12:45:32.0060 0736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:45:32.0065 0736 Wdf01000 - ok
12:45:32.0086 0736 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:45:32.0090 0736 WdiServiceHost - ok
12:45:32.0098 0736 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:45:32.0104 0736 WdiSystemHost - ok
12:45:32.0160 0736 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:45:32.0165 0736 WebClient - ok
12:45:32.0186 0736 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:45:32.0190 0736 Wecsvc - ok
12:45:32.0205 0736 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:45:32.0210 0736 wercplsupport - ok
12:45:32.0239 0736 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:45:32.0243 0736 WerSvc - ok
12:45:32.0268 0736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:32.0269 0736 WfpLwf - ok
12:45:32.0297 0736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:45:32.0298 0736 WIMMount - ok
12:45:32.0400 0736 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:45:32.0420 0736 WinDefend - ok
12:45:32.0434 0736 WinHttpAutoProxySvc - ok
12:45:32.0492 0736 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:45:32.0494 0736 Winmgmt - ok
12:45:32.0589 0736 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:45:32.0602 0736 WinRM - ok
12:45:32.0678 0736 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:32.0679 0736 WinUsb - ok
12:45:32.0752 0736 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:45:32.0762 0736 Wlansvc - ok
12:45:32.0809 0736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:45:32.0810 0736 WmiAcpi - ok
12:45:32.0864 0736 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:32.0866 0736 wmiApSrv - ok
12:45:32.0989 0736 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:45:33.0013 0736 WMPNetworkSvc - ok
12:45:33.0026 0736 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:45:33.0032 0736 WPCSvc - ok
12:45:33.0081 0736 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:45:33.0084 0736 WPDBusEnum - ok
12:45:33.0135 0736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:33.0136 0736 ws2ifsl - ok
12:45:33.0179 0736 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:45:33.0183 0736 wscsvc - ok
12:45:33.0191 0736 WSearch - ok
12:45:33.0347 0736 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:45:33.0366 0736 wuauserv - ok
12:45:33.0501 0736 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:45:33.0503 0736 WudfPf - ok
12:45:33.0524 0736 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:33.0526 0736 WUDFRd - ok
12:45:33.0582 0736 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:45:33.0585 0736 wudfsvc - ok
12:45:33.0617 0736 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:45:33.0622 0736 WwanSvc - ok
12:45:33.0659 0736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:45:33.0685 0736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:45:33.0685 0736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:45:33.0698 0736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:45:33.0706 0736 \Device\Harddisk1\DR1 - ok
12:45:33.0711 0736 Boot (0x1200) (abc49a7be8d0ec074a4d9b937d39bd43) \Device\Harddisk0\DR0\Partition0
12:45:33.0715 0736 \Device\Harddisk0\DR0\Partition0 - ok
12:45:33.0724 0736 Boot (0x1200) (0301c1836343c2cd574a370ec0c2a1fd) \Device\Harddisk1\DR1\Partition0
12:45:33.0727 0736 \Device\Harddisk1\DR1\Partition0 - ok
12:45:33.0729 0736 ============================================================
12:45:33.0729 0736 Scan finished
12:45:33.0729 0736 ============================================================
12:45:33.0750 1128 Detected object count: 1
12:45:33.0750 1128 Actual detected object count: 1
12:45:46.0243 1128 \Device\Harddisk0\DR0\# - copied to quarantine
12:45:46.0244 1128 \Device\Harddisk0\DR0 - copied to quarantine
12:45:46.0276 1128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:45:46.0285 1128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:45:46.0289 1128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:45:46.0294 1128 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:45:46.0301 1128 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:45:46.0311 1128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:45:46.0321 1128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:45:46.0324 1128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:45:46.0327 1128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:45:46.0331 1128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:45:46.0334 1128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:45:46.0338 1128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:45:46.0341 1128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:45:46.0344 1128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:45:46.0376 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:45:46.0377 1128 \Device\Harddisk0\DR0 - ok
12:45:52.0289 1128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:45:58.0738 3416 Deinitialize success

 

[Broni]

How are things now?

