Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll keeps reappearing (ZeroAccess/Sirefef)


  • This topic is locked This topic is locked
26 replies to this topic

#1 Michael Ducharme

Michael Ducharme

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 23 February 2012 - 07:44 AM

Hi,

My 64-bit windows 7 system is infected with ZeroAccess/Sirefef. There were multiple infections, but booting from a few rescue CDs (F-Secure, eSet, Sophos) to run scans got rid of most of them.

consrv.dll keeps getting detected by my anti-virus software (Sophos) as ZAccess-L and it gets blocked. If I delete it reappears within 10 minutes. I have done multiple searches for this and generally if people delete it while booted to a rescue cd or something their computer will not boot. I have booted to a rescue cd and deleted the file and rebooted, but the consrv.dll file comes back on next bootup.

I was expereincing high utilization previously of svchost.exe and services.exe, but I fixed that by fixing the registry key in ControlSetXXX\Control\Session Manager\SubSystems to have the correct winsrv.dll instead of consrv.dll, after doing that my computer performance has returned to essentially normal, but I know I am still infected because consrv.dll keeps coming back and keeps getting detected as a virus, and because my antivirus program is kept very busy in terms of CPU blocking it when it appears.

Combofix log is attached.

I tried running aswMBR.exe but it appears to crash upon a certain stage in the virus scan (always the same spot). If I disable the virus scan in aswmbr then it completes just fine but the info is not very useful.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 24 February 2012 - 02:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2012 - 11:38 AM

Hi Gringo,

Ran the CD emulation disabler like you asked, but it did not ask me to reboot, it said "finished!" immediately after I clicked disable. However my Daemon Tools still appears to be working - is that tool not meant to disable things like Daemon Tools?

Here are the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Michael Ducharme at 10:22:46 on 2012-02-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.2290 [GMT -6:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\LxrSII1s.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\HP Toner Cartridge Authentication\hpcra112.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\MusicLab\MolCp III\monitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe
C:\Program Files (x86)\Zoiper Communicator\Zoiper.exe
C:\Program Files (x86)\f-secure\Online Backup\fshoster32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Liine\Lemur Daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe
C:\Users\Michael Ducharme\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\f-secure\Online Backup\apps\Online Backup\agmailagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Steinberg\Cubase 6\Cubase6.exe
C:\PROGRA~2\ELICEN~1\POS\SYNSOPOS.exe
C:\Program Files\Steinberg\Cubase 6\Components\VideoEngineDecoder.exe
C:\Program Files\Steinberg\Cubase 6\Components\VideoEnginePreloader.exe
C:\Program Files\Steinberg\Cubase 6\Components\VideoEngineOutputer.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\JBridge\auxhost.exe
C:\Windows\TEMP\sophos_autoupdate1.dir\alupdate.exe
C:\Program Files (x86)\Finale 2012\Finale.exe
C:\Program Files\Vienna Ensemble\ViennaEnsemble_x64.exe
C:\Program Files\Vienna Ensemble\vsldaemon.exe
C:\PROGRA~2\ELICEN~1\POS\SYNSOPOS.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\TEMP\hki35224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\TEMP\hki71539.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\TEMP\hki64280.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\58A5T.com
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
uRun: [ZoiperCommunicator] C:\Program Files (x86)\Zoiper Communicator\Zoiper.exe
uRun: [F-Secure Hoster] "C:\Program Files (x86)\f-secure\Online Backup\fshoster32.exe" -app -pointappfamily:300 -hosterid:1
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" -delay=10
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\MICHAE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Michael Ducharme\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MICHAE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pidgin.lnk - C:\Program Files (x86)\Pidgin\pidgin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B0073133-2D9B-4AC6-8AAC-6EB8E9343040} - hxxp://rmx-mcu.gobcn.ca/EMA.Utils/EMA.ClassLoader/EMA.CLASSLOADER/Release/EMA.ClassLoader.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.85.1
TCP: Interfaces\{F084B7BB-8F47-4AF3-8A81-ABCDAEEB34EB} : DhcpNameServer = 192.168.85.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files (x86)\QuickTax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun-x64: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" -delay=10
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael Ducharme\AppData\Roaming\Mozilla\Firefox\Profiles\default.fam\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael Ducharme\AppData\Roaming\Mozilla\plugins\npnzrPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-8-20 6746280]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 LxrSII1d;Secure II Driver;\??\C:\Windows\System32\Drivers\LxrSII1d.sys --> C:\Windows\System32\Drivers\LxrSII1d.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 molcpeth;MusicLab NDIS MolCpEth Protocol;C:\Windows\system32\DRIVERS\molcpeth.sys --> C:\Windows\system32\DRIVERS\molcpeth.sys [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-4 584488]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-4-24 109168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-1-19 163056]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-1-19 97520]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-21 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-21 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-21 166528]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2011-1-19 230640]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-1-19 1541360]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-1 2337144]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-5-26 826896]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\system32\drivers\hdsp_64.sys --> C:\Windows\system32\drivers\hdsp_64.sys [?]
R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2011-3-24 21112]
R3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);C:\Windows\system32\drivers\loopbe30.sys --> C:\Windows\system32\drivers\loopbe30.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;C:\Windows\system32\DRIVERS\mlmolcp3.sys --> C:\Windows\system32\DRIVERS\mlmolcp3.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 synusb64;eLicenser;C:\Windows\system32\DRIVERS\synusb64.sys --> C:\Windows\system32\DRIVERS\synusb64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-10-1 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-10-1 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 HPFXFAX;HPFXFAX;C:\Windows\system32\drivers\hpfx64fax.sys --> C:\Windows\system32\drivers\hpfx64fax.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys --> C:\Windows\system32\DRIVERS\RTL8187.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynUSB64.sys --> C:\Windows\system32\drivers\SynUSB64.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys --> C:\Windows\system32\Drivers\tascusb2.sys [?]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys --> C:\Windows\system32\drivers\tscusb2m.sys [?]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\Windows\system32\drivers\tscusb2a.sys --> C:\Windows\system32\drivers\tscusb2a.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-02-24 04:12:07 84146 ----a-w- C:\Windows\SysWow64\58A5T.com_
2012-02-23 05:43:22 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-22 17:26:43 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-22 01:32:37 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-02-21 18:06:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-21 18:06:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-21 17:44:22 6144 ------w- C:\Windows\System32\BD75.tmp
2012-02-21 17:41:22 6144 ------w- C:\Windows\System32\FAC1.tmp
2012-02-21 04:33:50 6144 ------w- C:\Windows\System32\FAC3.tmp
2012-02-21 04:31:40 6144 ------w- C:\Windows\System32\4E.tmp
2012-02-21 03:17:18 98816 ----a-w- C:\Windows\sed.exe
2012-02-21 03:17:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-21 03:17:18 256000 ----a-w- C:\Windows\PEV.exe
2012-02-21 03:17:18 208896 ----a-w- C:\Windows\MBR.exe
2012-02-20 16:06:03 -------- d-----w- C:\Users\Michael Ducharme\AppData\Roaming\Malwarebytes
2012-02-20 16:05:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-20 16:05:53 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-20 16:05:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-20 15:46:53 -------- d-----w- C:\sophos
2012-02-19 03:19:03 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-19 03:19:03 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-19 03:19:03 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-19 03:19:03 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-19 03:19:03 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-02-19 03:15:24 -------- d--h--w- C:\Windows\PIF
2012-02-18 17:29:40 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-14 21:47:38 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 21:47:37 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 21:47:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 21:47:36 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 04:21:47 -------- d-----w- C:\Program Files (x86)\OSCseq
2012-02-14 03:55:22 -------- d-----w- C:\Users\Michael Ducharme\AppData\Roaming\Xenakios
2012-02-14 03:09:00 -------- d-----w- C:\Program Files (x86)\Ircam
2012-02-12 18:21:28 -------- d-----w- C:\Users\Michael Ducharme\AppData\Roaming\Cycling '74
2012-02-11 20:48:38 -------- d-----w- C:\Users\Michael Ducharme\AppData\Roaming\hexler
2012-02-07 09:26:08 -------- d-----w- C:\Users\Michael Ducharme\AppData\Roaming\AFPClient4Windows
2012-02-05 20:44:30 -------- d-----w- C:\Program Files (x86)\DensityLITE
2012-02-05 01:23:39 -------- d-----w- C:\Program Files (x86)\Liine
2012-02-04 17:23:49 -------- d-----w- C:\Windows\SysWow64\bassmididrv
2012-02-04 16:58:00 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2012-02-04 16:52:36 -------- d-----w- C:\ARENA
.
==================== Find3M ====================
.
2012-02-18 17:29:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-03 18:52:10 212992 ----a-w- C:\Windows\SysWow64\ReWire.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:25:03.83 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2009 4:07:17 AM
System Uptime: 2/23/2012 11:50:58 AM (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K-E
Processor: Intel® Core™2 Quad CPU Q9450 @ 2.66GHz | LGA775 | 2664/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 0.419 GiB free.
D: is FIXED (NTFS) - 1104 GiB total, 76.523 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 294.279 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® PRO/1000 GT Desktop Adapter
Device ID: PCI\VEN_8086&DEV_107C&SUBSYS_13768086&REV_05\4&1542FBD&0&08F0
Manufacturer: Intel
Name: Intel® PRO/1000 GT Desktop Adapter
PNP Device ID: PCI\VEN_8086&DEV_107C&SUBSYS_13768086&REV_05\4&1542FBD&0&08F0
Service: E1G60
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF643878
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF643878
Service: RTL8187
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Acronis Disk Director Suite 11
Acronis Disk Director Home
Adobe AIR
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Altiverb 6
Apple Application Support
Apple Software Update
Arena
Art Vista Malmsjo
Aspell English Dictionary-0.50-2
ATI Catalyst Registration
Audacity 1.2.6
Audio Bro LA Scoring Strings
Audio Extractor for FREE 2011 v2.7.1
AVI To MP4 Converter 1.0
BASSMIDI System Synth
BeatportDownloader
Bing Bar
Blueberry PDF Form Filler
BufferChm
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Check Favorites
ColorPic
Combined Community Codec Pack 2011-06-26
Convert AVI to MP4
Counterpointer
CustomerResearchQFolder
DAEMON Tools Lite
Daggerfall
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DensityLITE
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
Dropbox
Duplicate Cleaner 2.0.6
DVD43 Plug-in v1.0.0.5
DVDFab Passkey 8.0.3.9 (29/09/2011)
EarMaster Pro 5
EASEUS Partition Master 7.0.1 Professional
eLicenser Control
erLT
ESET Online Scanner v3
EWQL Choirs Instrument Update 1.0.4
EWQL Orchestra Free Content Part 2
EWQL Orchestra Free Content Part 3
Exact Audio Copy 1.0beta2
FileZilla Client 3.3.2
Finale 2009
Finale 2010
Finale 2011
Finale 2012
Flickr Uploadr 3.2.1
FTM.2.5.0.BETA.21
Full Video Converter 9
GIMP 2.6.11
GNU Aspell 0.50-3
Google Talk (remove only)
GroupWise Messenger
GTK+ Runtime 2.14.7 rev a (remove only)
GVI
HandBrake 0.9.5
Hauptwerk
Heroes of Might and Magic V
HP Toner Cartridge Authentication
HP Update
hppCLJCM1312
hppFaxDrvCM1312
hppFaxUtilityCM1312
hppFonts
hppLaserJetService
hppManualsCM1312
hppQFolderCM1312
hppScanToCM1312
hppSendFaxCM1312
hppTLBXFXCM1312
hppusgCM1312
HPSSupply
hpzTLBXFX
ImTOO WMV MP4 Converter 6
Internet TV for Windows Media Center
iTunes Library Updater
iZotope Ozone 4
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 26
JBridge
JMicron JMB36X Driver
Junk Mail filter update
LAME v3.98.2 for Audacity
Lemur v3.0.2
LibreOffice 3.4
LoopBe30 - Internal MIDI Ports
MacGAMUT 6
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Masterbeat Downloader
Microsoft Choice Guard
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2010
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Thunderbird 10.0.2 (x86 en-US)
Mp3tag v2.48
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Kontakt 4
Native Instruments Kontakt 4 Factory Content
Native Instruments Kontakt 5
Native Instruments Kontakt Factory Library
Native Instruments Service Center
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nils Liberg's KScript Editor 1.4.7
Online Backup
OpenAL
Orb Runtime libraries
OSCseq
PCM Native Reverb Bundle
PDF Password Remover v3.1
PDFCreator
pdfsam
PE Explorer 1.99 R6
Pidgin
Pivot Software
Plants vs. Zombies
Plogue Bidule (remove only)
PuTTY version 0.60
Quicken 2010
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTax 2009
QuickTax Tracker
QuickTime
ReaPlugs
Reverberate LE 1.005
RMX Manager 7.1
Safari
Sample Modeling The Trumpet
SDK
SeaTools for Windows
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Sibelius 6.1.0.3 Demo
Sibelius 7 OpenType Fonts
Sibelius Scorch (ActiveX Only)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype Click to Call
Skype™ 5.5
Sophos Anti-Rootkit 1.5.20
Sophos Anti-Virus
Sophos AutoUpdate
Sound Set Editor
SPEAR v0.7.4 r.148
Spybot - Search & Destroy 2
StarCalc 5.72
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg Groove Agent ONE Vintage Beatboxes
Steinberg HALion Sonic SE Content
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg LoopMash Content 2
Steinberg REVerence Content 01
Steinberg VST Amp Rack Content 01
SynthFont
System Requirements Lab for Intel
TeamViewer 6
TeamViewer 7
TextPad 5
TGTools Plug-In Collection 2.61
TightVNC 2.0.3
TrayApp
TurboTax 2010
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Vienna Download Manager 2.0
VLC media player 1.1.11
VMware vCenter Converter Standalone
VMware vSphere Client 4.1
VNC Free Edition 4.1.3
Voxengo CurveEQ VST 2.6
VST Bridge 1.1
Waves Diamond Bundle v5.2
WebReg
WinAVI iPod/3GP/MP4/PSP Converter
Windows Ident Server
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
winLAME 2009 beta 2
WinSCP 4.2.7
Xiph.Org Open Codecs 0.85.17777
Zoiper Communicator Free
.
==== Event Viewer Messages From Past Week ========
.
2/24/2012 10:24:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
2/24/2012 10:21:48 AM, Error: SAVOnAccess [10] - The on-access driver failed to scan the boot sector of drive G:.
2/24/2012 1:02:12 AM, Error: SAVOnAccess [10] - The on-access driver failed to scan the boot sector of drive I:.
2/23/2012 9:21:34 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\system32\consrv.DLL.
2/23/2012 9:21:27 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\System32\consrv.dll.
2/23/2012 9:16:43 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again
2/23/2012 9:16:43 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...evice\HarddiskVolume2\Windows\system32\en-US\WUDFHost.exe.mui" (process WUDFHost.exe, start check timestamp [ 1ccf2a297c65f8e]).
2/23/2012 9:16:43 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...evice\HarddiskVolume2\Windows\System32\en-US\WUDFHost.exe.mui" (process taskmgr.exe, start check timestamp [ 1ccf2a2bb7f2ef5]).
2/23/2012 9:16:43 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...evice\HarddiskVolume2\Windows\System32\en-US\WUDFHost.exe.mui" (process taskmgr.exe, start check timestamp [ 1ccf2a297bb62e5]).
2/23/2012 9:16:42 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume4\fsolb-eu_Setup_v_2.2.1.036253\DATA" (process Cubase6.exe, start check timestamp [ 1ccf2a2bafa93b4]).
2/23/2012 9:16:42 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume4\fsolb-eu_Setup_v_2.2.1.036253\DATA" (process Cubase6.exe, start check timestamp [ 1ccf2a297367983]).
2/23/2012 9:16:40 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccf2a2ba28256f]).
2/23/2012 9:16:40 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccf2a2ba27fe5e]).
2/23/2012 9:16:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccf2a2b8e08573]).
2/23/2012 9:16:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccf2a2951cb963]).
2/23/2012 7:23:18 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/23/2012 5:10:12 AM, Error: SAVOnAccess [5] - The on-access driver failed to read from file \Users\Michael Ducharme\Desktop\devil container.mp4.
2/23/2012 5:10:10 AM, Error: SAVOnAccess [5] - The on-access driver failed to read from file \Windows\AppPatch\sysmain.sdb.
2/23/2012 3:10:02 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "8" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
2/23/2012 3:08:14 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
2/23/2012 3:08:14 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
2/23/2012 2:49:07 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: A thread could not be created for the service.
2/23/2012 2:48:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
2/23/2012 2:48:07 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/23/2012 2:46:39 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/23/2012 11:59:47 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/23/2012 11:53:58 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/23/2012 11:52:36 AM, Error: Service Control Manager [7023] -
2/23/2012 11:49:51 AM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
2/23/2012 11:49:41 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/22/2012 11:40:14 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/22/2012 11:38:19 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/22/2012 11:37:42 PM, Error: Application Popup [1060] - \??\C:\ComboFix2\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/22/2012 10:48:10 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
2/22/2012 10:44:19 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
2/22/2012 10:43:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/22/2012 10:43:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/22/2012 10:43:54 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/21/2012 12:25:34 PM, Error: NetBT [4300] - The driver could not be created.
2/21/2012 11:44:23 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
2/21/2012 11:44:23 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\BD75.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/21/2012 11:41:22 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\FAC1.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/21/2012 11:28:06 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\FAC3.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/21/2012 11:25:13 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\4E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...ws\system32\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process services.exe, (start check timestamp [ 1ccf066b8057a75]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...tomaticDestinations\969252ce11249fdd.automaticDestinations-ms]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf065bcc7fcc2]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...evice\HarddiskVolume2\Windows\SysWOW64\en-US\WerFault.exe.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf065baba98e1]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Users\MICHAE~1\AppData\Local\Temp\nsma]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process thunderbird.ex, (start check timestamp [ 1ccf06715c1c121]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Users\MICHAE~1\AppData\Local\Temp\nsma]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process thunderbird.ex, (start check timestamp [ 1ccf06715bb0a48]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...d\Profiles\default\jjdok4qr.slt\ImapMail\imap.gmail.com\INBOX]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process thunderbird.ex, (start check timestamp [ 1ccf06715beb3d6]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...cure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di4730]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf066f1a636d9]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\NLSData0026.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf06696795735]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\hdsp32.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf0669f6bd0de]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf066f1901676]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf065a414fe6d]) filename continues: "...g\Thunderbird\Profiles\default\jjdok4qr.slt\ImapMail\imap.gmail.com\INBOX"
2/21/2012 1:04:42 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf065935bbe3d]) filename continues: "...Mozilla\Firefox\Profiles\default.fam\Cache\3\EA\51DA8d01"
2/21/2012 1:04:42 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0658c3076ad]) filename continues: "...i-Virus\rkdisk.dll"
2/21/2012 1:04:42 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...lume2\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll" (process prevx.exe, start check timestamp [ 1ccf0671598dbc8]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...lume2\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll" (process mbamservice.ex, start check timestamp [ 1ccf06715970701]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...lume2\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll" (process mbamservice.ex, start check timestamp [ 1ccf0671596dff1]).
2/21/2012 1:04:42 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...lume2\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll" (process mbamservice.ex, start check timestamp [ 1ccf06715961c9e]).
2/21/2012 1:04:22 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Roamin ..." of process thunderbird.ex, start check timestamp [ 1ccf065a414fe6d] did not complete in time: file was not scanned.
2/21/2012 1:03:55 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process firefox.exe, start check timestamp [ 1ccf065935bbe3d] did not complete in time: file was not scanned.
2/21/2012 1:03:42 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Ant ..." of process mbamservice.ex, start check timestamp [ 1ccf0658c3076ad] did not complete in time: file was not scanned.
2/21/2012 1:03:41 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0658c05204b]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di4730"
2/21/2012 1:03:41 AM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0658bee8ab6]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/21/2012 1:03:41 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf0658c05204b] did not complete in time: file was not scanned.
2/21/2012 1:03:41 AM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf0658bee8ab6] did not complete in time: file was not scanned.
2/20/2012 9:27:12 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/20/2012 9:17:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
2/20/2012 6:58:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/20/2012 6:58:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/20/2012 6:56:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 6:56:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 6:56:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/20/2012 6:56:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/20/2012 6:56:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/20/2012 6:56:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/20/2012 6:54:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache pxrts SAVOnAccess spldr Wanarpv6
2/20/2012 6:54:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
2/20/2012 6:54:54 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 6:54:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 6:46:22 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
2/20/2012 3:26:19 PM, Error: SAVOnAccess [85] - File [...nes\iTunesHelper.Resources\nl.lproj\iTunesHelperLocalized.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process rundll32.exe, (start check timestamp [ 1ccf01648e2d910]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...ws\system32\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process services.exe, (start check timestamp [ 1ccf014e4363837]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Volume2\Users\Ian Doucette\Pictures\2011-10-15\096 - Copy.JPG]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process wmpnetwk.exe, (start check timestamp [ 1ccf01648c64ff5]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648d9b12e]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648cfc5f9]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648c3b7db]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0164896b3c3]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf016488e0112]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648475a19]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...figuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process hpcra112.exe, (start check timestamp [ 1ccf014e4385b1f]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...es (x86)\HP\HP Color LaserJet CM1312 MFP Series\configure.ini]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process hppfaxprinters, (start check timestamp [ 1ccf0164893cd88]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\windows\system32\sccls.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf014e55763e3]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\jscript.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf014ea877045]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\windows\system32\cscui.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf014e4b52e13]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648e019e6]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648d80377]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648d0d76d]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648c90f1f]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648c0d1a0]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648981358]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01648910e5d]).
2/20/2012 3:26:18 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\system32\hppfaxprinter5.ini ..." of process hppfaxprinters, start check timestamp [ 1ccf014e2f3051b] did not complete in time: file was not scanned.
2/20/2012 3:26:18 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\Installer\2d16a217.msi ..." of process rundll32.exe, start check timestamp [ 1ccf014e3238bb1] did not complete in time: file was not scanned.
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf016483ece79]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0164832723b]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0164828ae16]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf014e2a7f142]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...ogramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ALUpdate.exe, (start check timestamp [ 1ccf016482a82dd]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...kVolume2\ProgramData\Sophos\AutoUpdate\cache\savxp\reinit.bat]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ALUpdate.exe, (start check timestamp [ 1ccf01648302842]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf016483e5947]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf016483669ea]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0164828fc37]).
2/20/2012 3:26:17 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf014e2872257]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/20/2012 3:26:17 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf014e28637f3]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37"
2/20/2012 3:18:13 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf0152788a261]).
2/20/2012 3:18:10 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf01525feef5d]).
2/20/2012 3:18:06 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Program Files (x86)\desktop.ini" (process firefox.exe, start check timestamp [ 1ccf0152320caed]).
2/20/2012 3:18:03 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\WSOCK32.dll" (process spoolsv.exe, start check timestamp [ 1ccf015217d26e8]).
2/20/2012 3:18:03 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\icmp.dll" (process spoolsv.exe, start check timestamp [ 1ccf015217d9c1a]).
2/20/2012 3:18:03 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\hpzjcd01.dll" (process spoolsv.exe, start check timestamp [ 1ccf015217cd8c7]).
2/20/2012 3:18:03 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf015217a40ad]).
2/20/2012 3:18:03 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf015217844d6]).
2/20/2012 3:17:52 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\netutils.dll" (process SearchProtocol, start check timestamp [ 1ccf014f70e1a99]).
2/20/2012 3:13:56 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/20/2012 3:13:56 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...u\Programs\JMicron Technology Corp\JMB36X Raid Configurer.lnk]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process prevx.exe, (start check timestamp [ 1ccf0148dd634e1]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148ddf35b3]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148ddd39db]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148ddb6514]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148dd9693d]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148dd74655]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148dd5718e]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0148dd34ea6]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\windows\system32\en-US\defrag.exe.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf0148dd54a7e]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\adtschema.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf013b365cd62]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01317f618fd]) filename continues: "...g\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01317f618fd]) filename continues: "....lnk"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01307b34309]) filename continues: "...osoft Shared\OFFICE14\MSO.DLL"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0130677d83b]) filename continues: "...1.209.3492__d1dd664d35c131f4\hpodb112.exe"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01305f0a4e0]) filename continues: "...5\071 - Copy (2).JPG"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01305b03f8f]) filename continues: "...\F-SECU~1\RESUME~1\block#_0"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01305192d79]) filename continues: "...ance\en-US\DiagPackage.dll.mui"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01304bcb43e]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01304a8ddd4]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01304a84191]) filename continues: "...rManager.dll"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0130444c35c]) filename continues: "....exe"
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccf0148da9a5fa]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...me2\Users\Ian Doucette\Pictures\2011-10-15\071 - Copy (2).JPG" (process wmpnetwk.exe, start check timestamp [ 1ccf0148da9a5fa]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...diskVolume2\Program Files (x86)\HP\Common\TransferManager.dll" (process mbamservice.ex, start check timestamp [ 1ccf0148dabeff3]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...diskVolume2\Program Files (x86)\HP\Common\TransferManager.dll" (process mbamservice.ex, start check timestamp [ 1ccf0148dab7ac1]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk" (process prevx.exe, start check timestamp [ 1ccf0148daa694d]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\HarddiskVolume2\Windows\SysWOW64\wbem\en-US\wmiutils.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf0148da9a5fa]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\HarddiskVolume2\Windows\SysWOW64\wbem\en-US\wmiutils.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf0148da97ee9]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\wmiutils.dll" (process mbamservice.ex, start check timestamp [ 1ccf0148dac3e14]).
2/20/2012 3:13:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\dui70.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf0148daa423c]).
2/20/2012 3:13:54 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\dui70.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf014691fa0d3]).
2/20/2012 3:13:28 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Roamin ..." of process prevx.exe, start check timestamp [ 1ccf01317f618fd] did not complete in time: file was not scanned.
2/20/2012 3:13:02 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Common Files\Micr ..." of process Skype.exe, start check timestamp [ 1ccf01307b34309] did not complete in time: file was not scanned.
2/20/2012 3:12:59 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\hpodb112\1. ..." of process hpcra112.exe, start check timestamp [ 1ccf0130677d83b] did not complete in time: file was not scanned.
2/20/2012 3:12:58 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Ian Doucette\Pictures\2011-10-1 ..." of process wmpnetwk.exe, start check timestamp [ 1ccf01305f0a4e0] did not complete in time: file was not scanned.
2/20/2012 3:12:57 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\MICHAE~1\AppData\Local\F-SECU~1 ..." of process fshoster32.exe, start check timestamp [ 1ccf01305b03f8f] did not complete in time: file was not scanned.
2/20/2012 3:12:56 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\diagnostics\scheduled\Mainten ..." of process taskhost.exe, start check timestamp [ 1ccf01305192d79] did not complete in time: file was not scanned.
2/20/2012 3:12:56 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf01304bcb43e] did not complete in time: file was not scanned.
2/20/2012 3:12:56 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf01304a8ddd4] did not complete in time: file was not scanned.
2/20/2012 3:12:56 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\HP\Common\Transfe ..." of process mbamservice.ex, start check timestamp [ 1ccf01304a84191] did not complete in time: file was not scanned.
2/20/2012 3:12:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\wbem\wmiutils.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf0130474869f] did not complete in time: file was not scanned.
2/20/2012 3:12:55 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent ..." of process explorer.exe, start check timestamp [ 1ccf0130444c35c] did not complete in time: file was not scanned.
2/20/2012 3:12:54 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\en-US\dui70.dll.mui ..." of process mbamservice.ex, start check timestamp [ 1ccf013037eb156] did not complete in time: file was not scanned.
2/20/2012 3:12:54 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@ ..." of process ALUpdate.exe, start check timestamp [ 1ccf013037b2ed9] did not complete in time: file was not scanned.
2/20/2012 3:04:13 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting.
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf013008c1a39]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf013008abaa4]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0130086c2f5]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf012dca70a0d]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\nci.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf012dcb3664b]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\ksproxy.ax.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf01300873827]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf012dca6bbeb]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf013008d049d]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf013008b2fd6]).
2/20/2012 3:02:49 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf012dca5d188]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf0117741c4df]) filename continues: "....exe"
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process svchost.exe, start check timestamp [ 1ccf01300713ed5]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Mozilla\Firefox\Profiles\default.fam\lightweighttheme-footer" (process firefox.exe, start check timestamp [ 1ccf012dca7cd5f]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf0130074250f]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WmiPrvSE.exe" (process mbamservice.ex, start check timestamp [ 1ccf0130077325b]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WmiPrvSE.exe" (process mbamservice.ex, start check timestamp [ 1ccf0130071b406]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WmiPrvSE.exe" (process mbamservice.ex, start check timestamp [ 1ccf01300718cf6]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\wdc.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf01300769619]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\wdc.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf01300713ed5]).
2/20/2012 3:02:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...(x86)\sibelius software\sound set editor\sound set editor.exe" (process explorer.exe, start check timestamp [ 1ccf012dca7f470]).
2/20/2012 3:01:49 PM, Error: SAVOnAccess [85] - File [...iskVolume2\Program Files\Garritan\ARIA Player\ARIA Player.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf01177c9bb8d]).
2/20/2012 3:01:49 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\en-US\wdc.dll.mui ..." of process mbamservice.ex, start check timestamp [ 1ccf011774a9ea0] did not complete in time: file was not scanned.
2/20/2012 3:01:49 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent ..." of process svchost.exe, start check timestamp [ 1ccf0117741c4df] did not complete in time: file was not scanned.
2/20/2012 3:01:48 PM, Error: SAVOnAccess [85] - File [...me2\Users\Ian Doucette\Pictures\2011-10-15\069 - Copy (2).JPG]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process wmpnetwk.exe, (start check timestamp [ 1ccf01177c72373]).
2/20/2012 3:01:48 PM, Error: SAVOnAccess [85] - File [...\Mozilla\Firefox\Profiles\default.fam\lightweighttheme-header]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process firefox.exe, (start check timestamp [ 1ccf011775af28e]).
2/20/2012 3:01:48 PM, Error: SAVOnAccess [85] - File [...\Local\Mozilla\Firefox\Profiles\default.fam\Cache\_CACHE_MAP_]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process firefox.exe, (start check timestamp [ 1ccf011770d6dab]).
2/20/2012 3:01:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\assembly\temp\@]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf011bd7a90f8]).
2/20/2012 3:01:48 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01176facfc5]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/20/2012 3:01:48 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01176f9491f]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37"
2/20/2012 3:01:48 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01176f5edb3]) filename continues: "...ecomponent.dll"
2/20/2012 3:01:48 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf01176e1a217]) filename continues: "...rPic.exe"
2/20/2012 3:01:48 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WmiPrvSE.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf011770c8348] did not complete in time: file was not scanned.
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf012cf5f2fc4]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf012cf5b3816]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf012cf54cf5e]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf012cf5f56d5]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf012cf5f2fc4]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf012cf5b3816]).
2/20/2012 3:01:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf012cf54cf5e]).
2/20/2012 3:00:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
2/20/2012 2:58:54 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...GAC_MSIL\hpocc112\1.1.209.3492__594bb8ffd5de01d2\hpocc112.dll" (process hpcra112.exe, start check timestamp [ 1ccf01274e28fe5]).
2/20/2012 2:58:54 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...GAC_MSIL\hpocc112\1.1.209.3492__594bb8ffd5de01d2\hpocc112.dll" (process hpcra112.exe, start check timestamp [ 1ccf01274de2305]).
2/20/2012 2:58:54 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...GAC_MSIL\hpocc112\1.1.209.3492__594bb8ffd5de01d2\hpocc112.dll" (process hpcra112.exe, start check timestamp [ 1ccf012510a2a18]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0117684dabb]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0117683a236]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf011768290c2]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0117681312d]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf011767f3556]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...olume2\ProgramData\Adobe\ARM\Reader_10.1.1\AdbeRdrUpd1012.msp]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AdobeARM.exe, (start check timestamp [ 1ccf01152d496f4]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01176848c9a]).
2/20/2012 2:51:48 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf01176835415]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [85] - File [...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0115691acf8]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Prefetch\Layout.ini]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf010ee06ab98]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf011766ce591]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf011766c494f]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf011766c223e]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf011766bad0d]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\HarddiskVolume2\Program Files (x86)\Exact Audio Copy\EAC.exe" (process explorer.exe, start check timestamp [ 1ccf011766c9770]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\msidle.dll" (process mbamservice.ex, start check timestamp [ 1ccf01152a82f1e]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "... Files (x86)\Pidgin\Gtk\share\themes\MS-Windows\gtk-2.0\gtkrc" (process pidgin.exe, start check timestamp [ 1ccf01152a82f1e]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf011766ce591]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf011766c223e]).
2/20/2012 2:51:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf01152a7b9ec]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf0112ed52095]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\System32\hgcpl.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf010e7035eff]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...olume2\ProgramData\Adobe\ARM\Reader_10.1.1\AdbeRdrUpd1012.msp" (process AdobeARM.exe, start check timestamp [ 1ccf011529babcf]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Device\HarddiskVolume2\Windows\SysWOW64\en-US\msacm32.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf011529a734a]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Device\HarddiskVolume2\Windows\SysWOW64\en-US\msacm32.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf0112ed65919]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Program Files (x86)\Pidgin\Gtk\etc\gtk-2.0\gtkrc" (process pidgin.exe, start check timestamp [ 1ccf0112ed854f1]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1ccf011529c2101]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf011529e6af9]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf011529a734a]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf0115299d708]).
2/20/2012 2:50:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf011529961d6]).
2/20/2012 2:49:47 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf010e704be94]).
2/20/2012 2:48:57 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ix_windows__0_8_22\IanniX\Documentation\Common\img\setpos.jpg" (process wmpnetwk.exe, start check timestamp [ 1ccf01110aa0f4f]).
2/20/2012 2:48:56 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ix_windows__0_8_22\IanniX\Documentation\Common\img\script.jpg" (process wmpnetwk.exe, start check timestamp [ 1ccf011106d538b]).
2/20/2012 2:48:56 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ix_windows__0_8_22\IanniX\Documentation\Common\img\center.jpg" (process wmpnetwk.exe, start check timestamp [ 1ccf011103b1f3f]).
2/20/2012 2:48:55 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...annix_windows__0_8_22\IanniX\Documentation\Common\img\add.jpg" (process wmpnetwk.exe, start check timestamp [ 1ccf0110ff7d3b3]).
2/20/2012 2:48:48 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf0110b4620ea]).
2/20/2012 2:48:47 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf010e7024d8b]).
2/20/2012 2:48:47 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Program Files (x86)\Pidgin\freebl3.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf010e7024d8b]).
2/20/2012 2:48:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf010e75577d2]).
2/20/2012 2:47:47 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00f815e29b1]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/20/2012 2:47:47 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00f815d3f4e]) filename continues: "...l"
2/20/2012 2:47:47 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00f815d183d]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37"
2/20/2012 2:40:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00fe03fbaca]).
2/20/2012 2:40:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00fe03f93b9]).
2/20/2012 2:40:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00fe03f4598]).
2/20/2012 2:40:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00fe03fbaca]).
2/20/2012 2:40:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00fe03f93b9]).
2/20/2012 2:39:26 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@ ..." of process svchost.exe, start check timestamp [ 1ccf00e56dc85e2] did not complete in time: file was not scanned.
2/20/2012 2:39:26 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@ ..." of process svchost.exe, start check timestamp [ 1ccf00e56dab11b] did not complete in time: file was not scanned.
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00f81457135]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00f5d64cde9]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Program Files (x86)\Pidgin\sqlite3.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00f5d65431a]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\msdmo.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00f399716a3]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\services.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf00f5832025c]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\assembly\temp\@]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf00e62152782]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [... Files (x86)\Common Files\Adobe\ARM\1.0\AdobeExtractFiles.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00f5d65df5d]).
2/20/2012 2:37:47 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00f8146a9b9]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd522ebbe]) filename continues: "...e\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd5200583]) filename continues: "....exe"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd4ddcb6b]) filename continues: "...g\Mozilla\Firefox\Profiles\default.fam\lightweighttheme-header"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd3ff00e8]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\recover\ScanData"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd3fdc863]) filename continues: "...l"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd3fda152]) filename continues: "...ibeay32.dll"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd3fd7a42]) filename continues: "...F-Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37"
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf00f5d62ab01]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf00f5d625ce0]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf00f5d6235cf]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Device\HarddiskVolume2\Program Files (x86)\Pidgin\sqlite3.dll" (process mbamservice.ex, start check timestamp [ 1ccf00f5d606108]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\libeay32.dll" (process prevx.exe, start check timestamp [ 1ccf00f5d625ce0]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\libeay32.dll" (process mbamservice.ex, start check timestamp [ 1ccf00f5d60d63a]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\libeay32.dll" (process mbamservice.ex, start check timestamp [ 1ccf00f5d6039f7]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\TEMP\sophos_autoupdate1.dir\LIBEAY32.dll" (process ALUpdate.exe, start check timestamp [ 1ccf00f5d6283f0]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\imapi2.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf00f5d60fd4a]).
2/20/2012 2:36:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\imapi2.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf00f5d6012e7]).
2/20/2012 2:35:48 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkServic ..." of process wmpnetwk.exe, start check timestamp [ 1ccf00dd522ebbe] did not complete in time: file was not scanned.
2/20/2012 2:35:48 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Roamin ..." of process firefox.exe, start check timestamp [ 1ccf00dd4ddcb6b] did not complete in time: file was not scanned.
2/20/2012 2:35:48 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent ..." of process svchost.exe, start check timestamp [ 1ccf00dd5200583] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00dd3fb7e6a]) filename continues: "....exe"
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\l ..." of process mbamservice.ex, start check timestamp [ 1ccf00dd3fda152] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\msdmo.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf00dd3f64e37] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\en-US\imapi2.dll.mui ..." of process mbamservice.ex, start check timestamp [ 1ccf00dd3ff00e8] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@ ..." of process PING.EXE, start check timestamp [ 1ccf00dd3fb7e6a] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf00dd3ff00e8] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Local\ ..." of process fshoster32.exe, start check timestamp [ 1ccf00dd3fd7a42] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent ..." of process uTorrent.exe, start check timestamp [ 1ccf00dd3fb7e6a] did not complete in time: file was not scanned.
2/20/2012 2:35:46 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Pidgin\sqlite3.dl ..." of process mbamservice.ex, start check timestamp [ 1ccf00dd3fdc863] did not complete in time: file was not scanned.
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34fab86]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34f0f44]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34e4bf1]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34d136d]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00daf9d6be8]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\shunimpl.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00daf7e98d5]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34e4bf1]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34cec5c]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34ac974]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00dd34a0621]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Windows\SysWOW64\PhotoMetadataHandler.dll" (process mbamservice.ex, start check timestamp [ 1ccf00daf801f7a]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Windows\system32\PhotoMetadataHandler.dll" (process wmpnetwk.exe, start check timestamp [ 1ccf00dd344d5ee]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Windows\System32\PhotoMetadataHandler.dll" (process prevx.exe, start check timestamp [ 1ccf00dd344d5ee]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll" (process mbamservice.ex, start check timestamp [ 1ccf00dd343c47a]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll" (process mbamservice.ex, start check timestamp [ 1ccf00dd3439d69]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll" (process mbamservice.ex, start check timestamp [ 1ccf00daf7fd159]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf00dd3457230]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf00dd344fcfe]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf00dd341054f]).
2/20/2012 2:25:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf00dd340b72e]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00d8b8d7a8b]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00c25eab647]) filename continues: "...Organ\Hauptwerk (alt config 1).exe"
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37" (process fshoster32.exe, start check timestamp [ 1ccf00d8b91c05b]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rddiskVolume2\Program Files (x86)\Mozilla Firefox\nssdbm3.dll" (process mbamservice.ex, start check timestamp [ 1ccf00d8b8d7a8b]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...les\Hauptwerk Virtual Pipe Organ\Hauptwerk (alt config 1).exe" (process explorer.exe, start check timestamp [ 1ccf00daf53deb4]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe" (process mbamservice.ex, start check timestamp [ 1ccf00daf56ec00]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe" (process mbamservice.ex, start check timestamp [ 1ccf00daf56c4ef]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ddiskVolume2\Windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe" (process mbamservice.ex, start check timestamp [ 1ccf00daf569ddf]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\vsstrace.dll" (process mbamservice.ex, start check timestamp [ 1ccf00daf542cd6]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\vsstrace.dll" (process mbamservice.ex, start check timestamp [ 1ccf00daf5405c5]).
2/20/2012 2:24:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\esent.dll" (process mbamservice.ex, start check timestamp [ 1ccf00daf5405c5]).
2/20/2012 2:23:45 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di37]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00c25e7d00c]).
2/20/2012 2:23:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00c25ed2750]).
2/20/2012 2:23:45 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\vsstrace.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf00c25ed7571] did not complete in time: file was not scanned.
2/20/2012 2:23:45 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\esent.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf00c25e510e2] did not complete in time: file was not scanned.
2/20/2012 2:23:45 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files\Hauptwerk Virtual Pipe ..." of process explorer.exe, start check timestamp [ 1ccf00c25eab647] did not complete in time: file was not scanned.
2/20/2012 2:21:45 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00bddfae4f0]) filename continues: "...o and Music Apps - Installs Patches and License Info etc\DebugView\Dbgview.exe"
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00c49b53930]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00c49b5121f]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00c49b4eb0f]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00c49b4c3fe]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@" (process svchost.exe, start check timestamp [ 1ccf00c49b49cee]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c49b5121f]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c49b4eb0f]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c49b4c3fe]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c25f0d0de]).
2/20/2012 2:14:45 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@.
2/20/2012 2:13:46 PM, Error: SAVOnAccess [85] - File [...skVolume2\Users\Michael Ducharme\Downloads\Dropbox 1.1.35.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ipoint.exe, (start check timestamp [ 1ccf00c01e99231]).
2/20/2012 2:13:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\PING.EXE.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00bdde560cf]).
2/20/2012 2:13:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000032.@]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process pidgin.exe, (start check timestamp [ 1ccf00bb9313dca]).
2/20/2012 2:13:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\assembly\temp\@]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf00bfcfb98d6]).
2/20/2012 2:13:45 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf00c25e11933]).
2/20/2012 2:13:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...line Backup\F-Secure Online Backup\Tmp\AGBackup\SelectionList" (process fshoster32.exe, start check timestamp [ 1ccf00c25ac4ccd]).
2/20/2012 2:13:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process taskmgr.exe, start check timestamp [ 1ccf00c25ac4ccd]).
2/20/2012 2:13:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c1aa2d22e]).
2/20/2012 2:13:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c1aa235eb]).
2/20/2012 2:13:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\assembly\temp\U\80000004.@" (process svchost.exe, start check timestamp [ 1ccf00c1a9a1f7d]).
2/20/2012 2:12:47 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di30" (process fshoster32.exe, start check timestamp [ 1ccf00c03ad41ce]).
2/20/2012 2:12:46 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...2\Users\Michael Ducharme\Pictures\Copy of Sample Pictures.lnk" (process fshoster32.exe, start check timestamp [ 1ccf00c02c57679]).
2/20/2012 2:12:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\vssapi.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00bdde9f4c0]).
2/20/2012 2:12:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...nline Backup\F-Secure Online Backup\Tmp\AGBackup\GlobalFilter" (process fshoster32.exe, start check timestamp [ 1ccf00c027a89b0]).
2/20/2012 2:12:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process taskmgr.exe, start check timestamp [ 1ccf00bde370471]).
2/20/2012 2:12:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...-Secure Online Backup\F-Secure Online Backup\recover\ScanData" (process fshoster32.exe, start check timestamp [ 1ccf00c02858659]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [85] - File [...ns\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\dwhelper.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process firefox.exe, (start check timestamp [ 1ccf00bdded9e4e]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\PING.EXE]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00bdde9cdb0]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process utt2BEF.tmp.ex, start check timestamp [ 1ccf00c01d21239]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...gram Files (x86)\GIMP-2.0\lib\gimp\2.0\plug-ins\despeckle.exe" (process ipoint.exe, start check timestamp [ 1ccf00c01d4f874]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...emoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll" (process MOM.exe, start check timestamp [ 1ccf00c01c9d4ba]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...2\Program Files (x86)\DensityLITE\DensityLITE\DensityLITE.exe" (process ipoint.exe, start check timestamp [ 1ccf00c01d21239]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...2\Program Files (x86)\DensityLITE\DensityLITE\DensityLITE.exe" (process ipoint.exe, start check timestamp [ 1ccf00c01c87525]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\ncrypt.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf00c01d0b2a3]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\ncrypt.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf00c01d03d72]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\ncrypt.dll.mui" (process mbamservice.ex, start check timestamp [ 1ccf00c01c6ee7f]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...- Installs Patches and License Info etc\DebugView\Dbgview.exe" (process ipoint.exe, start check timestamp [ 1ccf00c01c40844]).
2/20/2012 2:12:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...- Installs Patches and License Info etc\DebugView\Dbgview.exe" (process ipoint.exe, start check timestamp [ 1ccf00c01c3e133]).
2/20/2012 2:11:45 PM, Error: SAVOnAccess [85] - File [...les\Hauptwerk Virtual Pipe Organ\Hauptwerk (alt config 2).exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf00bb98fb2dd]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [85] - File [...Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00bb9c98865]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [85] - File [...\Michael Ducharme\Downloads\XL_Engine_Release_02\DaggerXL.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ipoint.exe, (start check timestamp [ 1ccf00bb9d680e6]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00a54517e41]) filename continues: "....exe"
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\ProgramData\Adobe\ARM\Reader_10.1.1\Reader10Manifest.msi" (process AdobeARM.exe, start check timestamp [ 1ccf00bddb660df]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\ProgramData\Adobe\ARM\Reader_10.1.1\Reader10Manifest.msi" (process AdobeARM.exe, start check timestamp [ 1ccf00bb9d5e4a4]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...iskVolume2\Program Files (x86)\Sophos\AutoUpdate\ALUpdate.exe" (process ALsvc.exe, start check timestamp [ 1ccf00bddb612be]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...iskVolume2\Program Files (x86)\Sophos\AutoUpdate\ALUpdate.exe" (process ALsvc.exe, start check timestamp [ 1ccf00bb9e0ba3c]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process prevx.exe, start check timestamp [ 1ccf00bddb835a6]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ice\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent.exe" (process mbamservice.ex, start check timestamp [ 1ccf00bddb72432]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Michael Ducharme\Downloads\XL_Engine_Release_02\DaggerXL.exe" (process itype.exe, start check timestamp [ 1ccf00bb9d74439]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\wbem\WMIADAP.exe" (process mbamservice.ex, start check timestamp [ 1ccf00bb9dff6e9]).
2/20/2012 2:11:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\authz.dll" (process mbamservice.ex, start check timestamp [ 1ccf00bb9dee575]).
2/20/2012 2:10:45 PM, Error: SAVOnAccess [85] - File [...n\HauptwerkApplication\Executable-MIDISequencer\Hauptwerk.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf00a57d7f318]).
2/20/2012 2:10:44 PM, Error: SAVOnAccess [85] - File [...\HarddiskVolume2\Program Files\Steinberg\Cubase 6\Cubase6.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process itype.exe, (start check timestamp [ 1ccf00a5aa52759]).
2/20/2012 2:10:44 PM, Error: SAVOnAccess [85] - File [...\HarddiskVolume2\Program Files\Steinberg\Cubase 6\Cubase6.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf00a5aab9011]).
2/20/2012 2:10:44 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\uTorrent\uTorrent ..." of process mbamservice.ex, start check timestamp [ 1ccf00a54517e41] did not complete in time: file was not scanned.
2/20/2012 2:10:43 PM, Error: SAVOnAccess [85] - File [...ume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf00a5f89357e]).
2/20/2012 2:10:43 PM, Error: SAVOnAccess [85] - File [...\HarddiskVolume2\Program Files\Steinberg\Cubase 6\Cubase6.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ipoint.exe, (start check timestamp [ 1ccf00a5aab6900]).
2/20/2012 2:10:43 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\msisip.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00a53ea2f6e]).
2/20/2012 2:10:43 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\dxtrans.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf00a53ef5fa2]).
2/20/2012 2:10:43 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\assembly\temp\cfg.ini]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1ccf00a71e3f6cb]).
2/20/2012 2:10:43 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf00a53eeea70]) filename continues: "...Organ\Hauptwerk (alt config 2).exe"
2/20/2012 2:10:43 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files\Hauptwerk Virtual Pipe ..." of process explorer.exe, start check timestamp [ 1ccf00a53eeea70] did not complete in time: file was not scanned.
2/20/2012 2:02:47 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
2/20/2012 10:45:07 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/20/2012 10:45:07 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/20/2012 10:44:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:44:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/20/2012 10:44:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/20/2012 10:43:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache NetBIOS NetBT nsiproxy Psched pxrts rdbss SAVOnAccess spldr tdx Wanarpv6 WfpLwf
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The VMware vCenter Converter Standalone Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/20/2012 10:43:51 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/20/2012 10:29:31 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
2/20/2012 10:29:26 AM, Error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
2/20/2012 10:29:25 AM, Error: SAVOnAccess [37] - Driver threads still active when driver is being shutdown.
2/20/2012 10:26:39 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {24DC0815-9D82-47FD-81B3-11DE033EF7A3}. The error: "740" Happened while starting this command: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" -Embedding
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...Secure Online Backup\F-Secure Online Backup\Tmp\AGBackup\di39]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf050e51ce4ed]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...ogramData\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ALUpdate.exe, (start check timestamp [ 1ccf050e549c1f5]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...kVolume2\ProgramData\Sophos\AutoUpdate\cache\savxp\reinit.bat]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ALUpdate.exe, (start check timestamp [ 1ccf050e55533d0]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...gram Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e54ea407]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process taskmgr.exe, (start check timestamp [ 1ccf050e551ff74]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process taskmgr.exe, (start check timestamp [ 1ccf050e54f1939]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...ce\HarddiskVolume2\Program Files (x86)\TightVNC\tvnserver.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf050e5aaf631]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...ce\HarddiskVolume2\Program Files (x86)\Finale 2012\Finale.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process explorer.exe, (start check timestamp [ 1ccf050e5791006]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...762b-4020-b5ad-a41df1933103}\components\calStorageCalendar.js]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process thunderbird.ex, (start check timestamp [ 1ccf050e54f1939]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\USERENV.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e5bcf7d5]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\CRYPTBASE.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e55581f1]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Program Files (x86)\OSCseq\OSCseq.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process itype.exe, (start check timestamp [ 1ccf04f810b26c8]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Program Files (x86)\OSCseq\OSCseq.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ipoint.exe, (start check timestamp [ 1ccf04f810b26c8]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [85] - File [...-Secure Online Backup\F-Secure Online Backup\recover\ScanData]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process fshoster32.exe, (start check timestamp [ 1ccf050e51e6b93]).
2/20/2012 10:25:52 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf04f7fb507a6]) filename continues: "...r.exe"
2/20/2012 10:25:52 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf04f7f8dd003]) filename continues: "...e.exe"
2/20/2012 10:25:52 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf04f7f81e8f6]) filename continues: "...e"
2/20/2012 10:25:52 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\windows\system32\wfs.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf04f7fa7e815] did not complete in time: file was not scanned.
2/20/2012 10:25:52 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\TightVNC\tvnserve ..." of process explorer.exe, start check timestamp [ 1ccf04f7fb507a6] did not complete in time: file was not scanned.
2/20/2012 10:25:52 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Program Files (x86)\Finale 2012\Final ..." of process explorer.exe, start check timestamp [ 1ccf04f7f8dd003] did not complete in time: file was not scanned.
2/20/2012 10:25:51 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\rpcss.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e520dc9c]).
2/20/2012 10:25:51 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\IMM32.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e5196270]).
2/20/2012 10:25:51 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\bcryptprimitives.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf050e51c6fbb]).
2/20/2012 10:25:51 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point.
2/20/2012 10:25:51 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf04f7f7c6aa1]) filename continues: "...g\Thunderbird\Profiles\default\jjdok4qr.slt\extensions\{e2fda1a4-762b-4020-b5a"
2/20/2012 10:25:51 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf04f7f7c6aa1]) filename continues: "...d-a41df1933103}\components\calCompositeCalendar.js"
2/20/2012 10:25:51 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Michael Ducharme\AppData\Roamin ..." of process thunderbird.ex, start check timestamp [ 1ccf04f7f7c6aa1] did not complete in time: file was not scanned.
2/20/2012 10:25:51 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.ex ..." of process taskmgr.exe, start check timestamp [ 1ccf04f7f81e8f6] did not complete in time: file was not scanned.
2/20/2012 10:18:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf04fe72286e7]).
2/20/2012 10:18:45 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf04fe71edd59]).
2/20/2012 10:18:43 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf04fe5c42a46]).
2/20/2012 10:18:35 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\WSOCK32.dll" (process spoolsv.exe, start check timestamp [ 1ccf04fe1423ac0]).
2/20/2012 10:18:35 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\icmp.dll" (process spoolsv.exe, start check timestamp [ 1ccf04fe142d703]).
2/20/2012 10:18:35 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\hpzjcd01.dll" (process spoolsv.exe, start check timestamp [ 1ccf04fe141ec9f]).
2/20/2012 10:18:35 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf04fe13f5485]).
2/20/2012 10:18:35 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\drivers\etc\services" (process spoolsv.exe, start check timestamp [ 1ccf04fbd79176c]).
2/20/2012 10:18:29 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Program Files (x86)\desktop.ini" (process firefox.exe, start check timestamp [ 1ccf04fb9b179f1]).
2/20/2012 1:52:44 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...icrosoft\Windows\Start Menu\Programs\Games\Lands of Lore™.lnk" (process prevx.exe, start check timestamp [ 1ccf00936706b50]).
2/20/2012 1:52:41 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Prefetch\Layout.ini" (process prevx.exe, start check timestamp [ 1ccf00910e015e2]).
2/20/2012 1:52:23 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" (process svchost.exe, start check timestamp [ 1ccf0092a067128]).
2/20/2012 1:52:23 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" (process svchost.exe, start check timestamp [ 1ccf0092a064a17]).
2/20/2012 1:52:23 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" (process svchost.exe, start check timestamp [ 1ccf0092a062307]).
2/20/2012 1:52:23 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" (process svchost.exe, start check timestamp [ 1ccf009063f49ab]).
2/18/2012 1:08:36 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_0" (process fshoster32.exe, start check timestamp [ 1ccee0c221988c8]).
2/18/2012 1:08:07 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_4" (process fshoster32.exe, start check timestamp [ 1ccee0c109a0f81]).
2/18/2012 1:08:07 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_4" (process fshoster32.exe, start check timestamp [ 1ccee0c1099e871]).
2/18/2012 1:07:31 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_3" (process fshoster32.exe, start check timestamp [ 1ccee0bfb272d2b]).
2/18/2012 1:06:55 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_2" (process fshoster32.exe, start check timestamp [ 1ccee0be5c6e8ba]).
2/18/2012 1:06:55 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_2" (process fshoster32.exe, start check timestamp [ 1ccee0be5c6c1aa]).
2/18/2012 1:06:53 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_2" (process fshoster32.exe, start check timestamp [ 1ccee0be49c952c]).
2/18/2012 1:06:53 AM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...rs\MICHAE~1\AppData\Local\F-SECU~1\F-SECU~1\RESUME~1\block#_2" (process fshoster32.exe, start check timestamp [ 1ccee0bc0d8c91c]).
.
==== End Of File ===========================