If fine continue with OTL.

 

[Derrick]

OTL logfile created on: 8/10/2012 1:01:31 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Derrick Hedstrom\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 74.64% Memory free
3.00 Gb Paging File | 2.47 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 348.61 Gb Free Space | 74.85% Space Free | Partition Type: NTFS
Drive E: | 483.23 Mb Total Space | 361.41 Mb Free Space | 74.79% Space Free | Partition Type: FAT
Drive S: | 25.69 Gb Total Space | 4.13 Gb Free Space | 16.06% Space Free | Partition Type: NTFS

Computer Name: TREASURY | User Name: Derrick Hedstrom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 13:00:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 17:41:46 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/11/11 16:36:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/09 03:16:02 | 000,075,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
PRC - [2009/09/25 16:57:30 | 000,537,968 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
PRC - [2003/04/24 05:21:56 | 000,278,589 | ---- | M] () -- C:\Program Files\ACT\SideACT.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/21 15:42:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
MOD - [2003/04/24 05:21:56 | 000,278,589 | ---- | M] () -- C:\Program Files\ACT\SideACT.exe
MOD - [2003/04/24 04:47:20 | 000,286,773 | ---- | M] () -- C:\Program Files\ACT\sharenui.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/08/02 20:45:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/26 10:37:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/11 16:36:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/04/25 08:27:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DERRIC~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E DB 30 95 FE FD CB 01 [binary data]
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...82b52859b9c&lang=en&ds=AVG&pr=fr&d=2012-05-15 10:11:19&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2012-05-15 10:11:19&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/26 10:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/08 13:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Extensions
[2012/05/02 09:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Firefox\Profiles\yqgsz9bx.default\extensions
[2011/10/19 10:04:14 | 000,003,739 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\Mozilla\Firefox\Profiles\yqgsz9bx.default\searchplugins\avg-secure-search.xml
[2012/03/26 09:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/26 10:37:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/09 08:33:53 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/20 11:31:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 11:31:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/10 11:09:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [QuickBooksDB20] C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA5AAF4-0DED-407A-B9DE-605B3484DA8A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 13:00:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
[2012/08/10 12:45:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/10 12:44:58 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derrick Hedstrom\Desktop\TDSSKiller.exe
[2012/08/10 12:20:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/10 12:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/10 11:07:02 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\AppData\Local\temp
[2012/08/10 10:29:42 | 010,665,032 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Derrick Hedstrom\Desktop\AppRemover.exe
[2012/08/10 09:52:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/10 09:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/10 09:42:27 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/08/09 18:47:56 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/09 17:26:10 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.scr
[2012/08/09 17:26:10 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.exe
[2012/08/09 17:26:06 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\ComboFix.exe
[2012/08/09 16:15:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\dds.com
[2012/08/09 14:03:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/09 11:50:18 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/08/08 15:17:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/08 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum
[2012/08/08 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
[2012/08/08 15:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/08/08 15:13:10 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
[2012/08/08 15:12:37 | 003,396,552 | ---- | C] (Axantum Software AB) -- C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
[2012/08/08 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\Desktop\vostro 1000
[2012/08/02 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Derrick Hedstrom\Desktop\SOF FUll DVD
[2012/02/06 17:11:01 | 009,202,080 | ---- | C] (Sage Software ) -- C:\Users\Derrick Hedstrom\AppData\Roaming\ACT2012HotFix_UK_SS.exe