Please let me know how to proceed, thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 24 February 2012 - 11:49 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2012 - 12:48 PM

Hi, combofix ran but the file consrv.dll reappeared on next bootup. It appears during the time when Sophos was disabled there were scheduled tasks added to my scheduled tasks folder "atXX" and I deleted those as they were part of some malware (they appear in the combofix log).

ComboFix 12-02-24.02 - Michael Ducharme 02/24/2012 11:00:00.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5032 [GMT -6:00]
Running from: c:\users\Michael Ducharme\Desktop\ComboFix3.exe
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\hosts
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 17:14 . 2012-02-24 17:14 -------- d-----w- c:\users\Organ 2\AppData\Local\temp
2012-02-24 17:14 . 2012-02-24 17:14 -------- d-----w- c:\users\Mcx1-MICHAEL-PC\AppData\Local\temp
2012-02-24 17:14 . 2012-02-24 17:14 -------- d-----w- c:\users\Ian Doucette\AppData\Local\temp
2012-02-24 17:14 . 2012-02-24 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 17:26 . 2012-02-22 17:26 -------- d-----w- c:\program files (x86)\ESET
2012-02-22 01:32 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-02-21 18:06 . 2012-02-22 02:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-21 18:06 . 2012-02-22 01:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-02-21 17:44 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\BD75.tmp
2012-02-21 17:41 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\FAC1.tmp
2012-02-21 04:33 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\FAC3.tmp
2012-02-21 04:31 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\4E.tmp
2012-02-20 17:15 . 2012-02-20 17:19 -------- d-----w- c:\users\Organ 2\AppData\Roaming\vlc
2012-02-20 16:55 . 2012-02-20 16:55 -------- d-----w- c:\users\Organ 2\AppData\Local\Mozilla
2012-02-20 16:50 . 2012-02-20 16:50 -------- d-----w- c:\users\Organ 2\AppData\Roaming\Cycling '74
2012-02-20 16:44 . 2012-02-20 16:44 -------- d-----w- c:\users\Organ 2\AppData\Roaming\Malwarebytes
2012-02-20 16:06 . 2012-02-20 16:06 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Malwarebytes
2012-02-20 16:05 . 2012-02-20 16:05 -------- d-----w- c:\programdata\Malwarebytes
2012-02-20 16:05 . 2012-02-21 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 16:05 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 15:46 . 2012-02-20 15:47 -------- d-----w- C:\sophos
2012-02-19 03:19 . 2012-02-19 03:19 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-19 03:19 . 2012-02-19 03:19 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-19 03:19 . 2012-02-19 03:19 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-19 03:19 . 2012-02-19 03:19 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-19 03:19 . 2012-02-19 03:19 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-19 03:15 . 2012-02-19 03:15 -------- d--h--w- c:\windows\PIF
2012-02-18 17:29 . 2012-02-24 03:27 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 21:47 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:47 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 04:21 . 2012-02-14 04:21 -------- d-----w- c:\program files (x86)\OSCseq
2012-02-14 03:55 . 2012-02-14 03:58 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Xenakios
2012-02-14 03:09 . 2012-02-14 03:09 -------- d-----w- c:\program files (x86)\Ircam
2012-02-12 18:21 . 2012-02-12 18:21 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Cycling '74
2012-02-11 20:48 . 2012-02-11 20:48 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\hexler
2012-02-07 09:26 . 2012-02-07 09:26 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\AFPClient4Windows
2012-02-05 20:44 . 2012-02-05 20:44 -------- d-----w- c:\program files (x86)\DensityLITE
2012-02-05 01:23 . 2012-02-05 01:23 -------- d-----w- c:\program files (x86)\Liine
2012-02-04 17:23 . 2012-02-04 17:23 -------- d-----w- c:\windows\SysWow64\bassmididrv
2012-02-04 16:58 . 2012-02-19 04:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-02-04 16:52 . 2004-03-31 20:57 -------- d-----w- C:\ARENA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 17:29 . 2011-05-24 20:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2012-01-03 18:52 . 2012-01-03 18:52 212992 ----a-w- c:\windows\SysWow64\ReWire.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-23_05.43.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 17:23 . 2011-01-19 14:29 46320 c:\windows\temp\sophos_autoupdate1.dir\xmltok.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 46320 c:\windows\temp\sophos_autoupdate1.dir\xmltok.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 46320 c:\windows\temp\sophos_autoupdate1.dir\xmlparse.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 46320 c:\windows\temp\sophos_autoupdate1.dir\xmlparse.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 25328 c:\windows\temp\sophos_autoupdate1.dir\SharedRes.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 25328 c:\windows\temp\sophos_autoupdate1.dir\SharedRes.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 28912 c:\windows\temp\sophos_autoupdate1.dir\crypto.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 28912 c:\windows\temp\sophos_autoupdate1.dir\crypto.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 50416 c:\windows\temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 50416 c:\windows\temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll
+ 2012-02-21 08:50 . 2012-02-24 13:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-02-21 08:50 . 2012-02-21 08:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-02-24 06:00 . 2012-02-24 16:52 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022420120225\index.dat
+ 2012-02-24 03:43 . 2012-02-24 05:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022320120224\index.dat
+ 2012-02-24 03:43 . 2012-02-24 03:37 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021320120220\index.dat
- 2012-02-18 17:40 . 2012-02-21 17:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-18 17:40 . 2012-02-24 16:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-10-17 09:21 . 2012-02-23 17:55 58434 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-23 17:55 37926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-17 11:05 . 2012-02-23 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-17 11:05 . 2012-02-22 00:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-17 11:05 . 2012-02-23 17:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-17 11:05 . 2012-02-22 00:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-23 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-22 00:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-23 05:45 . 2011-01-19 14:29 3022 c:\windows\temp\sophos_autoupdate1.dir\scf.dat
+ 2012-02-24 17:23 . 2011-01-19 14:29 3022 c:\windows\temp\sophos_autoupdate1.dir\scf.dat
+ 2012-02-24 15:39 . 2012-02-24 15:39 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9F33AF8-5EFD-11E1-83EA-001E8C8979DE}.dat
+ 2012-02-24 15:24 . 2012-02-24 15:24 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B01ECFA1-5EFB-11E1-83EA-001E8C8979DE}.dat
+ 2012-02-24 16:29 . 2012-02-24 16:29 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB8303A6-5F04-11E1-83EA-001E8C8979DE}.dat
+ 2012-02-24 16:17 . 2012-02-24 16:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13B8C4A2-5F03-11E1-83EA-001E8C8979DE}.dat
+ 2009-10-17 09:18 . 2012-02-23 17:55 8826 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1245066529-788200566-2819897786-1001_UserData.bin
- 2012-02-23 05:39 . 2012-02-23 05:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-24 17:17 . 2012-02-24 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-23 05:39 . 2012-02-23 05:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 17:17 . 2012-02-24 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-23 05:45 . 2011-01-19 14:29 124144 c:\windows\temp\sophos_autoupdate1.dir\xmlcpp.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 124144 c:\windows\temp\sophos_autoupdate1.dir\xmlcpp.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 230640 c:\windows\temp\sophos_autoupdate1.dir\retailer.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 230640 c:\windows\temp\sophos_autoupdate1.dir\retailer.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 348160 c:\windows\temp\sophos_autoupdate1.dir\MSVCR71.DLL
+ 2012-02-24 17:23 . 2011-01-19 14:29 348160 c:\windows\temp\sophos_autoupdate1.dir\MSVCR71.DLL
- 2012-02-23 05:45 . 2011-01-19 14:29 503808 c:\windows\temp\sophos_autoupdate1.dir\MSVCP71.DLL
+ 2012-02-24 17:23 . 2011-01-19 14:29 503808 c:\windows\temp\sophos_autoupdate1.dir\MSVCP71.DLL
- 2012-02-23 05:45 . 2011-01-19 14:29 750832 c:\windows\temp\sophos_autoupdate1.dir\libeay32.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 750832 c:\windows\temp\sophos_autoupdate1.dir\libeay32.dll
+ 2012-02-24 17:23 . 2009-01-28 22:27 159744 c:\windows\temp\sophos_autoupdate1.dir\libcurl.dll
- 2012-02-23 05:45 . 2009-01-28 22:27 159744 c:\windows\temp\sophos_autoupdate1.dir\libcurl.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 181488 c:\windows\temp\sophos_autoupdate1.dir\CidSync.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 181488 c:\windows\temp\sophos_autoupdate1.dir\CidSync.dll
+ 2012-02-24 17:23 . 2011-01-19 14:29 181488 c:\windows\temp\sophos_autoupdate1.dir\ChannelUpdater.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 181488 c:\windows\temp\sophos_autoupdate1.dir\ChannelUpdater.dll
- 2012-02-23 05:45 . 2011-01-19 14:29 644336 c:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exe
+ 2012-02-24 17:23 . 2011-01-19 14:29 644336 c:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exe
- 2012-02-18 17:40 . 2012-02-23 04:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-18 17:40 . 2012-02-24 17:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-24 17:18 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-23 05:40 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-02-23 04:50 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-24 03:18 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-24 03:18 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-23 04:50 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-02-23 17:54 393216 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-05-23 17:35 393216 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-23 05:38 415608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-24 17:16 415608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-24 18:08 . 2012-02-24 17:16 537104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245066529-788200566-2819897786-1001-12288.dat
+ 2009-07-14 04:54 . 2012-02-24 17:18 6078464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-23 05:40 6078464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-24 18:08 . 2012-02-24 17:16 3012432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-24 18:08 . 2012-02-23 05:38 3012432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-12 03:43 . 2012-02-24 17:16 2579700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245066529-788200566-2819897786-1001-8192.dat
+ 2009-07-14 04:54 . 2012-02-24 17:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-23 05:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-21 18:16 . 2012-02-24 17:16 10370572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-20 740216]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-09-29 1135608]
"ZoiperCommunicator"="c:\program files (x86)\Zoiper Communicator\Zoiper.exe" [2011-03-07 7554936]
"F-Secure Hoster"="c:\program files (x86)\f-secure\Online Backup\fshoster32.exe" [2011-11-01 147096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-10-22 53248]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-01-19 439536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" [2010-06-17 110192]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-05-26 826896]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"LemurDaemon"="c:\program files (x86)\Liine\Lemur Daemon.exe" [2011-12-13 459776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
.
c:\users\Michael Ducharme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-6-23 49340]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LoopBe30 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe30\loough.exe [2008-1-21 315256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=bassmididrv\bassmididrv.dll
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [x]
R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [x]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-08-20 6746280]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 molcpeth;MusicLab NDIS MolCpEth Protocol;c:\windows\system32\DRIVERS\molcpeth.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-01-19 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-01-19 97520]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-01-19 1541360]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp_64.sys [x]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2011-03-25 25720]
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);c:\windows\system32\drivers\loopbe30.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;c:\windows\system32\DRIVERS\mlmolcp3.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\At10.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At12.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At14.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At16.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At18.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At2.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At20.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At22.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At24.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At26.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At28.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At30.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At32.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At34.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At36.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At38.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At4.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At40.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At42.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At44.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At46.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At48.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At6.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
2012-02-24 c:\windows\Tasks\At8.job
- c:\windows\system32\58A5T.com_ [2012-02-24 11:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDSPTray1"="hdsp32.exe" [2011-05-06 647680]
"HDSPTray2"="hdspmix.exe" [2011-05-06 1158144]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MolCp3Monitor"="c:\program files\MusicLab\MolCp III\monitor.exe" [2011-03-07 174592]
"combofix"="c:\combofix3\CF26335.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LPDSVC
TMHIDSRV
MpFilter
cmuda
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.85.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files (x86)\QuickTax 2007\ic2007pp.dll
DPF: {B0073133-2D9B-4AC6-8AAC-6EB8E9343040} - hxxp://rmx-mcu.gobcn.ca/EMA.Utils/EMA.ClassLoader/EMA.CLASSLOADER/Release/EMA.ClassLoader.cab
FF - ProfilePath - c:\users\Michael Ducharme\AppData\Roaming\Mozilla\Firefox\Profiles\default.fam\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}"=hex:51,66,7a,6c,4c,1d,38,12,fb,75,f9,
3d,c0,fd,2a,09,db,aa,6a,3a,df,d1,96,21
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\astsrv.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\LxrSII1s.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-02-24 11:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 17:34
ComboFix2.txt 2012-02-23 05:56
ComboFix3.txt 2012-02-21 03:48
.
Pre-Run: 614,354,944 bytes free
Post-Run: 14,554,738,688 bytes free
.
- - End Of File - - 8874CE9302EFC5DBBD2C46E4772381E3

So, same results as last time I ran combofix, consrv.dll still reappears and my system is still infected.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 24 February 2012 - 12:52 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2012 - 01:30 PM

Hi, here is the TDSSKiller log (it found nothing). I tried running aswMBR again like before (a fresh download) and again it crashed on scanning a specific file:

C:\Users\Michael Ducharme\AppData\Local\Apps\2.0\BJT01XA7.7ZM\QNWXPA15.C06\rmxm...app_19f55b95ce1422cf_0007.0001_85dbf83bd8dd2fbf\EMA\EMA.Utils\EMA.Utils.PolycomPlayer\PolycomPlayer\Release\PolycomPlayer.ocx

I removed the entire QNWXPA15.C06 directory (it just contained a bunch of .NET apps that I can reinstall later easily) so that aswMBR can hopefully get past that spot without crashing. It appears it's a bug in aswMBR, maybe it's something to do with all those dots in the path?

Anyhow, here's the TDSSKiller log and if aswMBR actually finishes this time I will follow up with the aswMBR results:

11:56:04.0956 7444 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
11:56:05.0264 7444 ============================================================
11:56:05.0264 7444 Current date / time: 2012/02/24 11:56:05.0264
11:56:05.0264 7444 SystemInfo:
11:56:05.0264 7444
11:56:05.0264 7444 OS Version: 6.1.7601 ServicePack: 1.0
11:56:05.0264 7444 Product type: Workstation
11:56:05.0264 7444 ComputerName: MICHAEL-PC
11:56:05.0264 7444 UserName: Michael Ducharme
11:56:05.0264 7444 Windows directory: C:\Windows
11:56:05.0264 7444 System windows directory: C:\Windows
11:56:05.0264 7444 Running under WOW64
11:56:05.0264 7444 Processor architecture: Intel x64
11:56:05.0264 7444 Number of processors: 4
11:56:05.0264 7444 Page size: 0x1000
11:56:05.0264 7444 Boot type: Normal boot
11:56:05.0264 7444 ============================================================
11:56:07.0850 7444 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x17A84B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
11:56:07.0854 7444 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:56:07.0863 7444 \Device\Harddisk0\DR0:
11:56:07.0863 7444 MBR used
11:56:07.0863 7444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:56:07.0863 7444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
11:56:07.0863 7444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x8A096000
11:56:07.0863 7444 \Device\Harddisk1\DR1:
11:56:07.0864 7444 MBR used
11:56:07.0864 7444 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:56:08.0020 7444 Initialize success
11:56:08.0021 7444 ============================================================
11:56:17.0029 6900 ============================================================
11:56:17.0029 6900 Scan started
11:56:17.0029 6900 Mode: Manual;
11:56:17.0029 6900 ============================================================
11:56:19.0982 6900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:56:19.0991 6900 1394ohci - ok
11:56:20.0375 6900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:56:20.0391 6900 ACPI - ok
11:56:20.0702 6900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:56:20.0724 6900 AcpiPmi - ok
11:56:21.0033 6900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:56:21.0046 6900 adp94xx - ok
11:56:21.0145 6900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:56:21.0158 6900 adpahci - ok
11:56:21.0360 6900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:56:21.0373 6900 adpu320 - ok
11:56:21.0774 6900 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:56:21.0829 6900 AFD - ok
11:56:22.0432 6900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:56:22.0456 6900 agp440 - ok
11:56:22.0847 6900 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\drivers\aksdf.sys
11:56:22.0863 6900 aksdf - ok
11:56:23.0037 6900 aksfridge (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\drivers\aksfridge.sys
11:56:23.0052 6900 aksfridge - ok
11:56:23.0187 6900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:56:23.0202 6900 aliide - ok
11:56:23.0374 6900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:56:23.0392 6900 amdide - ok
11:56:23.0443 6900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:56:23.0455 6900 AmdK8 - ok
11:56:24.0346 6900 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:56:24.0656 6900 amdkmdag - ok
11:56:25.0085 6900 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
11:56:25.0087 6900 amdkmdap - ok
11:56:25.0228 6900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:56:25.0238 6900 AmdPPM - ok
11:56:25.0417 6900 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
11:56:25.0432 6900 amdsata - ok
11:56:25.0525 6900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:56:25.0536 6900 amdsbs - ok
11:56:25.0804 6900 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
11:56:25.0814 6900 amdxata - ok
11:56:25.0878 6900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:56:25.0890 6900 AppID - ok
11:56:26.0016 6900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:56:26.0026 6900 arc - ok
11:56:26.0133 6900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:56:26.0143 6900 arcsas - ok
11:56:26.0294 6900 AsIO - ok
11:56:26.0433 6900 AsUpIO - ok
11:56:26.0516 6900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:56:26.0524 6900 AsyncMac - ok
11:56:26.0789 6900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:56:26.0798 6900 atapi - ok
11:56:26.0916 6900 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:56:26.0916 6900 AtiHDAudioService - ok
11:56:27.0133 6900 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
11:56:27.0134 6900 AtiHdmiService - ok
11:56:28.0315 6900 atikmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
11:56:28.0359 6900 atikmdag - ok
11:56:28.0699 6900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:56:28.0710 6900 b06bdrv - ok
11:56:28.0839 6900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:56:28.0847 6900 b57nd60a - ok
11:56:28.0967 6900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:56:28.0977 6900 Beep - ok
11:56:29.0144 6900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:56:29.0153 6900 blbdrive - ok
11:56:29.0218 6900 bmdrvr - ok
11:56:29.0398 6900 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:56:29.0408 6900 bowser - ok
11:56:29.0454 6900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:56:29.0463 6900 BrFiltLo - ok
11:56:29.0553 6900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:56:29.0561 6900 BrFiltUp - ok
11:56:29.0815 6900 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:56:29.0828 6900 BridgeMP - ok
11:56:29.0977 6900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:56:29.0987 6900 Brserid - ok
11:56:30.0111 6900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:56:30.0120 6900 BrSerWdm - ok
11:56:30.0295 6900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:56:30.0303 6900 BrUsbMdm - ok
11:56:30.0405 6900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:56:30.0413 6900 BrUsbSer - ok
11:56:30.0487 6900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:56:30.0494 6900 BTHMODEM - ok
11:56:30.0812 6900 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
11:56:30.0817 6900 CamDrL64 - ok
11:56:30.0898 6900 catchme - ok
11:56:30.0964 6900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:56:30.0974 6900 cdfs - ok
11:56:31.0130 6900 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:56:31.0146 6900 cdrom - ok
11:56:31.0209 6900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:56:31.0217 6900 circlass - ok
11:56:31.0333 6900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:56:31.0347 6900 CLFS - ok
11:56:31.0671 6900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:56:31.0678 6900 CmBatt - ok
11:56:31.0752 6900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:56:31.0769 6900 cmdide - ok
11:56:31.0959 6900 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:56:31.0976 6900 CNG - ok
11:56:32.0022 6900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:56:32.0031 6900 Compbatt - ok
11:56:32.0260 6900 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:56:32.0274 6900 CompositeBus - ok
11:56:32.0582 6900 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
11:56:32.0594 6900 cpuz135 - ok
11:56:32.0688 6900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:56:32.0697 6900 crcdisk - ok
11:56:32.0867 6900 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:56:33.0068 6900 CSC - ok
11:56:33.0856 6900 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
11:56:33.0874 6900 CVirtA - ok
11:56:34.0205 6900 CVPNDRVA (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:56:34.0260 6900 CVPNDRVA - ok
11:56:34.0575 6900 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
11:56:34.0602 6900 dc3d - ok
11:56:34.0877 6900 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:56:34.0893 6900 DfsC - ok
11:56:35.0091 6900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:56:35.0104 6900 discache - ok
11:56:35.0185 6900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:56:35.0195 6900 Disk - ok
11:56:35.0621 6900 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
11:56:35.0631 6900 DNE - ok
11:56:35.0919 6900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:56:35.0927 6900 drmkaud - ok
11:56:36.0519 6900 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:56:36.0533 6900 dtsoftbus01 - ok
11:56:36.0949 6900 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
11:56:36.0963 6900 dvdfab - ok
11:56:37.0248 6900 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:56:37.0382 6900 DXGKrnl - ok
11:56:37.0964 6900 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:56:37.0972 6900 E1G60 - ok
11:56:38.0802 6900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:56:39.0015 6900 ebdrv - ok
11:56:39.0625 6900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:56:39.0641 6900 elxstor - ok
11:56:40.0280 6900 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
11:56:40.0296 6900 epmntdrv - ok
11:56:40.0434 6900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:56:40.0445 6900 ErrDev - ok
11:56:40.0636 6900 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
11:56:40.0648 6900 EuGdiDrv - ok
11:56:40.0897 6900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:56:40.0912 6900 exfat - ok
11:56:41.0072 6900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:56:41.0084 6900 fastfat - ok
11:56:41.0186 6900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:56:41.0193 6900 fdc - ok
11:56:41.0361 6900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:56:41.0377 6900 FileInfo - ok
11:56:41.0419 6900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:56:41.0429 6900 Filetrace - ok
11:56:41.0890 6900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:41.0898 6900 flpydisk - ok
11:56:42.0039 6900 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:56:42.0155 6900 FltMgr - ok
11:56:42.0681 6900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:56:42.0700 6900 FsDepends - ok
11:56:42.0843 6900 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
11:56:42.0844 6900 fssfltr - ok
11:56:42.0949 6900 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:56:42.0958 6900 Fs_Rec - ok
11:56:43.0095 6900 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:56:43.0132 6900 fvevol - ok
11:56:43.0164 6900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:43.0173 6900 gagp30kx - ok
11:56:43.0329 6900 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:56:43.0342 6900 GEARAspiWDM - ok
11:56:43.0451 6900 GENERICDRV - ok
11:56:43.0576 6900 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
11:56:43.0607 6900 hardlock - ok
11:56:43.0691 6900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:56:43.0700 6900 hcw85cir - ok
11:56:43.0935 6900 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:56:43.0974 6900 HdAudAddService - ok
11:56:44.0083 6900 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:56:44.0094 6900 HDAudBus - ok
11:56:44.0191 6900 hdsp (15cb8517d4af55ff9a99353c7e78285c) C:\Windows\system32\drivers\hdsp_64.sys
11:56:44.0219 6900 hdsp - ok
11:56:44.0455 6900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:44.0463 6900 HidBatt - ok
11:56:44.0599 6900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:56:44.0608 6900 HidBth - ok
11:56:44.0666 6900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:56:44.0675 6900 HidIr - ok
11:56:44.0753 6900 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:56:44.0763 6900 HidUsb - ok
11:56:44.0849 6900 HPFXBULK (dbd2bb97a574fc565b1eb5c0a03f917a) C:\Windows\system32\drivers\hpfx64bulk.sys
11:56:44.0849 6900 HPFXBULK - ok
11:56:44.0885 6900 HPFXFAX (219c2a07fd07023d3905c332bf6f9ba8) C:\Windows\system32\drivers\hpfx64fax.sys
11:56:44.0885 6900 HPFXFAX - ok
11:56:45.0081 6900 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:56:45.0096 6900 HpSAMD - ok
11:56:45.0286 6900 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:56:45.0299 6900 HTTP - ok
11:56:45.0519 6900 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:56:45.0535 6900 hwpolicy - ok
11:56:45.0695 6900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:56:45.0708 6900 i8042prt - ok
11:56:46.0052 6900 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:56:46.0054 6900 iaStor - ok
11:56:46.0205 6900 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
11:56:46.0263 6900 iaStorV - ok
11:56:46.0601 6900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:56:46.0610 6900 iirsp - ok
11:56:46.0820 6900 iLokDrvr (f37e4dc8efc72aee6cefee2dad00abd0) C:\Windows\system32\DRIVERS\iLokDrvr.sys
11:56:46.0835 6900 iLokDrvr - ok
11:56:46.0981 6900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:56:46.0999 6900 intelide - ok
11:56:47.0080 6900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:56:47.0093 6900 intelppm - ok
11:56:47.0177 6900 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:56:47.0190 6900 IpFilterDriver - ok
11:56:47.0343 6900 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:56:47.0353 6900 IPMIDRV - ok
11:56:47.0391 6900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:56:47.0400 6900 IPNAT - ok
11:56:47.0636 6900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:56:47.0648 6900 IRENUM - ok
11:56:47.0735 6900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:56:47.0748 6900 isapnp - ok
11:56:47.0863 6900 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:56:47.0953 6900 iScsiPrt - ok
11:56:48.0122 6900 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
11:56:48.0146 6900 JRAID - ok
11:56:48.0236 6900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:56:48.0257 6900 kbdclass - ok
11:56:48.0435 6900 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:56:48.0447 6900 kbdhid - ok
11:56:48.0535 6900 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:56:48.0547 6900 KSecDD - ok
11:56:48.0664 6900 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:56:48.0678 6900 KSecPkg - ok
11:56:48.0803 6900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:56:48.0813 6900 ksthunk - ok
11:56:49.0024 6900 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
11:56:49.0024 6900 L8042Kbd - ok
11:56:49.0193 6900 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:56:49.0194 6900 LHidFilt - ok
11:56:49.0307 6900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:56:49.0315 6900 lltdio - ok
11:56:49.0390 6900 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:56:49.0390 6900 LMouFilt - ok
11:56:49.0516 6900 LoopBe30 (d25f4fb8bc046e9c8b8ec6ed2b2016d3) C:\Windows\system32\drivers\loopbe30.sys
11:56:49.0528 6900 LoopBe30 - ok
11:56:49.0686 6900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:56:49.0696 6900 LSI_FC - ok
11:56:49.0836 6900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:56:49.0847 6900 LSI_SAS - ok
11:56:49.0933 6900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:56:49.0943 6900 LSI_SAS2 - ok
11:56:50.0066 6900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:56:50.0077 6900 LSI_SCSI - ok
11:56:50.0505 6900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:56:50.0517 6900 luafv - ok
11:56:50.0773 6900 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
11:56:50.0774 6900 LUsbFilt - ok
11:56:50.0948 6900 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
11:56:50.0949 6900 LVUSBS64 - ok
11:56:51.0164 6900 LxrSII1d (9db17b1dd76cf0fd0bb3da5f1da078c2) C:\Windows\System32\Drivers\LxrSII1d.sys
11:56:51.0180 6900 LxrSII1d - ok
11:56:51.0439 6900 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:56:51.0440 6900 MBAMProtector - ok
11:56:51.0522 6900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:56:51.0531 6900 megasas - ok
11:56:51.0636 6900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:56:51.0648 6900 MegaSR - ok
11:56:51.0759 6900 mlmolcp3 (17a305968e8e11c4f6e0b0c40cdc1dce) C:\Windows\system32\DRIVERS\mlmolcp3.sys
11:56:51.0782 6900 mlmolcp3 - ok
11:56:52.0239 6900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:56:52.0249 6900 Modem - ok
11:56:53.0019 6900 molcpeth (c5bde021ce3a9fab97f6182e3e9cce15) C:\Windows\system32\DRIVERS\molcpeth.sys
11:56:53.0035 6900 molcpeth - ok
11:56:53.0623 6900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:56:53.0632 6900 monitor - ok
11:56:54.0071 6900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:56:54.0086 6900 mouclass - ok
11:56:54.0599 6900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:56:54.0609 6900 mouhid - ok
11:56:54.0913 6900 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:56:54.0963 6900 mountmgr - ok
11:56:55.0062 6900 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:56:55.0106 6900 mpio - ok
11:56:55.0196 6900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:56:55.0206 6900 mpsdrv - ok
11:56:55.0486 6900 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:56:55.0502 6900 MRxDAV - ok
11:56:55.0804 6900 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:56:55.0814 6900 mrxsmb - ok
11:56:56.0028 6900 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:56:56.0040 6900 mrxsmb10 - ok
11:56:56.0143 6900 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:56:56.0159 6900 mrxsmb20 - ok
11:56:56.0726 6900 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
11:56:56.0738 6900 msahci - ok
11:56:57.0135 6900 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:56:57.0152 6900 msdsm - ok
11:56:57.0633 6900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:56:57.0641 6900 Msfs - ok
11:56:57.0720 6900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:56:57.0738 6900 mshidkmdf - ok
11:56:57.0820 6900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:56:57.0833 6900 msisadrv - ok
11:56:57.0880 6900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:56:57.0891 6900 MSKSSRV - ok
11:56:57.0950 6900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:56:57.0961 6900 MSPCLOCK - ok
11:56:58.0048 6900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:56:58.0062 6900 MSPQM - ok
11:56:58.0379 6900 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:56:58.0537 6900 MsRPC - ok
11:56:58.0765 6900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:56:58.0774 6900 mssmbios - ok
11:56:58.0985 6900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:56:58.0995 6900 MSTEE - ok
11:56:59.0091 6900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:56:59.0100 6900 MTConfig - ok
11:56:59.0278 6900 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
11:56:59.0298 6900 MTsensor - ok
11:56:59.0380 6900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:56:59.0393 6900 Mup - ok
11:56:59.0511 6900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:56:59.0665 6900 NativeWifiP - ok
11:56:59.0825 6900 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:56:59.0847 6900 NDIS - ok
11:56:59.0907 6900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:56:59.0919 6900 NdisCap - ok
11:57:00.0059 6900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:57:00.0073 6900 NdisTapi - ok
11:57:00.0287 6900 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:57:00.0298 6900 Ndisuio - ok
11:57:00.0401 6900 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:57:00.0416 6900 NdisWan - ok
11:57:00.0746 6900 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:57:00.0766 6900 NDProxy - ok
11:57:01.0025 6900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:57:01.0037 6900 NetBIOS - ok
11:57:01.0207 6900 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:57:01.0278 6900 NetBT - ok
11:57:01.0439 6900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:57:01.0447 6900 nfrd960 - ok
11:57:01.0670 6900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:57:01.0682 6900 Npfs - ok
11:57:01.0799 6900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:57:01.0810 6900 nsiproxy - ok
11:57:02.0093 6900 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
11:57:02.0719 6900 Ntfs - ok
11:57:02.0953 6900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:57:02.0967 6900 Null - ok
11:57:03.0175 6900 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
11:57:03.0212 6900 nvraid - ok
11:57:03.0374 6900 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
11:57:03.0393 6900 nvstor - ok
11:57:03.0793 6900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:57:03.0807 6900 nv_agp - ok
11:57:03.0951 6900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:57:03.0963 6900 ohci1394 - ok
11:57:04.0328 6900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:57:04.0336 6900 Parport - ok
11:57:04.0512 6900 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:57:04.0527 6900 partmgr - ok
11:57:04.0723 6900 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:57:04.0734 6900 pci - ok
11:57:04.0785 6900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:57:04.0803 6900 pciide - ok
11:57:04.0915 6900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:57:04.0926 6900 pcmcia - ok
11:57:05.0189 6900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:57:05.0200 6900 pcw - ok
11:57:05.0393 6900 PdiPorts (c65cebc504de95212232213010db9a51) C:\Windows\system32\DRIVERS\PdiPorts.sys
11:57:05.0394 6900 PdiPorts - ok
11:57:05.0692 6900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:57:05.0836 6900 PEAUTH - ok
11:57:05.0953 6900 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:57:05.0966 6900 Point64 - ok
11:57:06.0058 6900 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:57:06.0068 6900 PptpMiniport - ok
11:57:06.0127 6900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:57:06.0137 6900 Processor - ok
11:57:06.0345 6900 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:57:06.0368 6900 Psched - ok
11:57:06.0650 6900 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
11:57:06.0665 6900 pxkbf - ok
11:57:06.0764 6900 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
11:57:06.0777 6900 pxrts - ok
11:57:06.0885 6900 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
11:57:06.0902 6900 pxscan - ok
11:57:07.0200 6900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:57:07.0223 6900 ql2300 - ok
11:57:07.0264 6900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:57:07.0275 6900 ql40xx - ok
11:57:07.0337 6900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:57:07.0347 6900 QWAVEdrv - ok
11:57:07.0374 6900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:57:07.0387 6900 RasAcd - ok
11:57:07.0444 6900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:57:07.0453 6900 RasAgileVpn - ok
11:57:07.0668 6900 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:57:07.0678 6900 Rasl2tp - ok
11:57:07.0722 6900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:57:07.0734 6900 RasPppoe - ok
11:57:07.0844 6900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:57:07.0869 6900 RasSstp - ok
11:57:08.0032 6900 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:57:08.0061 6900 rdbss - ok
11:57:08.0172 6900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:57:08.0181 6900 rdpbus - ok
11:57:08.0339 6900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:57:08.0359 6900 RDPCDD - ok
11:57:08.0517 6900 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:57:08.0525 6900 RDPDR - ok
11:57:08.0646 6900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:57:08.0661 6900 RDPENCDD - ok
11:57:08.0877 6900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:57:08.0893 6900 RDPREFMP - ok
11:57:09.0046 6900 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:57:09.0056 6900 RDPWD - ok
11:57:09.0160 6900 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:57:09.0196 6900 rdyboost - ok
11:57:09.0546 6900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:57:09.0557 6900 rspndr - ok
11:57:09.0886 6900 RTL8187 (1c546ea56a06b773a52ee48e0205072d) C:\Windows\system32\DRIVERS\RTL8187.sys
11:57:09.0897 6900 RTL8187 - ok
11:57:09.0978 6900 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:57:09.0994 6900 s3cap - ok
11:57:10.0171 6900 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys
11:57:10.0183 6900 SAVOnAccess - ok
11:57:10.0857 6900 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
11:57:10.0870 6900 sbp2port - ok
11:57:11.0029 6900 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:57:11.0043 6900 scfilter - ok
11:57:11.0244 6900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:57:11.0256 6900 secdrv - ok
11:57:11.0485 6900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:57:11.0493 6900 Serenum - ok
11:57:11.0667 6900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:57:11.0675 6900 Serial - ok
11:57:11.0956 6900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:57:11.0973 6900 sermouse - ok
11:57:12.0075 6900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:57:12.0091 6900 sffdisk - ok
11:57:12.0129 6900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:57:12.0142 6900 sffp_mmc - ok
11:57:12.0203 6900 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:57:12.0230 6900 sffp_sd - ok
11:57:12.0365 6900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:57:12.0373 6900 sfloppy - ok
11:57:12.0595 6900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:57:12.0607 6900 SiSRaid2 - ok
11:57:12.0727 6900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:57:12.0738 6900 SiSRaid4 - ok
11:57:12.0840 6900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:57:12.0853 6900 Smb - ok
11:57:13.0454 6900 snapman (427c2b34bf4dd4f813da4c0df154cc94) C:\Windows\system32\DRIVERS\snapman.sys
11:57:13.0481 6900 snapman - ok
11:57:13.0999 6900 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
11:57:14.0014 6900 SophosBootDriver - ok
11:57:14.0258 6900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:57:14.0278 6900 spldr - ok
11:57:15.0052 6900 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:57:15.0054 6900 srv - ok
11:57:15.0430 6900 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:57:15.0631 6900 srv2 - ok
11:57:15.0924 6900 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:57:15.0925 6900 srvnet - ok
11:57:16.0028 6900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:57:16.0041 6900 stexstor - ok
11:57:16.0178 6900 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:57:16.0178 6900 StillCam - ok
11:57:16.0860 6900 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:57:16.0901 6900 storflt - ok
11:57:17.0593 6900 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:57:17.0609 6900 storvsc - ok
11:57:17.0833 6900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:57:17.0844 6900 swenum - ok
11:57:18.0041 6900 sxuptp - ok
11:57:18.0158 6900 SynasUSB (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\drivers\SynUSB64.sys
11:57:18.0159 6900 SynasUSB - ok
11:57:18.0195 6900 synusb64 (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\DRIVERS\synusb64.sys
11:57:18.0195 6900 synusb64 - ok
11:57:18.0880 6900 TASCAM_US122144 (1460892367c95da528984a6e52005b0b) C:\Windows\system32\Drivers\tascusb2.sys
11:57:18.0883 6900 TASCAM_US122144 - ok
11:57:19.0221 6900 TASCAM_US122L_MIDI (6deb3137be8a9aed6aa65ba1991076a9) C:\Windows\system32\drivers\tscusb2m.sys
11:57:19.0221 6900 TASCAM_US122L_MIDI - ok
11:57:19.0353 6900 TASCAM_US122L_WDM (273ac08e2145759d57cc16740598b7f2) C:\Windows\system32\drivers\tscusb2a.sys
11:57:19.0354 6900 TASCAM_US122L_WDM - ok
11:57:19.0651 6900 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:57:19.0916 6900 Tcpip - ok
11:57:20.0104 6900 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:57:20.0113 6900 TCPIP6 - ok
11:57:20.0352 6900 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:57:20.0362 6900 tcpipreg - ok
11:57:20.0415 6900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:57:20.0423 6900 TDPIPE - ok
11:57:20.0462 6900 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:57:20.0470 6900 TDTCP - ok
11:57:20.0526 6900 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:57:20.0544 6900 tdx - ok
11:57:20.0952 6900 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:57:20.0965 6900 TermDD - ok
11:57:21.0102 6900 Tpkd (832f9d02b20de69c52e81dbe13599ee1) C:\Windows\system32\drivers\Tpkd.sys
11:57:21.0118 6900 Tpkd - ok
11:57:21.0333 6900 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:57:21.0341 6900 tssecsrv - ok
11:57:21.0546 6900 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:57:21.0562 6900 TsUsbFlt - ok
11:57:21.0767 6900 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:57:21.0779 6900 tunnel - ok
11:57:22.0268 6900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:57:22.0279 6900 uagp35 - ok
11:57:22.0740 6900 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:57:22.0779 6900 udfs - ok
11:57:22.0863 6900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:57:22.0875 6900 uliagpkx - ok
11:57:23.0031 6900 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:57:23.0047 6900 umbus - ok
11:57:23.0255 6900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:57:23.0264 6900 UmPass - ok
11:57:23.0339 6900 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:57:23.0355 6900 USBAAPL64 - ok
11:57:23.0444 6900 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:57:23.0455 6900 usbaudio - ok
11:57:23.0536 6900 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
11:57:23.0549 6900 usbccgp - ok
11:57:23.0585 6900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:57:23.0602 6900 usbcir - ok
11:57:23.0827 6900 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:57:23.0835 6900 usbehci - ok
11:57:23.0927 6900 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
11:57:23.0983 6900 usbhub - ok
11:57:24.0049 6900 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:57:24.0055 6900 usbohci - ok
11:57:24.0091 6900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:57:24.0098 6900 usbprint - ok
11:57:24.0197 6900 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:57:24.0197 6900 usbscan - ok
11:57:24.0356 6900 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:57:24.0474 6900 USBSTOR - ok
11:57:24.0761 6900 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:57:24.0771 6900 usbuhci - ok
11:57:24.0881 6900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:57:24.0894 6900 vdrvroot - ok
11:57:24.0941 6900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:57:24.0949 6900 vga - ok
11:57:25.0041 6900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:57:25.0057 6900 VgaSave - ok
11:57:25.0166 6900 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:57:25.0232 6900 vhdmp - ok
11:57:25.0301 6900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:57:25.0320 6900 viaide - ok
11:57:25.0383 6900 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:57:25.0432 6900 vmbus - ok
11:57:25.0503 6900 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:57:25.0516 6900 VMBusHID - ok
11:57:25.0721 6900 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:57:25.0735 6900 volmgr - ok
11:57:25.0849 6900 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:57:25.0939 6900 volmgrx - ok
11:57:26.0079 6900 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:57:26.0135 6900 volsnap - ok
11:57:26.0383 6900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:57:26.0396 6900 vsmraid - ok
11:57:26.0430 6900 vstor2-mntapi10-shared - ok
11:57:26.0555 6900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:57:26.0574 6900 vwifibus - ok
11:57:26.0681 6900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:57:26.0688 6900 WacomPen - ok
11:57:26.0781 6900 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:57:26.0792 6900 WANARP - ok
11:57:26.0832 6900 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:57:26.0833 6900 Wanarpv6 - ok
11:57:26.0939 6900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:57:26.0950 6900 Wd - ok
11:57:27.0153 6900 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
11:57:27.0154 6900 WDC_SAM - ok
11:57:27.0285 6900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:57:27.0504 6900 Wdf01000 - ok
11:57:27.0551 6900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:57:27.0560 6900 WfpLwf - ok
11:57:27.0641 6900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:57:27.0652 6900 WIMMount - ok
11:57:27.0959 6900 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:57:27.0972 6900 WinUsb - ok
11:57:28.0108 6900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:57:28.0118 6900 WmiAcpi - ok
11:57:28.0693 6900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:57:28.0707 6900 ws2ifsl - ok
11:57:29.0484 6900 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:57:29.0496 6900 WudfPf - ok
11:57:29.0795 6900 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:57:29.0822 6900 WUDFRd - ok
11:57:29.0972 6900 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:57:29.0982 6900 yukonw7 - ok
11:57:30.0053 6900 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:57:30.0220 6900 \Device\Harddisk0\DR0 - ok
11:57:30.0224 6900 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:57:30.0226 6900 \Device\Harddisk1\DR1 - ok
11:57:30.0230 6900 Boot (0x1200) (8f58033a8be8047705dfa1ff385d9336) \Device\Harddisk0\DR0\Partition0
11:57:30.0237 6900 \Device\Harddisk0\DR0\Partition0 - ok
11:57:30.0401 6900 Boot (0x1200) (8dc9733b3e35c7ed774a2663cdeeabd3) \Device\Harddisk0\DR0\Partition1
11:57:30.0409 6900 \Device\Harddisk0\DR0\Partition1 - ok
11:57:30.0422 6900 Boot (0x1200) (f298a00c1b8e5fe0eb930ec857a1cc69) \Device\Harddisk0\DR0\Partition2
11:57:30.0428 6900 \Device\Harddisk0\DR0\Partition2 - ok
11:57:30.0433 6900 Boot (0x1200) (e96afbb1fd98653d65b93615531ddb44) \Device\Harddisk1\DR1\Partition0
11:57:30.0434 6900 \Device\Harddisk1\DR1\Partition0 - ok
11:57:30.0434 6900 ============================================================
11:57:30.0434 6900 Scan finished
11:57:30.0434 6900 ============================================================
11:57:30.0443 6764 Detected object count: 0
11:57:30.0443 6764 Actual detected object count: 0
11:58:18.0944 1168 Deinitialize success