========== Files - Modified Within 30 Days ==========

[2012/08/10 13:00:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Derrick Hedstrom\Desktop\OTL.exe
[2012/08/10 12:51:29 | 000,689,252 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/10 12:51:29 | 000,130,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/10 12:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 12:46:39 | 1207,214,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 12:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 12:44:31 | 002,117,108 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\tdsskiller.zip
[2012/08/10 11:47:44 | 204,845,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/10 11:09:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/10 09:57:14 | 010,665,032 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Derrick Hedstrom\Desktop\AppRemover.exe
[2012/08/09 17:19:38 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.scr
[2012/08/09 17:19:14 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Derrick Hedstrom\Desktop\rkill.exe
[2012/08/09 17:17:30 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\ComboFix.exe
[2012/08/09 16:06:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Derrick Hedstrom\Desktop\dds.com
[2012/08/08 16:49:48 | 000,001,149 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\NueMD.lnk
[2012/08/08 15:12:40 | 003,396,552 | ---- | M] (Axantum Software AB) -- C:\Users\Derrick Hedstrom\Desktop\AxCrypt-1.7.2931.0-Setup.exe
[2012/08/08 14:29:50 | 000,000,393 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.ND
[2012/08/08 14:29:49 | 010,752,000 | R--- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW
[2012/08/08 14:29:49 | 000,851,968 | R--- | M] () -- C:\Users\Derrick Hedstrom\Desktop\Derrick Hedstrom.QBW.TLG
[2012/08/08 11:02:42 | 000,101,491 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\August8.pdf
[2012/08/07 10:22:31 | 013,404,730 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
[2012/08/07 10:20:36 | 010,995,891 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.pdf
[2012/08/07 09:16:20 | 000,016,414 | ---- | M] () -- C:\Users\Derrick Hedstrom\Desktop\statement-Jul-2012 - 0020189080.pdf
[2012/08/06 16:32:40 | 000,001,185 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
[2012/07/26 13:29:34 | 000,177,959 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\Doctor project
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derrick Hedstrom\Desktop\TDSSKiller.exe
[2012/07/17 08:53:54 | 002,162,176 | ---- | M] () -- C:\Users\Derrick Hedstrom\Documents\DVD Covers.pub
[2012/07/16 15:02:14 | 000,027,520 | ---- | M] () -- C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
[2012/07/12 18:18:17 | 000,260,604 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2012/08/10 12:44:29 | 002,117,108 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\tdsskiller.zip
[2012/08/09 16:15:22 | 000,302,592 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\gmer.exe
[2012/08/09 14:12:34 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/08/09 14:12:34 | 000,001,281 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
[2012/08/09 14:12:34 | 000,001,060 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/09 14:12:34 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SideACT!.lnk
[2012/08/08 11:02:41 | 000,101,491 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\August8.pdf
[2012/08/07 10:22:02 | 013,404,730 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.zip
[2012/08/07 10:19:32 | 010,995,891 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Hedstrom 0020189080.pdf
[2012/08/07 09:16:19 | 000,016,414 | ---- | C] () -- C:\Users\Derrick Hedstrom\Desktop\statement-Jul-2012 - 0020189080.pdf
[2012/07/26 13:29:34 | 000,177,959 | ---- | C] () -- C:\Users\Derrick Hedstrom\Documents\Doctor project
[2012/07/16 15:02:14 | 000,027,520 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\dt.dat
[2012/07/12 18:18:17 | 000,260,604 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/06 16:46:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\EmailShared.dll
[2012/01/03 10:20:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/11/21 17:03:30 | 000,001,185 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Roaming\vso_ts_preview.xml
[2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf
[2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\ProgramData\5650k7l7ap22v34yf
[2011/06/09 15:08:42 | 000,000,033 | ---- | C] () -- C:\Windows\MTPPA.BIN
[2011/06/09 12:36:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/09 12:36:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/09 12:36:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/09 12:36:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/09 12:36:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/08 14:54:36 | 000,000,000 | ---- | C] () -- C:\Users\Derrick Hedstrom\defogger_reenable
[2011/06/08 09:12:41 | 000,000,036 | ---- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\housecall.guid.cache
[2011/05/23 10:52:15 | 000,017,600 | -H-- | C] () -- C:\Users\Derrick Hedstrom\11-05-23.asc
[2011/04/20 09:18:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/20 09:18:29 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\@
[2011/04/20 09:17:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/18 16:12:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2011/12/20 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\ACT
[2011/10/19 13:45:42 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\AVG
[2012/08/10 12:57:03 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Dropbox
[2011/12/20 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Interact Commerce
[2011/12/20 14:28:04 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\IsolatedStorage
[2012/08/08 15:13:10 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\OpenCandy
[2012/08/06 09:52:32 | 000,000,000 | ---D | M] -- C:\Users\Derrick Hedstrom\AppData\Roaming\Vso
[2012/08/10 12:31:58 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