Again, I will post with the aswMBR results if it can now get through everything without crashing.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 24 February 2012 - 01:50 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2012 - 01:54 PM

Since I deleted that directory, aswMBR has gone past it and is continuing to scan.. if it is ok I will go ahead and let that finish and paste the results before doing the other thing.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 24 February 2012 - 02:07 PM

yes I will wait for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 25 February 2012 - 07:18 AM

Hi, unfortunately I discovered aswMBR is randomly blue screening my computer during the scan so I had to give up on it. Here is the FRST log:

Scan result of Farbar Recovery Scan Tool Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-25 06:01:12
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [HDSPTray1] hdsp32.exe [x]
HKLM\...\Run: [HDSPTray2] hdspmix.exe [x]
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MolCp3Monitor] C:\Program Files\MusicLab\MolCp III\monitor.exe [174592 2011-03-06] (MusicLab, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [439536 2011-01-19] (Sophos Plc)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" -delay=10 [110192 2010-06-17] ()
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [826896 2011-05-26] (GlavSoft LLC.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe [459776 2011-12-13] (Liine)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3865504 2012-02-07] (Safer-Networking Ltd.)
HKU\Ian Doucette\...\Run: [googletalk] C:\Users\Ian Doucette\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Ian Doucette\...\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKU\Ian Doucette\...\Policies\system: [LogonHoursAction] 2
HKU\Ian Doucette\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-MICHAEL-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Michael Ducharme\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-20] (BitTorrent, Inc.)
HKU\Michael Ducharme\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKU\Michael Ducharme\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Michael Ducharme\...\Run: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [1135608 2011-09-29] (Fengtao Software Inc.)
HKU\Michael Ducharme\...\Run: [ZoiperCommunicator] C:\Program Files (x86)\Zoiper Communicator\Zoiper.exe [7554936 2011-03-07] ()
HKU\Michael Ducharme\...\Run: [F-Secure Hoster] "C:\Program Files (x86)\f-secure\Online Backup\fshoster32.exe" -app -pointappfamily:300 -hosterid:1 [147096 2011-11-01] (F-Secure Corporation)
HKU\Michael Ducharme\...\Policies\system: [LogonHoursAction] 2
HKU\Michael Ducharme\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Organ 2\...\Policies\system: [LogonHoursAction] 2
HKU\Organ 2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.85.1
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll

==================== Services (Whitelisted) ======

2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
4 cmuda; C:\Windows\System32\AlKernel.dll [6656 2009-07-13] (Oak Technology Inc.)
2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2011-08-20] (Prevx)
2 CVPND; "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [1529856 2011-03-04] (Cisco Systems, Inc.)
2 hasplms; C:\Windows\system32\hasplms.exe -run [4180576 2010-09-27] (SafeNet Inc.)
2 LPDSVC; C:\Windows\System32\imap4d32.dll [6656 2009-07-13] (Oak Technology Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 OS Selector; "C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe" [2139400 2010-05-25] ()
2 PdiService; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
2 SAVAdminService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2011-01-19] (Sophos Plc)
2 SAVService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2011-01-19] (Sophos Plc)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1181104 2012-02-07] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1185704 2012-02-07] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-02-07] (Safer-Networking Ltd.)
2 Sophos AutoUpdate Service; "C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe" [230640 2011-01-19] (Sophos Plc)
2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [1541360 2011-01-19] (Sophos Plc)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-01-19] (TeamViewer GmbH)
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [826896 2011-05-26] (GlavSoft LLC.)
2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6285 2012-01-14] ()
2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4291 2012-01-14] ()
2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6897 2012-01-14] ()
2 astcc; C:\Windows\system32\astsrv.exe [x]
2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [x]

========================== Drivers (Whitelisted) =============

2 aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [75648 2010-07-27] (SafeNet Inc.)
2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [131072 2010-09-27] (SafeNet Inc.)
1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-14] (VMware, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 CamDrL64; C:\Windows\System32\DRIVERS\CamDrL64.sys [955680 2007-02-03] (Logitech Inc.)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.)
3 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-08-31] (DT Soft Ltd)
3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [318464 2009-03-13] (Aladdin Knowledge Systems Ltd.)
3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [101376 2011-05-05] (RME)
3 HPFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2007-07-16] (Hewlett Packard)
3 HPFXFAX; C:\Windows\System32\drivers\hpfx64fax.sys [23064 2007-07-16] (Hewlett Packard)
3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25720 2011-03-24] ()
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [109480 2009-07-18] (JMicron Technology Corp.)
3 L8042Kbd; C:\Windows\System32\DRIVERS\L8042Kbd.sys [30736 2009-06-17] (Logitech, Inc.)
3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [55312 2009-06-17] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57872 2009-06-17] (Logitech, Inc.)
3 LoopBe30; C:\Windows\System32\drivers\loopbe30.sys [16384 2008-01-21] (nerds.de)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [40976 2009-06-17] (Logitech, Inc.)
2 LxrSII1d; \??\C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 mlmolcp3; C:\Windows\System32\DRIVERS\mlmolcp3.sys [81872 2011-03-06] (MusicLab, Inc.)
2 molcpeth; C:\Windows\System32\DRIVERS\molcpeth.sys [95184 2011-03-06] (MusicLab, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
3 pxkbf; C:\Windows\System32\drivers\pxkbf.sys [24024 2011-08-20] (Prevx)
1 pxrts; C:\Windows\System32\drivers\pxrts.sys [65736 2011-08-20] (Prevx)
0 pxscan; C:\Windows\System32\drivers\pxscan.sys [36384 2011-08-20] (Prevx)
1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [142328 2011-01-19] (Sophos Plc)
0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [276576 2011-09-29] (Acronis)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2010-06-24] (Sophos Plc)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [479296 2010-01-15] (TASCAM)
3 TASCAM_US122L_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2010-01-15] (TASCAM)
3 TASCAM_US122L_WDM; C:\Windows\System32\drivers\tscusb2a.sys [49216 2010-01-15] (TASCAM)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2011-03-24] (PACE Anti-Piracy, Inc.)
2 vstor2-mntapi10-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi10-shared.sys [33392 2011-07-12] (VMware, Inc.)
3 catchme; \??\C:\ComboFix3\catchme.sys [x]
3 GENERICDRV; \??\C:\Users\Michael Ducharme\Downloads\bios\amiflash\amiflash\aptio\afuwin64\amifldrv64.sys [x]
3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: LPDSVC
NETSVC: TMHIDSRV
NETSVC: MpFilter
NETSVC: cmuda

============ One Month Created Files and Folders ==============

2012-02-25 06:00 - 2012-02-25 06:01 - 0000000 ____D C:\FRST
2012-02-24 11:20 - 2012-02-24 11:20 - 0000234 ____A C:\Users\Michael Ducharme\AppData\Roaming\Safer-Networking.log
2012-02-24 09:56 - 2012-02-24 09:58 - 0091780 ____A C:\TDSSKiller.2.7.14.0_24.02.2012_11.56.04_log.txt
2012-02-24 09:55 - 2012-02-24 09:55 - 2062896 ____A (Kaspersky Lab ZAO) C:\Users\Michael Ducharme\Desktop\tdsskiller.exe
2012-02-24 09:34 - 2012-02-24 09:34 - 0041114 ____A C:\ComboFix.txt
2012-02-24 09:20 - 2012-02-24 09:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-24 09:14 - 2012-02-24 09:20 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-24 08:52 - 2012-02-24 08:52 - 4419501 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix3.exe
2012-02-24 08:22 - 2012-02-24 08:22 - 0607260 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\dds.scr
2012-02-24 08:20 - 2012-02-24 08:20 - 0050477 ____A C:\Users\Michael Ducharme\Downloads\Defogger.exe
2012-02-24 08:20 - 2012-02-24 08:20 - 0000168 ____A C:\Users\Michael Ducharme\defogger_reenable
2012-02-23 16:12 - 2012-02-23 16:12 - 12112204 ____A C:\Users\Michael Ducharme\Documents\ICM mid-term opening music.aif
2012-02-23 04:40 - 2012-02-23 04:40 - 0017240 ____A C:\Users\Michael Ducharme\Documents\hijackthis.log
2012-02-23 03:37 - 2012-02-23 03:41 - 0017240 ____A C:\Users\Michael Ducharme\Downloads\hijackthis.log
2012-02-23 03:35 - 2012-02-23 03:35 - 0302592 ____A C:\Users\Michael Ducharme\Downloads\1p384s1i.exe
2012-02-23 03:31 - 2012-02-23 03:31 - 0388608 ____A (Trend Micro Inc.) C:\Users\Michael Ducharme\Downloads\HijackThis.exe
2012-02-23 03:31 - 2012-02-23 03:31 - 0001816 ____A C:\Users\Michael Ducharme\Documents\aswMBR.txt
2012-02-23 03:31 - 2012-02-23 03:31 - 0000512 ____A C:\Users\Michael Ducharme\Documents\MBR.dat
2012-02-22 22:22 - 2012-02-24 09:59 - 4730880 ____A (AVAST Software) C:\Users\Michael Ducharme\Downloads\aswMBR.exe
2012-02-22 21:19 - 2012-02-22 21:19 - 4417295 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix2.exe
2012-02-22 09:26 - 2012-02-22 09:26 - 2322184 ____A (ESET) C:\Users\Michael Ducharme\Downloads\esetsmartinstaller_enu.exe
2012-02-22 09:26 - 2012-02-22 09:26 - 0000000 ____D C:\Program Files (x86)\ESET
2012-02-21 17:32 - 2009-01-25 10:14 - 0017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-02-21 10:06 - 2012-02-21 18:58 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-21 10:06 - 2012-02-21 18:58 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-21 10:06 - 2012-02-21 17:34 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-21 10:06 - 2012-02-21 17:32 - 0002173 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-02-21 09:55 - 2012-02-21 09:56 - 45641536 ____A (Safer-Networking Ltd. ) C:\Users\Michael Ducharme\Downloads\spybotsd-2.0.7-beta5.exe
2012-02-21 09:44 - 2011-05-12 12:03 - 0006144 ____N (Sophos Plc) C:\Windows\System32\BD75.tmp
2012-02-21 09:41 - 2011-05-12 12:03 - 0006144 ____N (Sophos Plc) C:\Windows\System32\FAC1.tmp
2012-02-21 09:40 - 2012-02-21 09:40 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\sar_15_sfx
2012-02-20 20:33 - 2011-05-12 12:03 - 0006144 ____N (Sophos Plc) C:\Windows\System32\FAC3.tmp
2012-02-20 20:31 - 2012-02-20 20:31 - 1410192 ____A C:\Users\Michael Ducharme\Downloads\sar_15_sfx.exe
2012-02-20 20:31 - 2011-05-12 12:03 - 0006144 ____N (Sophos Plc) C:\Windows\System32\4E.tmp
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-20 19:17 - 2012-02-24 09:14 - 0000000 ____D C:\Windows\ERDNT
2012-02-20 19:17 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-20 19:17 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-20 19:17 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-20 19:17 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-20 19:17 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-20 19:17 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-20 19:17 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-20 19:17 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-20 19:16 - 2012-02-24 09:34 - 0000000 ____D C:\Qoobox
2012-02-20 17:01 - 2012-02-20 17:01 - 4414512 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix.exe
2012-02-20 16:58 - 2012-02-20 16:58 - 0302592 ____A C:\Users\Michael Ducharme\Downloads\e41zng7u.exe
2012-02-20 09:15 - 2012-02-20 09:19 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\vlc
2012-02-20 08:55 - 2012-02-20 08:55 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Mozilla
2012-02-20 08:55 - 2012-02-20 08:55 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Mozilla
2012-02-20 08:50 - 2012-02-20 08:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Cycling '74
2012-02-20 08:44 - 2012-02-20 08:44 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Malwarebytes
2012-02-20 08:43 - 2012-02-21 10:39 - 3887420 ____A C:\Windows\ntbtlog.txt
2012-02-20 08:19 - 2012-02-23 13:09 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\ProcessExplorer
2012-02-20 08:19 - 2012-02-20 08:19 - 1857786 ____A C:\Users\Michael Ducharme\Downloads\ProcessExplorer.zip
2012-02-20 08:06 - 2012-02-20 08:06 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Malwarebytes
2012-02-20 08:05 - 2012-02-21 12:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-20 08:05 - 2012-02-20 08:05 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Michael Ducharme\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-20 08:05 - 2012-02-20 08:05 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-20 08:05 - 2012-02-20 08:05 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-20 08:05 - 2012-02-20 08:05 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-20 08:05 - 2011-12-10 13:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-20 07:46 - 2012-02-20 07:47 - 0000000 ____D C:\sophos
2012-02-20 07:46 - 2012-02-20 07:46 - 0361830 ____A C:\Users\Michael Ducharme\Downloads\Sophos Endpoint Security Remote Installer.exe
2012-02-20 07:45 - 2012-02-20 07:45 - 0079528 ____A C:\Users\Michael Ducharme\Downloads\sophossetup.exe
2012-02-20 07:31 - 2012-02-20 07:32 - 0001260 ____A C:\Users\Michael Ducharme\Desktop\tasklist.exe.lnk
2012-02-20 07:30 - 2012-02-20 07:35 - 0001296 ____A C:\Users\Michael Ducharme\Desktop\taskkill.exe.lnk
2012-02-19 15:02 - 2012-02-19 22:35 - 0053394 ____A C:\Users\Michael Ducharme\Documents\FM-synth.maxpat
2012-02-19 14:09 - 2012-02-19 14:09 - 0006459 ____A C:\Users\Michael Ducharme\Downloads\Class7_patches.zip
2012-02-19 14:09 - 2012-02-19 14:09 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Class7_patches
2012-02-19 12:18 - 2012-02-20 07:23 - 0033104 ____A C:\Users\Michael Ducharme\Documents\fm-oscillator.maxpat
2012-02-19 12:01 - 2012-02-19 12:03 - 0000102 ____A C:\Users\Michael Ducharme\Documents\mytestcoll3.txt
2012-02-19 10:46 - 2012-02-19 10:46 - 5490804 ____A C:\Users\Michael Ducharme\Downloads\htman-free.zip
2012-02-19 10:46 - 2012-02-19 10:46 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\htman-free
2012-02-19 10:12 - 2012-02-19 22:37 - 0124705 ____A C:\Users\Michael Ducharme\Documents\Interactive Computer Music Mid-term Michael Ducharme.maxpat
2012-02-19 08:43 - 2012-02-19 08:43 - 5550166 ____A C:\Users\Michael Ducharme\Downloads\daggerfall-manual.pdf
2012-02-18 19:19 - 2012-02-18 19:19 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-02-18 19:18 - 2012-02-18 19:18 - 0590434 ____A C:\Users\Michael Ducharme\Downloads\oalinst.zip
2012-02-18 19:18 - 2012-02-18 19:18 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\XL_Engine_Release_02
2012-02-18 19:18 - 2012-02-18 19:18 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\oalinst
2012-02-18 19:17 - 2012-02-18 19:17 - 3444698 ____A C:\Users\Michael Ducharme\Downloads\XL_Engine_Release_02.zip
2012-02-18 19:15 - 2012-02-18 19:16 - 0002825 ____A C:\Users\Michael Ducharme\Desktop\Daggerfall.pif
2012-02-18 19:15 - 2012-02-18 19:15 - 0000000 ___HD C:\Windows\PIF
2012-02-18 09:39 - 2012-02-24 07:46 - 0000112 ____A C:\Users\All Users\BmkBbUbLh.dat
2012-02-18 09:39 - 2012-02-24 07:46 - 0000112 ____A C:\ProgramData\BmkBbUbLh.dat
2012-02-18 09:29 - 2012-02-23 19:27 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-17 17:37 - 2012-02-17 17:37 - 1777255 ____A C:\Users\Michael Ducharme\Downloads\itil-whitepaper.pdf
2012-02-15 01:00 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 01:00 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 01:00 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-15 01:00 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 01:00 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 01:00 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-15 01:00 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 01:00 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 01:00 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-15 01:00 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 01:00 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 01:00 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 01:00 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 01:00 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 01:00 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 01:00 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-15 01:00 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 01:00 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 01:00 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-15 01:00 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 01:00 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 01:00 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-15 01:00 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 01:00 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-15 01:00 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 01:00 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-14 13:47 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 13:47 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 13:47 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 13:47 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-13 20:22 - 2012-02-13 20:22 - 5436744 ____A (Apple Inc.) C:\Users\Michael Ducharme\Downloads\BonjourPSSetup.exe
2012-02-13 20:21 - 2012-02-13 20:23 - 0000983 ____A C:\Users\Michael Ducharme\AppData\Roaming\OSCseq-log.txt
2012-02-13 20:21 - 2012-02-13 20:21 - 0502887 ____A C:\Users\Michael Ducharme\Downloads\OSCseq 0.9.16b.exe
2012-02-13 20:21 - 2012-02-13 20:21 - 0000000 ____D C:\Program Files (x86)\OSCseq
2012-02-13 19:59 - 2012-02-13 19:59 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Oscore
2012-02-13 19:58 - 2012-02-13 19:58 - 1369181 ____A C:\Users\Michael Ducharme\Downloads\Oscore.zip
2012-02-13 19:55 - 2012-02-13 19:58 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Xenakios
2012-02-13 19:55 - 2012-02-13 19:55 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\HourGlass_0.9.4
2012-02-13 19:54 - 2012-02-13 19:55 - 6497512 ____A C:\Users\Michael Ducharme\Downloads\HourGlass_0.9.4.zip
2012-02-13 19:41 - 2012-02-13 19:41 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Timeline
2012-02-13 19:40 - 2012-02-13 19:40 - 0047683 ____A C:\Users\Michael Ducharme\Downloads\Timeline.zip
2012-02-13 19:09 - 2012-02-13 19:09 - 0000000 ____D C:\Program Files (x86)\Ircam
2012-02-13 19:07 - 2012-02-13 19:08 - 6776780 ____A (IRCAM ) C:\Users\Michael Ducharme\Downloads\FTM.2.5.0.BETA.21-Max5.exe
2012-02-13 17:49 - 2012-02-13 17:49 - 2455951 ____A C:\Users\Michael Ducharme\Downloads\rs.delos_1.0.3.93_Win_DEMO.zip
2012-02-13 17:49 - 2012-02-13 17:49 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\rs.delos_1.0.3.93_Win_DEMO
2012-02-13 17:11 - 2012-02-13 17:11 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\TimelinerSA_beta10.1
2012-02-13 17:10 - 2012-02-13 17:10 - 0169292 ____A C:\Users\Michael Ducharme\Downloads\TimelinerSA_beta10.1.zip
2012-02-13 16:42 - 2012-02-13 16:42 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\iannix_windows__0_8_22
2012-02-13 16:29 - 2012-02-13 16:33 - 13365527 ____A C:\Users\Michael Ducharme\Downloads\iannix_windows__0_8_22.zip
2012-02-12 22:01 - 2012-02-12 22:01 - 0482981 ____A C:\Users\Michael Ducharme\Downloads\jasch_objects_0.3_win.zip
2012-02-12 22:01 - 2012-02-12 22:01 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\jasch_objects_0.3_win
2012-02-12 11:19 - 2012-02-12 11:19 - 0123712 ____A (ESET) C:\Users\Michael Ducharme\Downloads\ESETSirefefRemover.exe
2012-02-12 10:21 - 2012-02-12 10:21 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Cycling '74
2012-02-12 10:20 - 2012-02-12 10:20 - 0001993 ____A C:\Users\Public\Desktop\Max Runtime 6.0.lnk
2012-02-12 10:20 - 2012-02-12 10:20 - 0001977 ____A C:\Users\Public\Desktop\Max 6.0.lnk
2012-02-11 15:22 - 2012-02-11 15:22 - 0059798 ____A C:\Users\Michael Ducharme\Documents\20th century 2 new notes.docx
2012-02-11 12:56 - 2012-02-11 12:56 - 0034846 ____A C:\Users\Michael Ducharme\Downloads\MaxFiles.zip
2012-02-11 12:48 - 2012-02-12 11:16 - 0000000 ____D C:\Users\Michael Ducharme\Documents\my maxmsp externals
2012-02-11 12:48 - 2012-02-12 10:14 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\touchosc-editor-1.5.4-win32
2012-02-11 12:48 - 2012-02-11 12:48 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\hexler
2012-02-11 12:47 - 2012-02-11 12:47 - 0706056 ____A C:\Users\Michael Ducharme\Downloads\touchosc-editor-1.5.4-win32.zip
2012-02-10 19:13 - 2012-02-10 19:13 - 0136827 ____A C:\Users\Michael Ducharme\Downloads\Contacts.csv
2012-02-10 16:32 - 2012-02-10 16:32 - 0018607 ____A C:\Users\Ian Doucette\Documents\Empress report Feb.odt
2012-02-08 08:11 - 2012-02-08 08:11 - 0044804 ____A C:\Users\Michael Ducharme\Downloads\ShawnGrievesResume.pdf
2012-02-07 01:26 - 2012-02-07 01:26 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\AFPClient4Windows
2012-02-07 01:25 - 2012-02-07 01:25 - 0285632 ____A C:\Users\Michael Ducharme\Downloads\AFPClient4Windows_0_2_portable.exe
2012-02-05 19:50 - 2012-02-05 19:52 - 140932552 ____A C:\Users\Michael Ducharme\Downloads\DevSnd.LemurCube.zip
2012-02-05 19:21 - 2012-02-05 19:21 - 0020524 ____A C:\Users\Michael Ducharme\Downloads\WinAnalyzer~.zip
2012-02-05 19:21 - 2012-02-05 19:21 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\WinAnalyzer~
2012-02-05 19:21 - 2002-11-28 06:48 - 0014544 ____A C:\Users\Michael Ducharme\Documents\analyzer~.help
2012-02-05 18:59 - 2012-02-12 13:00 - 0025367 ____A C:\Users\Michael Ducharme\Test Lemur Control.jzml
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Examples_V2.03
2012-02-05 17:29 - 2011-05-05 17:19 - 0032164 ____A C:\Users\Michael Ducharme\Documents\x_sugar~.maxpat
2012-02-05 13:20 - 2012-02-05 13:20 - 0020647 ____A C:\Users\Michael Ducharme\Downloads\sugarSynth.zip
2012-02-05 13:20 - 2012-02-05 13:20 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\sugarSynth
2012-02-05 13:08 - 2012-02-05 13:08 - 0000093 ____A C:\Users\All Users\autorlite.lic
2012-02-05 13:08 - 2012-02-05 13:08 - 0000093 ____A C:\ProgramData\autorlite.lic
2012-02-05 13:05 - 2012-02-05 13:34 - 193352247 ____A C:\Users\Michael Ducharme\Downloads\Examples_V2.03.zip
2012-02-05 13:05 - 2012-02-05 13:05 - 0445650 ____A C:\Users\Michael Ducharme\Downloads\LemurLoader.zip
2012-02-05 12:53 - 2012-02-05 12:56 - 14021632 ____A C:\Users\Michael Ducharme\Downloads\Density_2_setup.msi
2012-02-05 12:51 - 2012-02-05 12:51 - 0000000 ____D C:\Users\Michael Ducharme\Documents\density test
2012-02-05 12:50 - 2012-02-05 12:50 - 0000000 ____D C:\Users\Michael Ducharme\Documents\test density project.pat
2012-02-05 12:44 - 2012-02-05 12:44 - 0001125 ____A C:\Users\Public\Desktop\DensityLITE.exe.lnk
2012-02-05 12:44 - 2012-02-05 12:44 - 0000000 ____D C:\Program Files (x86)\DensityLITE
2012-02-05 12:42 - 2012-02-05 12:43 - 8530432 ____A C:\Users\Michael Ducharme\Downloads\DensityLITE_setup.msi
2012-02-05 10:23 - 2012-02-05 10:23 - 0003695 ____A C:\Users\Michael Ducharme\Documents\mdeGranular~.help
2012-02-04 17:23 - 2012-02-04 17:23 - 0000000 ____D C:\Program Files (x86)\Liine
2012-02-04 17:10 - 2012-02-04 17:10 - 1382819 ____A ( ) C:\Users\Michael Ducharme\Downloads\Lemur-Installer-3.0.2.exe
2012-02-04 17:09 - 2012-02-04 17:10 - 18811925 ____A C:\Users\Michael Ducharme\Downloads\ABLemurBundle_120130.zip
2012-02-04 16:40 - 2012-02-04 16:41 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\OSC-route_1.17.1
2012-02-04 16:39 - 2012-02-04 16:39 - 0012517 ____A C:\Users\Michael Ducharme\Downloads\OSC-route_1.17.1.zip
2012-02-04 16:15 - 2012-02-04 16:18 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\OpenSoundControl_1.9.16
2012-02-04 16:03 - 2012-02-04 16:03 - 0022673 ____A C:\Users\Michael Ducharme\Downloads\OpenSoundControl_1.9.16.zip
2012-02-04 13:07 - 2012-02-07 07:10 - 0259739 ____A C:\Users\Michael Ducharme\Documents\Assignment 3 v2 bug fixed MDucharme.maxpat
2012-02-04 11:29 - 2012-02-04 11:29 - 0014687 ____A C:\Users\Michael Ducharme\Documents\basic-additive-synth.maxpat
2012-02-04 10:05 - 2012-02-04 10:05 - 0000066 ____A C:\Windows\bassmidi.sflist
2012-02-04 09:23 - 2012-02-04 09:23 - 0323623 ____A C:\Users\Michael Ducharme\Downloads\bassmididrv2.02.exe
2012-02-04 09:23 - 2012-02-04 09:23 - 0000000 ____D C:\Windows\SysWOW64\bassmididrv
2012-02-04 09:21 - 2012-02-04 09:40 - 833056140 ____A C:\Users\Michael Ducharme\Downloads\CrisisGeneralMidi3.01(OfficialPack).rar
2012-02-04 08:58 - 2012-02-18 20:00 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-02-04 08:57 - 2012-02-04 09:03 - 108409240 ____A (Bethesda Softworks ) C:\Users\Michael Ducharme\Downloads\DaggerfallSetup.exe
2012-02-04 08:54 - 2012-02-04 08:56 - 31176387 ____A (Bethesda Softworks ) C:\Users\Michael Ducharme\Downloads\ArenaSetup.exe
2012-02-04 08:52 - 2012-02-04 08:52 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Arena106Setup
2012-02-04 08:52 - 2004-03-31 12:57 - 0000000 ____D C:\ARENA
2012-02-04 08:51 - 2012-02-04 08:51 - 9196300 ____A C:\Users\Michael Ducharme\Downloads\Arena106Setup.zip
2012-01-30 07:27 - 2012-01-30 07:27 - 0005375 ____A C:\Users\Michael Ducharme\Documents\Organ piece test midi.mid
2012-01-29 11:07 - 2012-01-29 11:14 - 0002401 ____A C:\Users\Michael Ducharme\Desktop\Organ.mframe32
2012-01-29 06:43 - 2012-01-29 06:43 - 0551316 ____A C:\Users\Michael Ducharme\Downloads\golden_age_score.mp4
2012-01-27 14:08 - 2012-01-27 14:08 - 0001090 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-01-26 18:40 - 2012-01-26 18:40 - 0028455 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1 Rhythmic Cells.png
2012-01-26 18:39 - 2012-01-26 18:39 - 0042160 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1 Rhythmic Cells.mus
2012-01-26 18:11 - 2012-01-27 06:31 - 0057527 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1.odt
2012-01-26 18:11 - 2012-01-27 06:31 - 0000139 ___AH C:\Users\Michael Ducharme\Documents\.~lock.20th Century Assignment 1.odt#

============ 3 Months Modified Files and Folders =============

2012-02-25 06:01 - 2012-02-25 06:00 - 0000000 ____D C:\FRST
2012-02-25 03:57 - 2009-07-13 20:45 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-25 03:57 - 2009-07-13 20:45 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-25 03:56 - 2009-10-17 01:07 - 1694707 ____A C:\Windows\WindowsUpdate.log
2012-02-25 03:50 - 2011-06-05 13:06 - 0222992 ____A C:\Windows\molcp3.log
2012-02-25 03:50 - 2009-10-17 03:01 - 2146783232 __ASH C:\hiberfil.sys
2012-02-25 03:50 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-25 03:50 - 2009-07-13 20:51 - 0059984 ____A C:\Windows\setupact.log
2012-02-25 03:46 - 2011-06-05 13:53 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Dropbox
2012-02-25 03:46 - 2009-10-18 18:23 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\uTorrent
2012-02-25 03:46 - 2008-05-29 22:07 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\.purple
2012-02-25 03:35 - 2010-06-02 19:29 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Skype
2012-02-25 03:30 - 2011-06-05 13:55 - 0000000 ___RD C:\Users\Michael Ducharme\Dropbox
2012-02-25 02:59 - 2009-07-13 21:08 - 0032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-24 22:24 - 2011-08-14 18:28 - 0018697 ____A C:\jctInLeDom.xml
2012-02-24 15:23 - 2011-08-20 14:10 - 0000000 ____D C:\Users\All Users\PrevxCSI
2012-02-24 15:23 - 2011-08-20 14:10 - 0000000 ____D C:\ProgramData\PrevxCSI
2012-02-24 12:25 - 2009-10-17 01:41 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Thunderbird
2012-02-24 11:20 - 2012-02-24 11:20 - 0000234 ____A C:\Users\Michael Ducharme\AppData\Roaming\Safer-Networking.log
2012-02-24 10:04 - 2011-07-15 15:44 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\ProcessMonitor
2012-02-24 09:59 - 2012-02-22 22:22 - 4730880 ____A (AVAST Software) C:\Users\Michael Ducharme\Downloads\aswMBR.exe
2012-02-24 09:58 - 2012-02-24 09:56 - 0091780 ____A C:\TDSSKiller.2.7.14.0_24.02.2012_11.56.04_log.txt
2012-02-24 09:55 - 2012-02-24 09:55 - 2062896 ____A (Kaspersky Lab ZAO) C:\Users\Michael Ducharme\Desktop\tdsskiller.exe
2012-02-24 09:40 - 2009-11-17 20:27 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\Apps\2.0
2012-02-24 09:34 - 2012-02-24 09:34 - 0041114 ____A C:\ComboFix.txt
2012-02-24 09:34 - 2012-02-20 19:16 - 0000000 ____D C:\Qoobox
2012-02-24 09:20 - 2012-02-24 09:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-24 09:20 - 2012-02-24 09:14 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-24 09:20 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-24 09:17 - 2009-11-23 07:58 - 0139382 ____A C:\Windows\PFRO.log
2012-02-24 09:16 - 2009-07-13 18:34 - 99614720 ____A C:\Windows\System32\config\software.bak
2012-02-24 09:16 - 2009-07-13 18:34 - 61603840 ____A C:\Windows\System32\config\system.bak
2012-02-24 09:16 - 2009-07-13 18:34 - 4980736 ____A C:\Windows\System32\config\default.bak
2012-02-24 09:16 - 2009-07-13 18:34 - 0110592 ____A C:\Windows\System32\config\sam.bak
2012-02-24 09:16 - 2009-07-13 18:34 - 0024576 ____A C:\Windows\System32\config\security.bak
2012-02-24 09:14 - 2012-02-20 19:17 - 0000000 ____D C:\Windows\ERDNT
2012-02-24 08:56 - 2009-12-10 11:55 - 0000000 ____D C:\CM1312_Full_Solution_Win7_5_1_AM-EMEA1
2012-02-24 08:55 - 2011-12-02 17:37 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Zoiper
2012-02-24 08:52 - 2012-02-24 08:52 - 4419501 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix3.exe
2012-02-24 08:22 - 2012-02-24 08:22 - 0607260 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\dds.scr
2012-02-24 08:20 - 2012-02-24 08:20 - 0050477 ____A C:\Users\Michael Ducharme\Downloads\Defogger.exe
2012-02-24 08:20 - 2012-02-24 08:20 - 0000168 ____A C:\Users\Michael Ducharme\defogger_reenable
2012-02-24 08:20 - 2009-10-17 01:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-24 08:20 - 2009-10-17 01:07 - 0000000 ____D C:\users\Michael Ducharme
2012-02-24 07:46 - 2012-02-18 09:39 - 0000112 ____A C:\Users\All Users\BmkBbUbLh.dat
2012-02-24 07:46 - 2012-02-18 09:39 - 0000112 ____A C:\ProgramData\BmkBbUbLh.dat
2012-02-23 19:27 - 2012-02-18 09:29 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-23 19:18 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-23 19:04 - 2009-11-14 22:00 - 0000000 ____D C:\Users\Public\Documents\VSL Custom Data
2012-02-23 19:03 - 2009-11-29 08:09 - 0000095 ____A C:\Users\All Users\VSL.ini
2012-02-23 19:03 - 2009-11-29 08:09 - 0000095 ____A C:\ProgramData\VSL.ini
2012-02-23 19:00 - 2009-11-14 22:02 - 0000110 ____A C:\Users\All Users\.vslensemble64_path
2012-02-23 19:00 - 2009-11-14 22:02 - 0000110 ____A C:\ProgramData\.vslensemble64_path
2012-02-23 19:00 - 2009-11-14 22:00 - 0000092 ____A C:\Users\All Users\.vsldaemon_path
2012-02-23 19:00 - 2009-11-14 22:00 - 0000092 ____A C:\ProgramData\.vsldaemon_path
2012-02-23 16:12 - 2012-02-23 16:12 - 12112204 ____A C:\Users\Michael Ducharme\Documents\ICM mid-term opening music.aif
2012-02-23 13:09 - 2012-02-20 08:19 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\ProcessExplorer
2012-02-23 04:40 - 2012-02-23 04:40 - 0017240 ____A C:\Users\Michael Ducharme\Documents\hijackthis.log
2012-02-23 03:41 - 2012-02-23 03:37 - 0017240 ____A C:\Users\Michael Ducharme\Downloads\hijackthis.log
2012-02-23 03:35 - 2012-02-23 03:35 - 0302592 ____A C:\Users\Michael Ducharme\Downloads\1p384s1i.exe
2012-02-23 03:31 - 2012-02-23 03:31 - 0388608 ____A (Trend Micro Inc.) C:\Users\Michael Ducharme\Downloads\HijackThis.exe
2012-02-23 03:31 - 2012-02-23 03:31 - 0001816 ____A C:\Users\Michael Ducharme\Documents\aswMBR.txt
2012-02-23 03:31 - 2012-02-23 03:31 - 0000512 ____A C:\Users\Michael Ducharme\Documents\MBR.dat
2012-02-22 22:22 - 2011-06-05 13:55 - 0001052 ____A C:\Users\Michael Ducharme\Desktop\Dropbox.lnk
2012-02-22 22:22 - 2011-06-05 13:54 - 0001032 ____A C:\Users\Michael Ducharme\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-22 22:22 - 2011-06-05 13:54 - 0001032 ____A C:\Users\Michael Ducharme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-22 21:19 - 2012-02-22 21:19 - 4417295 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix2.exe
2012-02-22 09:26 - 2012-02-22 09:26 - 2322184 ____A (ESET) C:\Users\Michael Ducharme\Downloads\esetsmartinstaller_enu.exe
2012-02-22 09:26 - 2012-02-22 09:26 - 0000000 ____D C:\Program Files (x86)\ESET
2012-02-21 18:58 - 2012-02-21 10:06 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-21 18:58 - 2012-02-21 10:06 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-21 17:34 - 2012-02-21 10:06 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-21 17:32 - 2012-02-21 10:06 - 0002173 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-02-21 16:02 - 2009-07-13 20:45 - 0553672 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 12:24 - 2012-01-15 16:49 - 0000000 ____D C:\users\Organ 2
2012-02-21 12:24 - 2009-12-28 12:18 - 0000000 ____D C:\users\Mcx1-MICHAEL-PC
2012-02-21 12:24 - 2009-10-18 10:36 - 0000000 ____D C:\users\Ian Doucette
2012-02-21 12:23 - 2012-02-20 08:05 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-21 12:23 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-21 12:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-21 10:39 - 2012-02-20 08:43 - 3887420 ____A C:\Windows\ntbtlog.txt
2012-02-21 10:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-21 09:56 - 2012-02-21 09:55 - 45641536 ____A (Safer-Networking Ltd. ) C:\Users\Michael Ducharme\Downloads\spybotsd-2.0.7-beta5.exe
2012-02-21 09:40 - 2012-02-21 09:40 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\sar_15_sfx
2012-02-20 20:31 - 2012-02-20 20:31 - 1410192 ____A C:\Users\Michael Ducharme\Downloads\sar_15_sfx.exe
2012-02-20 20:31 - 2009-10-17 12:55 - 0000000 ____D C:\Program Files (x86)\Sophos
2012-02-20 19:48 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-20 19:30 - 2009-12-28 11:55 - 0000362 _RASH C:\Users\All Users\ntuser.pol
2012-02-20 19:30 - 2009-12-28 11:55 - 0000362 _RASH C:\ProgramData\ntuser.pol
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-20 19:29 - 2012-02-20 19:29 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-20 17:07 - 2009-10-17 13:33 - 0000565 ____A C:\Windows\demdata.txt
2012-02-20 17:03 - 2009-10-22 10:04 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\ElevatedDiagnostics
2012-02-20 17:01 - 2012-02-20 17:01 - 4414512 ____R (Swearware) C:\Users\Michael Ducharme\Desktop\ComboFix.exe
2012-02-20 16:58 - 2012-02-20 16:58 - 0302592 ____A C:\Users\Michael Ducharme\Downloads\e41zng7u.exe
2012-02-20 12:00 - 2009-10-18 18:23 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-20 09:19 - 2012-02-20 09:15 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\vlc
2012-02-20 08:55 - 2012-02-20 08:55 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Mozilla
2012-02-20 08:55 - 2012-02-20 08:55 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Mozilla
2012-02-20 08:50 - 2012-02-20 08:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Cycling '74
2012-02-20 08:50 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\PACE Anti-Piracy
2012-02-20 08:44 - 2012-02-20 08:44 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Malwarebytes
2012-02-20 08:19 - 2012-02-20 08:19 - 1857786 ____A C:\Users\Michael Ducharme\Downloads\ProcessExplorer.zip
2012-02-20 08:06 - 2012-02-20 08:06 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Malwarebytes
2012-02-20 08:05 - 2012-02-20 08:05 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Michael Ducharme\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-20 08:05 - 2012-02-20 08:05 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-20 08:05 - 2012-02-20 08:05 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-20 08:05 - 2012-02-20 08:05 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-20 07:47 - 2012-02-20 07:46 - 0000000 ____D C:\sophos
2012-02-20 07:46 - 2012-02-20 07:46 - 0361830 ____A C:\Users\Michael Ducharme\Downloads\Sophos Endpoint Security Remote Installer.exe
2012-02-20 07:45 - 2012-02-20 07:45 - 0079528 ____A C:\Users\Michael Ducharme\Downloads\sophossetup.exe
2012-02-20 07:35 - 2012-02-20 07:30 - 0001296 ____A C:\Users\Michael Ducharme\Desktop\taskkill.exe.lnk
2012-02-20 07:32 - 2012-02-20 07:31 - 0001260 ____A C:\Users\Michael Ducharme\Desktop\tasklist.exe.lnk
2012-02-20 07:23 - 2012-02-19 12:18 - 0033104 ____A C:\Users\Michael Ducharme\Documents\fm-oscillator.maxpat
2012-02-19 22:37 - 2012-02-19 10:12 - 0124705 ____A C:\Users\Michael Ducharme\Documents\Interactive Computer Music Mid-term Michael Ducharme.maxpat
2012-02-19 22:35 - 2012-02-19 15:02 - 0053394 ____A C:\Users\Michael Ducharme\Documents\FM-synth.maxpat
2012-02-19 21:08 - 2012-01-23 19:41 - 0023111 ____A C:\Users\Michael Ducharme\Documents\Katherine Bonness 20th Century 2 Assignment 1.pdf
2012-02-19 21:08 - 2010-01-01 23:18 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\CutePDF Writer
2012-02-19 21:07 - 2010-02-04 20:14 - 0000000 ____D C:\Users\Michael Ducharme\Documents\My Scans
2012-02-19 14:09 - 2012-02-19 14:09 - 0006459 ____A C:\Users\Michael Ducharme\Downloads\Class7_patches.zip
2012-02-19 14:09 - 2012-02-19 14:09 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Class7_patches
2012-02-19 12:03 - 2012-02-19 12:01 - 0000102 ____A C:\Users\Michael Ducharme\Documents\mytestcoll3.txt
2012-02-19 10:46 - 2012-02-19 10:46 - 5490804 ____A C:\Users\Michael Ducharme\Downloads\htman-free.zip
2012-02-19 10:46 - 2012-02-19 10:46 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\htman-free
2012-02-19 10:15 - 2009-10-17 01:41 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-02-19 08:43 - 2012-02-19 08:43 - 5550166 ____A C:\Users\Michael Ducharme\Downloads\daggerfall-manual.pdf
2012-02-18 20:00 - 2012-02-04 08:58 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-02-18 19:19 - 2012-02-18 19:19 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-02-18 19:19 - 2012-02-18 19:19 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-02-18 19:18 - 2012-02-18 19:18 - 0590434 ____A C:\Users\Michael Ducharme\Downloads\oalinst.zip
2012-02-18 19:18 - 2012-02-18 19:18 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\XL_Engine_Release_02
2012-02-18 19:18 - 2012-02-18 19:18 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\oalinst
2012-02-18 19:17 - 2012-02-18 19:17 - 3444698 ____A C:\Users\Michael Ducharme\Downloads\XL_Engine_Release_02.zip
2012-02-18 19:16 - 2012-02-18 19:15 - 0002825 ____A C:\Users\Michael Ducharme\Desktop\Daggerfall.pif
2012-02-18 19:15 - 2012-02-18 19:15 - 0000000 ___HD C:\Windows\PIF
2012-02-18 11:18 - 2010-04-22 05:39 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-02-18 09:29 - 2011-05-24 12:08 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-17 17:37 - 2012-02-17 17:37 - 1777255 ____A C:\Users\Michael Ducharme\Downloads\itil-whitepaper.pdf
2012-02-15 22:18 - 2010-01-31 21:03 - 0000000 __AHD C:\Users\Michael Ducharme\AppData\Local\6TSBHal1K5UOL0
2012-02-15 01:29 - 2010-01-02 17:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 01:11 - 2011-09-07 16:36 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 01:11 - 2011-09-07 16:36 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-15 01:01 - 2009-10-17 19:57 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 21:30 - 2011-04-23 10:23 - 0000000 ____D C:\Users\Michael Ducharme\Documents\Musical Scores and Recordings by Other Composers
2012-02-14 21:00 - 2011-06-04 18:48 - 0002014 ___AH C:\Users\Michael Ducharme\Documents\Default.rdp
2012-02-13 20:23 - 2012-02-13 20:21 - 0000983 ____A C:\Users\Michael Ducharme\AppData\Roaming\OSCseq-log.txt
2012-02-13 20:22 - 2012-02-13 20:22 - 5436744 ____A (Apple Inc.) C:\Users\Michael Ducharme\Downloads\BonjourPSSetup.exe
2012-02-13 20:21 - 2012-02-13 20:21 - 0502887 ____A C:\Users\Michael Ducharme\Downloads\OSCseq 0.9.16b.exe
2012-02-13 20:21 - 2012-02-13 20:21 - 0000000 ____D C:\Program Files (x86)\OSCseq
2012-02-13 19:59 - 2012-02-13 19:59 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Oscore
2012-02-13 19:58 - 2012-02-13 19:58 - 1369181 ____A C:\Users\Michael Ducharme\Downloads\Oscore.zip
2012-02-13 19:58 - 2012-02-13 19:55 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Xenakios
2012-02-13 19:55 - 2012-02-13 19:55 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\HourGlass_0.9.4
2012-02-13 19:55 - 2012-02-13 19:54 - 6497512 ____A C:\Users\Michael Ducharme\Downloads\HourGlass_0.9.4.zip
2012-02-13 19:41 - 2012-02-13 19:41 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Timeline
2012-02-13 19:40 - 2012-02-13 19:40 - 0047683 ____A C:\Users\Michael Ducharme\Downloads\Timeline.zip
2012-02-13 19:09 - 2012-02-13 19:09 - 0000000 ____D C:\Program Files (x86)\Ircam
2012-02-13 19:09 - 2011-10-30 19:30 - 0000000 ____D C:\Program Files (x86)\Cycling '74
2012-02-13 19:08 - 2012-02-13 19:07 - 6776780 ____A (IRCAM ) C:\Users\Michael Ducharme\Downloads\FTM.2.5.0.BETA.21-Max5.exe
2012-02-13 17:49 - 2012-02-13 17:49 - 2455951 ____A C:\Users\Michael Ducharme\Downloads\rs.delos_1.0.3.93_Win_DEMO.zip
2012-02-13 17:49 - 2012-02-13 17:49 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\rs.delos_1.0.3.93_Win_DEMO
2012-02-13 17:11 - 2012-02-13 17:11 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\TimelinerSA_beta10.1
2012-02-13 17:10 - 2012-02-13 17:10 - 0169292 ____A C:\Users\Michael Ducharme\Downloads\TimelinerSA_beta10.1.zip
2012-02-13 16:42 - 2012-02-13 16:42 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\iannix_windows__0_8_22
2012-02-13 16:33 - 2012-02-13 16:29 - 13365527 ____A C:\Users\Michael Ducharme\Downloads\iannix_windows__0_8_22.zip
2012-02-13 00:09 - 2012-01-22 10:45 - 2487327 ____A C:\Users\Michael Ducharme\Documents\Test organ.maxpat
2012-02-12 22:01 - 2012-02-12 22:01 - 0482981 ____A C:\Users\Michael Ducharme\Downloads\jasch_objects_0.3_win.zip
2012-02-12 22:01 - 2012-02-12 22:01 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\jasch_objects_0.3_win
2012-02-12 13:00 - 2012-02-05 18:59 - 0025367 ____A C:\Users\Michael Ducharme\Test Lemur Control.jzml
2012-02-12 11:19 - 2012-02-12 11:19 - 0123712 ____A (ESET) C:\Users\Michael Ducharme\Downloads\ESETSirefefRemover.exe
2012-02-12 11:16 - 2012-02-11 12:48 - 0000000 ____D C:\Users\Michael Ducharme\Documents\my maxmsp externals
2012-02-12 10:21 - 2012-02-12 10:21 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Cycling '74
2012-02-12 10:20 - 2012-02-12 10:20 - 0001993 ____A C:\Users\Public\Desktop\Max Runtime 6.0.lnk
2012-02-12 10:20 - 2012-02-12 10:20 - 0001977 ____A C:\Users\Public\Desktop\Max 6.0.lnk
2012-02-12 10:14 - 2012-02-11 12:48 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\touchosc-editor-1.5.4-win32
2012-02-12 10:05 - 2012-01-12 18:40 - 0018343 ____A C:\Users\Michael Ducharme\Documents\Imperial Court Certificate v2.odt
2012-02-11 15:22 - 2012-02-11 15:22 - 0059798 ____A C:\Users\Michael Ducharme\Documents\20th century 2 new notes.docx
2012-02-11 12:56 - 2012-02-11 12:56 - 0034846 ____A C:\Users\Michael Ducharme\Downloads\MaxFiles.zip
2012-02-11 12:48 - 2012-02-11 12:48 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\hexler
2012-02-11 12:47 - 2012-02-11 12:47 - 0706056 ____A C:\Users\Michael Ducharme\Downloads\touchosc-editor-1.5.4-win32.zip
2012-02-10 19:13 - 2012-02-10 19:13 - 0136827 ____A C:\Users\Michael Ducharme\Downloads\Contacts.csv
2012-02-10 16:32 - 2012-02-10 16:32 - 0018607 ____A C:\Users\Ian Doucette\Documents\Empress report Feb.odt
2012-02-08 08:11 - 2012-02-08 08:11 - 0044804 ____A C:\Users\Michael Ducharme\Downloads\ShawnGrievesResume.pdf
2012-02-07 07:10 - 2012-02-04 13:07 - 0259739 ____A C:\Users\Michael Ducharme\Documents\Assignment 3 v2 bug fixed MDucharme.maxpat
2012-02-07 01:26 - 2012-02-07 01:26 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\AFPClient4Windows
2012-02-07 01:25 - 2012-02-07 01:25 - 0285632 ____A C:\Users\Michael Ducharme\Downloads\AFPClient4Windows_0_2_portable.exe
2012-02-05 19:52 - 2012-02-05 19:50 - 140932552 ____A C:\Users\Michael Ducharme\Downloads\DevSnd.LemurCube.zip
2012-02-05 19:21 - 2012-02-05 19:21 - 0020524 ____A C:\Users\Michael Ducharme\Downloads\WinAnalyzer~.zip
2012-02-05 19:21 - 2012-02-05 19:21 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\WinAnalyzer~
2012-02-05 18:56 - 2010-07-07 20:43 - 0000000 ____D C:\Users\Michael Ducharme\.gimp-2.6
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Examples_V2.03
2012-02-05 17:33 - 2011-01-09 12:21 - 0525824 __ASH C:\Users\Michael Ducharme\Documents\Thumbs.db
2012-02-05 13:34 - 2012-02-05 13:05 - 193352247 ____A C:\Users\Michael Ducharme\Downloads\Examples_V2.03.zip
2012-02-05 13:20 - 2012-02-05 13:20 - 0020647 ____A C:\Users\Michael Ducharme\Downloads\sugarSynth.zip
2012-02-05 13:20 - 2012-02-05 13:20 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\sugarSynth
2012-02-05 13:08 - 2012-02-05 13:08 - 0000093 ____A C:\Users\All Users\autorlite.lic
2012-02-05 13:08 - 2012-02-05 13:08 - 0000093 ____A C:\ProgramData\autorlite.lic
2012-02-05 13:05 - 2012-02-05 13:05 - 0445650 ____A C:\Users\Michael Ducharme\Downloads\LemurLoader.zip
2012-02-05 12:56 - 2012-02-05 12:53 - 14021632 ____A C:\Users\Michael Ducharme\Downloads\Density_2_setup.msi
2012-02-05 12:51 - 2012-02-05 12:51 - 0000000 ____D C:\Users\Michael Ducharme\Documents\density test
2012-02-05 12:50 - 2012-02-05 12:50 - 0000000 ____D C:\Users\Michael Ducharme\Documents\test density project.pat
2012-02-05 12:44 - 2012-02-05 12:44 - 0001125 ____A C:\Users\Public\Desktop\DensityLITE.exe.lnk
2012-02-05 12:44 - 2012-02-05 12:44 - 0000000 ____D C:\Program Files (x86)\DensityLITE
2012-02-05 12:43 - 2012-02-05 12:42 - 8530432 ____A C:\Users\Michael Ducharme\Downloads\DensityLITE_setup.msi
2012-02-05 10:23 - 2012-02-05 10:23 - 0003695 ____A C:\Users\Michael Ducharme\Documents\mdeGranular~.help
2012-02-04 17:23 - 2012-02-04 17:23 - 0000000 ____D C:\Program Files (x86)\Liine
2012-02-04 17:10 - 2012-02-04 17:10 - 1382819 ____A ( ) C:\Users\Michael Ducharme\Downloads\Lemur-Installer-3.0.2.exe
2012-02-04 17:10 - 2012-02-04 17:09 - 18811925 ____A C:\Users\Michael Ducharme\Downloads\ABLemurBundle_120130.zip
2012-02-04 16:41 - 2012-02-04 16:40 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\OSC-route_1.17.1
2012-02-04 16:39 - 2012-02-04 16:39 - 0012517 ____A C:\Users\Michael Ducharme\Downloads\OSC-route_1.17.1.zip
2012-02-04 16:18 - 2012-02-04 16:15 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\OpenSoundControl_1.9.16
2012-02-04 16:03 - 2012-02-04 16:03 - 0022673 ____A C:\Users\Michael Ducharme\Downloads\OpenSoundControl_1.9.16.zip
2012-02-04 11:29 - 2012-02-04 11:29 - 0014687 ____A C:\Users\Michael Ducharme\Documents\basic-additive-synth.maxpat
2012-02-04 10:05 - 2012-02-04 10:05 - 0000066 ____A C:\Windows\bassmidi.sflist
2012-02-04 09:40 - 2012-02-04 09:21 - 833056140 ____A C:\Users\Michael Ducharme\Downloads\CrisisGeneralMidi3.01(OfficialPack).rar
2012-02-04 09:23 - 2012-02-04 09:23 - 0323623 ____A C:\Users\Michael Ducharme\Downloads\bassmididrv2.02.exe
2012-02-04 09:23 - 2012-02-04 09:23 - 0000000 ____D C:\Windows\SysWOW64\bassmididrv
2012-02-04 09:03 - 2012-02-04 08:57 - 108409240 ____A (Bethesda Softworks ) C:\Users\Michael Ducharme\Downloads\DaggerfallSetup.exe
2012-02-04 08:56 - 2012-02-04 08:54 - 31176387 ____A (Bethesda Softworks ) C:\Users\Michael Ducharme\Downloads\ArenaSetup.exe
2012-02-04 08:52 - 2012-02-04 08:52 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Arena106Setup
2012-02-04 08:51 - 2012-02-04 08:51 - 9196300 ____A C:\Users\Michael Ducharme\Downloads\Arena106Setup.zip
2012-02-02 16:12 - 2011-12-29 20:46 - 0000000 ____D C:\Program Files\iTunes
2012-02-02 16:12 - 2011-12-29 20:46 - 0000000 ____D C:\Program Files\iPod
2012-02-02 16:12 - 2011-12-29 20:46 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-30 07:27 - 2012-01-30 07:27 - 0005375 ____A C:\Users\Michael Ducharme\Documents\Organ piece test midi.mid
2012-01-29 11:14 - 2012-01-29 11:07 - 0002401 ____A C:\Users\Michael Ducharme\Desktop\Organ.mframe32
2012-01-29 10:59 - 2009-07-13 19:20 - 0000000 ___AD C:\Program Files\Common Files\System
2012-01-29 10:59 - 2009-07-13 19:20 - 0000000 ___AD C:\Program Files\Common Files\Microsoft Shared
2012-01-29 08:07 - 2012-01-23 22:53 - 0046358 ____A C:\Users\Michael Ducharme\Documents\Michael Ducharme 20th Century Assignment 1.mus
2012-01-29 06:43 - 2012-01-29 06:43 - 0551316 ____A C:\Users\Michael Ducharme\Downloads\golden_age_score.mp4
2012-01-27 14:08 - 2012-01-27 14:08 - 0001090 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-01-27 14:08 - 2011-08-01 14:32 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-01-27 06:31 - 2012-01-26 18:11 - 0057527 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1.odt
2012-01-27 06:31 - 2012-01-26 18:11 - 0000139 ___AH C:\Users\Michael Ducharme\Documents\.~lock.20th Century Assignment 1.odt#
2012-01-26 18:40 - 2012-01-26 18:40 - 0028455 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1 Rhythmic Cells.png
2012-01-26 18:39 - 2012-01-26 18:39 - 0042160 ____A C:\Users\Michael Ducharme\Documents\20th Century Assignment 1 Rhythmic Cells.mus
2012-01-24 21:00 - 2009-10-17 01:07 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\VirtualStore
2012-01-23 19:40 - 2012-01-23 19:39 - 0046649 ____A C:\Users\Michael Ducharme\Documents\Katherine Bonness 20th Century 2 Assignment 1.mus
2012-01-23 16:36 - 2011-05-16 17:26 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Sibelius Software
2012-01-23 15:51 - 2012-01-23 15:51 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\QL_RA_Instrument_Update_1.0.4_Win_v1
2012-01-23 15:39 - 2009-11-14 14:47 - 0000000 ____D C:\Program Files\Common Files\VSTPlugins
2012-01-23 15:39 - 2009-10-31 20:37 - 0000000 ____D C:\Users\All Users\East West
2012-01-23 15:39 - 2009-10-31 20:37 - 0000000 ____D C:\ProgramData\East West
2012-01-23 15:39 - 2009-10-31 20:37 - 0000000 ____D C:\Program Files\EastWest
2012-01-23 15:32 - 2012-01-23 15:32 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Play_Update_3.0.30_64_bit
2012-01-23 15:26 - 2012-01-23 15:26 - 0000000 ____D C:\Users\Michael Ducharme\Documents\Icelandic pieces
2012-01-23 15:20 - 2012-01-23 15:19 - 11469633 ____A C:\Users\Michael Ducharme\Downloads\QL_RA_Instrument_Update_1.0.4_Win_v1.zip
2012-01-23 10:22 - 2009-10-21 17:11 - 0122440 ____A C:\Users\Ian Doucette\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-23 08:23 - 2012-01-23 08:21 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Auth-Wizard_Error_WIN
2012-01-23 08:21 - 2012-01-23 08:20 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\DVD-Disc-1_Error_WIN
2012-01-23 08:20 - 2012-01-23 08:20 - 36205349 ____A C:\Users\Michael Ducharme\Downloads\DVD-Disc-1_Error_WIN.zip
2012-01-23 08:20 - 2012-01-23 08:20 - 16897395 ____A C:\Users\Michael Ducharme\Downloads\Auth-Wizard_Error_WIN.zip
2012-01-23 08:00 - 2009-12-11 17:22 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\HpUpdate
2012-01-22 19:19 - 2012-01-22 19:19 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\Max6_51824
2012-01-22 16:45 - 2012-01-22 16:43 - 192586901 ____A C:\Users\Michael Ducharme\Downloads\Max6_51824.zip
2012-01-22 16:12 - 2012-01-22 16:07 - 0000000 ____D C:\max
2012-01-22 16:03 - 2012-01-22 16:02 - 1242158 ____A C:\Users\Michael Ducharme\Documents\organtestmax.wav
2012-01-22 16:01 - 2012-01-22 16:01 - 1808438 ____A C:\Users\Michael Ducharme\Documents\snd.aif
2012-01-22 14:28 - 2012-01-22 14:28 - 0249005 ____A C:\Users\Michael Ducharme\Downloads\10.1.1.159.7941.pdf
2012-01-22 13:55 - 2012-01-22 13:55 - 1996387 ____A C:\Users\Michael Ducharme\Downloads\maxlibrary5.zip