OTL Extras logfile created on: 8/10/2012 1:01:31 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Derrick Hedstrom\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 74.64% Memory free
3.00 Gb Paging File | 2.47 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 348.61 Gb Free Space | 74.85% Space Free | Partition Type: NTFS
Drive E: | 483.23 Mb Total Space | 361.41 Mb Free Space | 74.79% Space Free | Partition Type: FAT
Drive S: | 25.69 Gb Total Space | 4.13 Gb Free Space | 16.06% Space Free | Partition Type: NTFS

Computer Name: TREASURY | User Name: Derrick Hedstrom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19ABDEEB-3B53-4C40-B00C-7C2994393F19}" = AxCrypt 1.7.2931.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{D0027269-84EB-467B-9726-C0FDCAE422D6}" = .NET Framework Machine Code Access Security Policy
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Product_Name" = MasterTech Personnel Potential Analysis
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4217141809-3760335584-1917686362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACT!" = ACT!
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2012 10:33:54 AM | Computer Name = Treasury | Source = MsiInstaller | ID = 10005
Description =

Error - 8/10/2012 11:09:03 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 11:32:02 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 11:39:40 AM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 12:02:14 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 12:05:10 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = VSS | ID = 18
Description =

Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = VSS | ID = 8193
Description =

Error - 8/10/2012 12:08:05 PM | Computer Name = Treasury | Source = System Restore | ID = 8193
Description =

Error - 8/10/2012 12:29:49 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2012 12:46:56 PM | Computer Name = Treasury | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/10/2012 12:31:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/10/2012 12:32:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 8/10/2012 12:33:58 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/10/2012 12:46:51 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/10/2012 12:46:56 PM | Computer Name = Treasury | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater11.2.0 service failed to start due to the following
error: %%2


< End of report >

 

[Derrick]

Now it seems to be back to normal. I no longer have any "creeping up" svchost.exe's. Although there still appears to be far too many in my task manager.

 

[Broni]

How are things now?

=================================

You can reinstall AVG at any time.

================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
  [2012/08/09 18:47:56 | 000,000,000 | ---D | C] -- C:\FRST
  [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf
  [2011/07/12 09:13:54 | 000,013,122 | -HS- | C] () -- C:\ProgramData\5650k7l7ap22v34yf
  @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

===================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Derrick]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U folder moved successfully.
C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L folder moved successfully.
C:\FRST\Quarantine\{7df236bd-f013-4ca8-e2f6-c08973fa1e10} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Derrick Hedstrom\AppData\Local\5650k7l7ap22v34yf moved successfully.
C:\ProgramData\5650k7l7ap22v34yf moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\U folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10}\L folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{7df236bd-f013-4ca8-e2f6-c08973fa1e10} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Derrick Hedstrom
->Temp folder emptied: 1676 bytes
->Temporary Internet Files folder emptied: 656003 bytes
->Java cache emptied: 1484906 bytes
->FireFox cache emptied: 63557996 bytes
->Flash cache emptied: 647 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QBDataServiceUser20
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 577459 bytes

Total Files Cleaned = 63.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Derrick Hedstrom
->Java cache emptied: 0 bytes

User: Public

User: QBDataServiceUser20

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Derrick Hedstrom
->Flash cache emptied: 0 bytes

User: Public

User: QBDataServiceUser20

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08102012_133157

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!

PendingFileRenameOperations files...
File C:\FRST\Quarantine not found!

Registry entries deleted on Reboot...