2012-01-22 13:55 - 2012-01-22 13:55 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\maxlibrary5
2012-01-22 12:14 - 2012-01-22 12:14 - 0000056 ____A C:\Users\Michael Ducharme\Documents\Hauptwerk-Settings.fxp
2012-01-22 11:23 - 2012-01-22 11:22 - 0000660 ____A C:\Users\Michael Ducharme\Documents\Hauptwerk-Settings.fxb
2012-01-22 11:21 - 2012-01-22 11:21 - 0000056 ____A C:\Users\Michael Ducharme\Documents\Hauptwerk Settings.fxp
2012-01-22 10:17 - 2012-01-22 09:22 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\582354019-bonk1.3fiddle1.2
2012-01-22 10:12 - 2012-01-22 10:12 - 1718248 ____A C:\Users\Michael Ducharme\Downloads\fftw-3.2.1-dll.zip
2012-01-22 10:12 - 2012-01-22 10:12 - 0879555 ____A C:\Users\Michael Ducharme\Downloads\fftw-3.0.1-w32-pl1.zip
2012-01-22 10:12 - 2012-01-22 10:12 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\fftw-3.2.1-dll
2012-01-22 10:12 - 2012-01-22 10:12 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\fftw-3.0.1-w32-pl1
2012-01-22 09:55 - 2012-01-22 09:55 - 2325984 ____A C:\Users\Michael Ducharme\Downloads\fftw-3.3-dll32.zip
2012-01-22 09:55 - 2012-01-22 09:55 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\fftw-3.3-dll32
2012-01-22 09:52 - 2012-01-22 09:52 - 0017516 ____A C:\Users\Michael Ducharme\Downloads\WinPitch~.zip
2012-01-22 09:52 - 2012-01-22 09:52 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\WinPitch~
2012-01-22 09:22 - 2012-01-22 09:22 - 0031442 ____A C:\Users\Michael Ducharme\Downloads\582354019-bonk1.3fiddle1.2.zip
2012-01-22 08:56 - 2009-10-17 01:08 - 0122440 ____A C:\Users\Michael Ducharme\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-22 08:54 - 2010-01-02 17:18 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-22 08:53 - 2010-07-10 10:32 - 0000632 _RASH C:\Users\Michael Ducharme\ntuser.pol
2012-01-21 16:38 - 2012-01-21 16:37 - 0001292 ____A C:\Users\Michael Ducharme\Mailboxes2.csv
2012-01-21 13:00 - 2012-01-21 09:11 - 0054141 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam.mus
2012-01-21 12:47 - 2012-01-21 12:47 - 0001219 ____A C:\All Mailboxes.csv
2012-01-21 12:13 - 2012-01-21 12:13 - 0000139 ___AH C:\Users\Michael Ducharme\Downloads\.~lock.MigrationStatistics4.csv#
2012-01-21 12:12 - 2012-01-21 12:12 - 0000883 ____A C:\Users\Michael Ducharme\Downloads\MigrationStatistics4.csv
2012-01-21 10:41 - 2012-01-21 10:41 - 2629962 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Bass.mp3
2012-01-21 10:41 - 2012-01-21 10:41 - 2615796 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Tenor.mp3
2012-01-21 10:41 - 2012-01-21 10:41 - 2611042 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Baritone.mp3
2012-01-21 10:41 - 2012-01-21 10:40 - 2642668 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Alto.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2636145 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Tenor.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2630862 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Alto.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2616303 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Soprano 2.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2613740 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Bass.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2603810 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Soprano.mp3
2012-01-21 10:40 - 2012-01-21 10:40 - 2559197 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Soprano 1.mp3
2012-01-21 10:34 - 2012-01-21 10:34 - 0062928 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam.pdf
2012-01-21 10:29 - 2012-01-21 10:28 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Bass.wav
2012-01-21 10:28 - 2012-01-21 10:27 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Baritone.wav
2012-01-21 10:27 - 2012-01-21 10:26 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Tenor.wav
2012-01-21 10:26 - 2012-01-21 10:25 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Alto.wav
2012-01-21 10:25 - 2012-01-21 10:25 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 2 - Soprano.wav
2012-01-21 10:24 - 2012-01-21 10:24 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Bass.wav
2012-01-21 10:23 - 2012-01-21 10:23 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Tenor.wav
2012-01-21 10:22 - 2012-01-21 10:21 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Alto.wav
2012-01-21 10:21 - 2012-01-21 10:21 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Soprano 2.wav
2012-01-21 10:18 - 2012-01-21 10:17 - 22271022 ____A C:\Users\Michael Ducharme\Documents\Domine exaudi orationem meam - Choir 1 - Soprano 1.wav
2012-01-21 09:57 - 2011-05-16 16:25 - 0000000 ____D C:\Program Files (x86)\Sibelius Software
2012-01-21 09:55 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-21 09:49 - 2012-01-21 09:48 - 10721280 ____A C:\Users\Michael Ducharme\Downloads\Scorch620NSPluginInstaller.msi
2012-01-21 08:21 - 2012-01-21 08:21 - 0068536 ____A C:\Users\Michael Ducharme\Downloads\gabg-dom.zip
2012-01-21 08:21 - 2012-01-21 08:21 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\gabg-dom
2012-01-21 07:17 - 2012-01-21 07:17 - 0113968 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 Fixed PDF.pdf
2012-01-21 07:15 - 2012-01-21 07:15 - 0614865 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 Mechem.pdf
2012-01-21 07:02 - 2012-01-21 07:02 - 4336230 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Tenor Practice Part.mp3
2012-01-21 07:02 - 2012-01-21 07:02 - 4310800 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Alto Practice Part.mp3
2012-01-21 07:02 - 2012-01-21 07:02 - 4310312 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Bass Practice Part.mp3
2012-01-21 07:02 - 2012-01-21 07:02 - 4283740 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Soprano Practice.mp3
2012-01-21 07:01 - 2012-01-21 07:01 - 4401246 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Full Choir.mp3
2012-01-21 06:56 - 2012-01-21 06:56 - 40100910 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Bass Practice Part.wav
2012-01-21 06:55 - 2012-01-21 06:55 - 40100910 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Tenor Practice Part.wav
2012-01-21 06:52 - 2012-01-21 06:52 - 40102958 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Alto Practice Part.wav
2012-01-21 06:51 - 2012-01-21 06:51 - 40097838 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Soprano Practice.wav
2012-01-21 06:42 - 2012-01-21 06:42 - 40102958 ____A C:\Users\Michael Ducharme\Documents\Rules for Behavior 1787 (Mechem) - Full Choir.wav
2012-01-20 08:18 - 2010-06-21 20:23 - 0000600 ____A C:\Users\Michael Ducharme\AppData\Local\PUTTY.RND
2012-01-19 06:51 - 2012-01-19 06:51 - 0001006 ____A C:\Users\Michael Ducharme\Downloads\MigrationStatistics3.csv
2012-01-18 08:17 - 2012-01-18 08:17 - 0000491 ____A C:\Users\Michael Ducharme\Downloads\MigrationStatistics2.csv
2012-01-18 08:17 - 2012-01-18 08:17 - 0000139 ___AH C:\Users\Michael Ducharme\Downloads\.~lock.MigrationStatistics2.csv#
2012-01-18 08:12 - 2012-01-18 08:12 - 0000139 ___AH C:\Users\Michael Ducharme\Downloads\.~lock.MigrationStatistics.csv#
2012-01-18 08:11 - 2012-01-18 08:11 - 0001106 ____A C:\Users\Michael Ducharme\Downloads\MigrationStatistics.csv
2012-01-16 07:41 - 2012-01-16 07:41 - 3119472 ____A C:\Users\Michael Ducharme\Documents\Organ piece initial demo.mp3
2012-01-15 23:12 - 2012-01-15 22:58 - 0001417 ____A C:\Users\Public\Desktop\Hauptwerk (for MIDI sequencing).lnk
2012-01-15 23:12 - 2012-01-15 22:58 - 0001396 ____A C:\Users\Public\Desktop\Hauptwerk (stand-alone).lnk
2012-01-15 23:12 - 2012-01-13 06:57 - 0010916 ____A C:\Windows\aksdrvsetup.log
2012-01-15 23:12 - 2012-01-13 06:56 - 0000000 ____D C:\Hauptwerk
2012-01-15 23:10 - 2012-01-13 06:56 - 0000000 ____D C:\Program Files\Hauptwerk Virtual Pipe Organ
2012-01-15 18:32 - 2012-01-15 18:32 - 0002461 ____A C:\Users\Organ 2\Desktop\organ 2.mframe32
2012-01-15 18:30 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\Documents\Native Instruments
2012-01-15 18:30 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Native Instruments
2012-01-15 18:29 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\iZotope
2012-01-15 18:29 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Garritan
2012-01-15 18:29 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Audio Ease
2012-01-15 18:29 - 2012-01-15 18:29 - 0000000 ____D C:\Users\Organ 2\AppData\Local\PACE Anti-Piracy
2012-01-15 18:29 - 2012-01-15 16:49 - 0000000 ____D C:\Users\Organ 2\AppData\LocalLow
2012-01-15 18:29 - 2012-01-15 16:49 - 0000000 ____D C:\Users\Organ 2\AppData\Local\VirtualStore
2012-01-15 18:29 - 2010-12-29 13:04 - 0000000 ___HD C:\Users\Organ 2\AppData\Local\f60otCYh
2012-01-15 18:29 - 2010-12-29 08:47 - 0000000 __AHD C:\Users\Organ 2\AppData\Local\6TSBHal1K5UOL0
2012-01-15 18:15 - 2012-01-15 18:15 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\VSL
2012-01-15 17:10 - 2012-01-15 17:10 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Adobe
2012-01-15 17:10 - 2012-01-15 16:53 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Adobe
2012-01-15 16:50 - 2012-01-15 16:50 - 0122440 ____A C:\Users\Organ 2\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\WinRAR
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\HP
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\ATI
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Roaming\Apple Computer
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Local\RME TotalMix
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Local\ATI
2012-01-15 16:50 - 2012-01-15 16:50 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Apple Computer
2012-01-15 16:49 - 2012-01-15 16:49 - 0000632 _RASH C:\Users\Organ 2\ntuser.pol
2012-01-15 16:49 - 2012-01-15 16:49 - 0000174 ___SH C:\Users\Organ 2\Start Menu\Programs\Startup\desktop.ini
2012-01-15 16:49 - 2012-01-15 16:49 - 0000174 ___SH C:\Users\Organ 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-15 16:49 - 2012-01-15 16:49 - 0000020 ___SH C:\Users\Organ 2\ntuser.ini
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\Templates
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\Start Menu
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\PrintHood
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\NetHood
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\My Documents
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\Documents\My Videos
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\Documents\My Pictures
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\Documents\My Music
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\AppData\Local\Temporary Internet Files
2012-01-15 16:49 - 2012-01-15 16:49 - 0000000 __SHD C:\Users\Organ 2\AppData\Local\History
2012-01-15 16:27 - 2010-10-11 11:21 - 0000000 ____D C:\Users\Michael Ducharme\Documents\Cubase Projects
2012-01-15 16:25 - 2009-11-07 20:45 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\Steinberg
2012-01-15 16:18 - 2009-10-31 20:11 - 0035300 ____A C:\Windows\DPINST.LOG
2012-01-15 16:18 - 2009-10-31 20:11 - 0000000 ____D C:\Program Files (x86)\eLicenser
2012-01-15 16:17 - 2009-10-31 20:11 - 0000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2012-01-15 16:16 - 2012-01-15 16:14 - 146299376 ____A (Steinberg Media Technologies GmbH) C:\Users\Michael Ducharme\Downloads\Cubase_6.0.5_Update.exe
2012-01-15 15:31 - 2012-01-15 13:59 - 0014526 ____A C:\Users\Michael Ducharme\Documents\Assignment 2 WIP.maxpat
2012-01-15 12:27 - 2012-01-15 12:24 - 0000673 ____A C:\Users\Michael Ducharme\Downloads\envlNet.mid
2012-01-14 11:23 - 2010-07-05 18:11 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\VMware
2012-01-14 11:22 - 2012-01-14 11:22 - 0001294 ____A C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2012-01-14 11:22 - 2012-01-14 11:22 - 0001024 ____A C:\.rnd
2012-01-14 11:21 - 2010-07-05 18:13 - 0000000 ____D C:\Users\All Users\VMware
2012-01-14 11:21 - 2010-07-05 18:13 - 0000000 ____D C:\ProgramData\VMware
2012-01-14 11:21 - 2010-07-05 18:09 - 0000000 ____D C:\Program Files (x86)\VMware
2012-01-14 11:18 - 2012-01-14 11:16 - 132841096 ____A (VMware, Inc. ) C:\Users\Michael Ducharme\Downloads\VMware-converter-all-5.0.0-470252.exe
2012-01-14 11:07 - 2012-01-14 11:04 - 304859136 ____A C:\Users\Michael Ducharme\Downloads\VMware-VMvisor-Installer-5.0.0-469512.x86_64.iso
2012-01-13 20:06 - 2012-02-14 13:47 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 17:23 - 2012-01-13 17:23 - 2807206 ____A C:\Users\Michael Ducharme\Downloads\IMG_0419[1]
2012-01-13 07:28 - 2011-04-23 08:24 - 0000000 ____D C:\Users\Michael Ducharme\Documents\Audio and Music Apps - Installs Patches and License Info etc
2012-01-13 06:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-01-13 06:57 - 2012-01-13 06:57 - 0001245 ____A C:\Users\Michael Ducharme\Desktop\Hauptwerk user guide.lnk
2012-01-13 06:57 - 2012-01-13 06:57 - 0001034 ____A C:\Users\Michael Ducharme\Desktop\Hauptwerk (alt config 3).lnk
2012-01-13 06:57 - 2012-01-13 06:57 - 0001034 ____A C:\Users\Michael Ducharme\Desktop\Hauptwerk (alt config 2).lnk
2012-01-13 06:57 - 2012-01-13 06:57 - 0001034 ____A C:\Users\Michael Ducharme\Desktop\Hauptwerk (alt config 1).lnk
2012-01-13 06:57 - 2012-01-13 06:57 - 0000959 ____A C:\Users\Michael Ducharme\Desktop\Hauptwerk.lnk
2012-01-13 06:57 - 2012-01-13 06:54 - 0000000 ___HD C:\Program Files (x86)\Zero G Registry
2012-01-13 06:54 - 2012-01-13 06:54 - 0000000 ___HD C:\Users\Michael Ducharme\InstallAnywhere
2012-01-11 21:41 - 2012-01-11 21:41 - 82311254 ____A C:\Users\Michael Ducharme\Documents\Ed's Final Concert - Abendlied.mov
2012-01-11 21:29 - 2012-01-11 21:29 - 103539832 ____A C:\Users\Michael Ducharme\Documents\Ed's Final Concert - One by One.mov
2012-01-11 21:25 - 2012-01-11 21:25 - 68044839 ____A C:\Users\Michael Ducharme\Documents\Ed's Final Concert - Domine exaudi orationem meam.mov
2012-01-11 21:16 - 2012-01-11 21:16 - 104527109 ____A C:\Users\Michael Ducharme\Documents\Ed's Final Concert - Svaagot.mov
2012-01-11 20:09 - 2012-01-11 19:10 - 1791354375 ____A C:\Users\Michael Ducharme\Documents\Ed's Final Concert.m4v
2012-01-11 08:33 - 2012-01-10 21:18 - 0050258 ____A C:\Users\Michael Ducharme\Documents\Assignment 1.maxpat
2012-01-11 01:04 - 2011-10-07 21:02 - 0772990 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-10 19:57 - 2010-10-27 22:29 - 0000000 ___HD C:\Users\Michael Ducharme\AppData\Local\VdSRAqZ4cfqkp
2012-01-10 19:57 - 2009-10-31 20:41 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\PACE Anti-Piracy
2012-01-10 19:57 - 2009-10-31 20:41 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-01-10 19:57 - 2009-10-31 20:41 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2012-01-09 12:35 - 2012-01-09 12:35 - 0278310 ____A C:\Users\Ian Doucette\Downloads\Musicthon 2012.pdf
2012-01-09 12:34 - 2012-01-09 12:34 - 0375872 ____A C:\Users\Ian Doucette\Downloads\Variety Pledge Form.pdf
2012-01-09 07:31 - 2010-07-09 18:04 - 0439296 __ASH C:\Users\Ian Doucette\Downloads\Thumbs.db
2012-01-08 20:39 - 2012-01-08 20:39 - 0001014 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-01-08 20:39 - 2012-01-08 20:39 - 0000000 __HDC C:\Users\All Users\{AE42E1A6-D95D-454D-9F3D-E20CCCCB159A}
2012-01-08 20:39 - 2012-01-08 20:39 - 0000000 __HDC C:\ProgramData\{AE42E1A6-D95D-454D-9F3D-E20CCCCB159A}
2012-01-08 20:39 - 2011-06-01 19:40 - 0000000 ____D C:\Program Files\Native Instruments
2012-01-08 11:23 - 2012-01-08 11:23 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\BIOS_Acer_1.16_A_A
2012-01-08 11:21 - 2012-01-08 11:21 - 5592309 ____A C:\Users\Michael Ducharme\Downloads\BIOS_Acer_1.16_A_A.zip
2012-01-07 20:27 - 2012-01-07 20:26 - 4442624 ____A C:\Users\Michael Ducharme\Downloads\AudiobroDownloadCenter.exe
2012-01-03 10:52 - 2012-01-03 10:52 - 0212992 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2012-01-01 17:21 - 2012-01-01 17:21 - 0000000 ____D C:\WESTWOOD
2011-12-29 20:46 - 2011-12-29 20:46 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-12-29 20:44 - 2011-05-17 19:27 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2011-12-29 20:44 - 2010-02-14 15:06 - 0000000 ____D C:\Program Files (x86)\Safari
2011-12-29 20:43 - 2010-07-26 05:51 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2011-12-27 19:59 - 2012-02-14 13:47 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-26 17:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-25 13:22 - 2011-12-25 13:21 - 9392816 ____A C:\Users\Michael Ducharme\Downloads\pidgin-2.10.1.exe
2011-12-24 20:52 - 2011-12-24 20:52 - 5751396 ____A C:\Users\Michael Ducharme\Documents\Quest for the Golden Fleece v3b.mp3
2011-12-24 20:06 - 2011-12-24 20:05 - 5751396 ____A C:\Users\Michael Ducharme\Documents\Quest for the Golden Fleece v3.mp3
2011-12-24 11:07 - 2011-10-07 05:49 - 0001016 ____A C:\Users\Public\Desktop\Finale 2012.lnk
2011-12-24 11:07 - 2011-10-07 05:46 - 0000000 ____D C:\Program Files (x86)\Finale 2012
2011-12-24 11:05 - 2011-12-24 11:05 - 1598520 ____A (MakeMusic) C:\Users\Michael Ducharme\Downloads\Finale2012aWinUpdate.exe
2011-12-21 07:06 - 2011-12-21 07:06 - 0040725 ____A C:\Users\Michael Ducharme\Downloads\fleece.jpg
2011-12-21 02:25 - 2011-12-21 02:20 - 83850334 ____A C:\Users\Michael Ducharme\Downloads\1. ROUGH CUT - TIME CODE 3.aif
2011-12-20 20:13 - 2011-12-20 20:12 - 5751396 ____A C:\Users\Michael Ducharme\Documents\Quest for the Golden Fleece v2.mp3
2011-12-19 16:34 - 2011-12-19 16:07 - 5751396 ____A C:\Users\Michael Ducharme\Documents\Quest for the Golden Fleece.mp3
2011-12-19 11:39 - 2011-12-19 11:32 - 2800008 ____A C:\Users\Michael Ducharme\Documents\Quest for the Golden Fleece WIP v1.mp3
2011-12-19 09:53 - 2011-12-19 09:52 - 16773067 ____A C:\Users\Michael Ducharme\Desktop\Michael DUcharme Template v1 all 64-bit plugins unpreserved.mframe64
2011-12-19 08:30 - 2011-06-24 17:33 - 0394068 ____A C:\Users\Michael Ducharme\Desktop\Michael Ducharme Template v1b Piano Only.mframe32
2011-12-19 08:09 - 2010-07-08 16:20 - 0000000 ____D C:\Program Files (x86)\HP
2011-12-18 12:49 - 2011-12-18 12:47 - 5569740 ____A C:\Users\Michael Ducharme\Documents\Drunkman Overture WIP v2.mp3
2011-12-18 00:50 - 2011-10-27 20:54 - 0000000 ____D C:\Users\Ian Doucette\AppData\Local\ElevatedDiagnostics
2011-12-16 00:46 - 2012-02-14 13:47 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 23:52 - 2012-02-14 13:47 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 02:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 18:43 - 2010-05-24 09:27 - 0198656 __ASH C:\Users\Michael Ducharme\Downloads\Thumbs.db
2011-12-14 18:42 - 2011-12-14 18:42 - 0023182 ____A C:\Users\Michael Ducharme\Downloads\water-drop-1.jpg
2011-12-14 16:35 - 2011-12-14 16:59 - 38786212 ____A C:\Users\Michael Ducharme\Documents\Aqua Phasma.wav
2011-12-14 07:34 - 2011-12-14 07:34 - 0000004 ____A C:\Users\Michael Ducharme\Documents\new dummy file 2.txt
2011-12-13 23:43 - 2012-02-15 01:00 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 23:16 - 2012-02-15 01:00 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 23:11 - 2012-02-15 01:00 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-13 23:04 - 2012-02-15 01:00 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 23:04 - 2012-02-15 01:00 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 23:03 - 2012-02-15 01:00 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 23:03 - 2012-02-15 01:00 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 23:01 - 2012-02-15 01:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 23:00 - 2012-02-15 01:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-13 22:59 - 2012-02-15 01:00 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 22:57 - 2012-02-15 01:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 22:57 - 2012-02-15 01:00 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 22:53 - 2012-02-15 01:00 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 19:49 - 2010-07-09 18:04 - 0380928 __ASH C:\Users\Ian Doucette\Documents\Thumbs.db
2011-12-13 19:47 - 2011-12-13 19:47 - 8937141 ____A C:\Users\Public\Desktop\fsdiag.tar.gz
2011-12-13 19:44 - 2011-12-13 19:44 - 0000000 ____A C:\Users\Michael Ducharme\Downloads\fsdiag[1].zip
2011-12-13 19:34 - 2011-12-13 19:34 - 12962921 ____A C:\Users\Ian Doucette\Downloads\FLORIDA-GOOD FEELING-DJ ROY VOCAL MIX.mp3
2011-12-13 19:30 - 2012-02-15 01:00 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-13 19:10 - 2012-02-15 01:00 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-13 19:08 - 2011-12-13 19:08 - 0000005 ____A C:\Users\Michael Ducharme\Documents\file test.txt
2011-12-13 19:04 - 2012-02-15 01:00 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-13 18:57 - 2012-02-15 01:00 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-13 18:57 - 2012-02-15 01:00 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-13 18:57 - 2011-12-13 18:57 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Local\F-Secure Online Backup
2011-12-13 18:57 - 2011-12-13 18:57 - 0000000 ____D C:\Users\All Users\F-Secure Online Backup
2011-12-13 18:57 - 2011-12-13 18:57 - 0000000 ____D C:\ProgramData\F-Secure Online Backup
2011-12-13 18:57 - 2011-12-13 18:57 - 0000000 ____D C:\Program Files (x86)\f-secure
2011-12-13 18:56 - 2012-02-15 01:00 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-13 18:55 - 2012-02-15 01:00 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-13 18:54 - 2012-02-15 01:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-13 18:53 - 2012-02-15 01:00 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-13 18:52 - 2012-02-15 01:00 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-13 18:50 - 2012-02-15 01:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-13 18:50 - 2012-02-15 01:00 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-13 18:47 - 2012-02-15 01:00 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-13 18:46 - 2011-11-22 19:55 - 0000000 ____D C:\Users\All Users\F-Secure
2011-12-13 18:46 - 2011-11-22 19:55 - 0000000 ____D C:\ProgramData\F-Secure
2011-12-13 18:39 - 2011-12-13 18:38 - 31163048 ____A (F-Secure Corporation) C:\Users\Michael Ducharme\Downloads\Online Backup-eu.exe
2011-12-13 18:33 - 2009-10-20 01:20 - 0000000 ____D C:\Users\Ian Doucette\AppData\Roaming\uTorrent
2011-12-13 18:02 - 2011-12-13 15:55 - 0000000 ____D C:\Users\Ian Doucette\Downloads\Va-The Best Remixes 2011 (September) Vol 13
2011-12-13 15:44 - 2011-12-13 15:44 - 17658109 ____A C:\Users\Ian Doucette\Downloads\Hold It Against Me (Abe Clements Club Mix).mp3
2011-12-13 15:42 - 2011-12-13 15:42 - 9972613 ____A C:\Users\Ian Doucette\Downloads\Adele - Set Fire To The Rain (Niico Remix)a.mp3
2011-12-12 19:19 - 2011-11-12 13:10 - 0971222 ____A C:\Users\Ian Doucette\Downloads\Always True To You In My Fashion.mp3
2011-12-12 19:15 - 2011-12-12 19:15 - 0009035 ___SH C:\Users\Ian Doucette\Downloads\AlbumArt_{6AE2002C-12E0-4A52-B9F1-FC1ACE6D7A7F}_Large.jpg
2011-12-12 19:15 - 2009-10-25 13:21 - 0009035 ___SH C:\Users\Ian Doucette\Downloads\Folder.jpg
2011-12-12 19:14 - 2011-12-12 19:15 - 0002347 ___SH C:\Users\Ian Doucette\Downloads\AlbumArt_{6AE2002C-12E0-4A52-B9F1-FC1ACE6D7A7F}_Small.jpg
2011-12-12 19:14 - 2009-10-25 13:21 - 0002347 ___SH C:\Users\Ian Doucette\Downloads\AlbumArtSmall.jpg
2011-12-12 10:19 - 2011-12-12 15:35 - 6988276 ____A C:\Users\Michael Ducharme\Documents\Water v7b mix 1.mp3
2011-12-10 13:24 - 2012-02-20 08:05 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 11:49 - 2011-04-23 08:28 - 0000000 ____D C:\Users\Michael Ducharme\Documents\Tiara picture for ian
2011-12-07 01:02 - 2012-01-15 16:49 - 0000000 ____D C:\Users\Organ 2\AppData\Local\Microsoft Help
2011-12-07 01:02 - 2011-12-07 01:02 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-12-07 01:02 - 2011-12-07 01:02 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-12-06 19:35 - 2011-12-06 15:24 - 10814535 ____A C:\Users\Ian Doucette\Downloads\icehouseindustries - marry the night (icehouseindustries remix).mp3
2011-12-05 08:25 - 2011-12-05 08:31 - 3650454 ____A C:\Users\Michael Ducharme\Documents\Water v4 mix 2.mp3
2011-12-02 17:56 - 2011-12-02 17:56 - 0000000 ____D C:\Users\Michael Ducharme\Downloads\SIPProxy-2.1-beta
2011-12-02 17:53 - 2011-12-02 17:53 - 8315485 ____A C:\Users\Michael Ducharme\Downloads\SIPProxy-2.1-beta.zip
2011-12-02 17:37 - 2011-12-02 17:37 - 5307568 ____A C:\Users\Michael Ducharme\Downloads\ZoiperCommunicatorFree-2.05_Installer.exe
2011-12-02 17:37 - 2011-12-02 17:37 - 0000856 ____A C:\Users\Public\Desktop\Zoiper Communicator.lnk
2011-12-02 17:37 - 2011-12-02 17:37 - 0000000 ____D C:\Program Files (x86)\Zoiper Communicator
2011-12-02 07:40 - 2011-12-02 07:39 - 0160373 ____A C:\Users\Michael Ducharme\Downloads\Release_Notes_Core_02-102011-3.2-v02.pdf
2011-11-29 16:36 - 2011-11-22 17:14 - 15426790 ____A C:\Users\Ian Doucette\Downloads\Lady Gaga Edge of Glory AFSHeeN Remix .mp3
2011-11-29 16:25 - 2011-11-29 16:25 - 14038791 ____A C:\Users\Ian Doucette\Downloads\Hair (Alessio Silvestro Remix).mp3
2011-11-29 16:19 - 2011-11-29 16:19 - 12046346 ____A C:\Users\Ian Doucette\Downloads\Lady Gaga - Edge Of Glory (Mo Rada mix) radio.mp3
2011-11-28 07:31 - 2011-11-28 07:23 - 0000000 ____D C:\Users\Michael Ducharme\Documents\GS drive backup
2011-11-28 07:22 - 2011-11-28 07:20 - 0000000 ____D C:\Users\Michael Ducharme\AppData\Roaming\U3
2011-11-28 07:21 - 2011-11-28 07:21 - 1126928 ____A C:\Users\Michael Ducharme\Downloads\launchpadremoval.zip

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8191.11 MB
Available physical RAM: 7308.65 MB
Total Pagefile: 8189.26 MB
Available Pagefile: 7299.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:292.87 GB) (Free:18.17 GB) NTFS
3 Drive d: (Samples) (Fixed) (Total:931.51 GB) (Free:294.28 GB) NTFS
4 Drive f: (DATA) (Fixed) (Total:1104.29 GB) (Free:82.86 GB) NTFS
6 Drive h: (LEXAR) (Removable) (Total:29.86 GB) (Free:14.81 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 1024 KB
Disk 1 Online 931 GB 0 B
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 292 GB 101 MB
Partition 3 Primary 1104 GB 292 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 292 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F DATA NTFS Partition 1104 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Samples NTFS Partition 931 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 1096 KB

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H LEXAR FAT32 Removable 29 GB Healthy



==========================================================

Last Boot: 2012-02-08 22:02

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 25 February 2012 - 01:18 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

4 cmuda; C:\Windows\System32\AlKernel.dll [6656 2009-07-13] (Oak Technology Inc.)
2 LPDSVC; C:\Windows\System32\imap4d32.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\AlKernel.dll
C:\Windows\System32\imap4d32.dll
NETSVC: LPDSVC
NETSVC: cmuda

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 26 February 2012 - 11:55 AM

Attached are the logs - since running the script and combofix again, consrv.dll is finally not reappearing. I think I might finally be virus-free but will have to monitor the situation for a few days to be sure. I am running a full virus scan right now with my Sophos - is there anything else you want me to do?

Thanks so much for your help.


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-26 09:40:48 R:1
Running from H:\

==============================================

cmuda service deleted successfully.
LPDSVC service deleted successfully.
C:\Windows\System32\AlKernel.dll moved successfully.
C:\Windows\System32\imap4d32.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LPDSVC Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs cmuda Deleted successfully.

==== End of Fixlog ====

ComboFix 12-02-24.02 - Michael Ducharme 02/26/2012 9:53.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5737 [GMT -6:00]
Running from: c:\users\Michael Ducharme\Desktop\ComboFix3.exe
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 16:12 . 2012-02-26 16:12 -------- d-----w- c:\users\Mcx1-MICHAEL-PC\AppData\Local\temp
2012-02-26 16:12 . 2012-02-26 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 16:12 . 2012-02-26 16:12 -------- d-----w- c:\users\Organ 2\AppData\Local\temp
2012-02-26 16:12 . 2012-02-26 16:12 -------- d-----w- c:\users\Ian Doucette\AppData\Local\temp
2012-02-25 14:00 . 2012-02-25 14:02 -------- d-----w- C:\FRST
2012-02-22 17:26 . 2012-02-22 17:26 -------- d-----w- c:\program files (x86)\ESET
2012-02-22 01:32 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-02-21 18:06 . 2012-02-22 02:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-21 18:06 . 2012-02-22 01:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-02-21 17:44 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\BD75.tmp
2012-02-21 17:41 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\FAC1.tmp
2012-02-21 04:33 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\FAC3.tmp
2012-02-21 04:31 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\4E.tmp
2012-02-20 17:15 . 2012-02-20 17:19 -------- d-----w- c:\users\Organ 2\AppData\Roaming\vlc
2012-02-20 16:55 . 2012-02-20 16:55 -------- d-----w- c:\users\Organ 2\AppData\Local\Mozilla
2012-02-20 16:50 . 2012-02-20 16:50 -------- d-----w- c:\users\Organ 2\AppData\Roaming\Cycling '74
2012-02-20 16:44 . 2012-02-20 16:44 -------- d-----w- c:\users\Organ 2\AppData\Roaming\Malwarebytes
2012-02-20 16:06 . 2012-02-20 16:06 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Malwarebytes
2012-02-20 16:05 . 2012-02-20 16:05 -------- d-----w- c:\programdata\Malwarebytes
2012-02-20 16:05 . 2012-02-21 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 16:05 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 15:46 . 2012-02-20 15:47 -------- d-----w- C:\sophos
2012-02-19 03:19 . 2012-02-19 03:19 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-19 03:19 . 2012-02-19 03:19 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-19 03:19 . 2012-02-19 03:19 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-19 03:19 . 2012-02-19 03:19 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-19 03:19 . 2012-02-19 03:19 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-19 03:15 . 2012-02-19 03:15 -------- d--h--w- c:\windows\PIF
2012-02-18 17:29 . 2012-02-24 03:27 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 21:47 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:47 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 04:21 . 2012-02-14 04:21 -------- d-----w- c:\program files (x86)\OSCseq
2012-02-14 03:55 . 2012-02-14 03:58 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Xenakios
2012-02-14 03:09 . 2012-02-14 03:09 -------- d-----w- c:\program files (x86)\Ircam
2012-02-12 18:21 . 2012-02-12 18:21 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\Cycling '74
2012-02-11 20:48 . 2012-02-11 20:48 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\hexler
2012-02-07 09:26 . 2012-02-07 09:26 -------- d-----w- c:\users\Michael Ducharme\AppData\Roaming\AFPClient4Windows
2012-02-05 20:44 . 2012-02-05 20:44 -------- d-----w- c:\program files (x86)\DensityLITE
2012-02-05 01:23 . 2012-02-05 01:23 -------- d-----w- c:\program files (x86)\Liine
2012-02-04 17:23 . 2012-02-04 17:23 -------- d-----w- c:\windows\SysWow64\bassmididrv
2012-02-04 16:58 . 2012-02-19 04:00 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-02-04 16:52 . 2004-03-31 20:57 -------- d-----w- C:\ARENA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 17:29 . 2011-05-24 20:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-01-21 17:58 . 2012-01-21 17:58 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2012-01-21 17:57 . 2012-01-21 17:57 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2012-01-19 20:56 . 2012-01-19 20:56 212992 ----a-w- c:\windows\SysWow64\ReWire.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-24_17.20.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-17 09:21 . 2012-02-26 15:47 58990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-26 15:47 37926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-23 17:55 37926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-17 11:05 . 2012-02-25 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-17 11:05 . 2012-02-23 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-17 11:05 . 2012-02-25 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-17 11:05 . 2012-02-23 17:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-25 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-23 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-26 01:18 . 2012-02-26 15:35 3658 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-10-17 09:18 . 2012-02-26 15:47 9182 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1245066529-788200566-2819897786-1001_UserData.bin
- 2012-02-24 17:17 . 2012-02-24 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-26 15:42 . 2012-02-26 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-26 15:42 . 2012-02-26 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-24 17:17 . 2012-02-24 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-18 17:40 . 2012-02-24 17:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-18 17:40 . 2012-02-26 16:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-26 16:12 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-24 17:18 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:12 . 2012-02-23 17:54 393216 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-25 13:00 393216 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-24 17:16 415608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-26 15:35 415608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-02-26 16:12 6078464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-24 17:18 6078464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-24 18:08 . 2012-02-26 15:35 3012432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-24 18:08 . 2012-02-24 17:16 3012432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-12 03:43 . 2012-02-26 15:35 2753904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245066529-788200566-2819897786-1001-8192.dat
- 2009-07-14 04:54 . 2012-02-24 17:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-26 16:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-26 04:15 . 2012-02-26 04:15 194080768 c:\windows\Installer\1dbe02a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-20 740216]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DVDFab Passkey"="c:\program files (x86)\DVDFab Passkey\DVDFabPasskey.exe" [2011-09-29 1135608]
"ZoiperCommunicator"="c:\program files (x86)\Zoiper Communicator\Zoiper.exe" [2011-03-07 7554936]
"F-Secure Hoster"="c:\program files (x86)\f-secure\Online Backup\fshoster32.exe" [2011-11-01 147096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-10-22 53248]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-01-19 439536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\Pivot_startup.exe" [2010-06-17 110192]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-05-26 826896]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"LemurDaemon"="c:\program files (x86)\Liine\Lemur Daemon.exe" [2011-12-13 459776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
.
c:\users\Michael Ducharme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-6-23 49340]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LoopBe30 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe30\loough.exe [2008-1-21 315256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=bassmididrv\bassmididrv.dll
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-01-19 97520]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [x]
R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [x]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-08-20 6746280]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 molcpeth;MusicLab NDIS MolCpEth Protocol;c:\windows\system32\DRIVERS\molcpeth.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-01-19 163056]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-01-19 1541360]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp_64.sys [x]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2011-03-25 25720]
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);c:\windows\system32\drivers\loopbe30.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;c:\windows\system32\DRIVERS\mlmolcp3.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael Ducharme\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDSPTray1"="hdsp32.exe" [2011-05-06 647680]
"HDSPTray2"="hdspmix.exe" [2011-05-06 1158144]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MolCp3Monitor"="c:\program files\MusicLab\MolCp III\monitor.exe" [2011-03-07 174592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TMHIDSRV
MpFilter
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.85.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files (x86)\QuickTax 2007\ic2007pp.dll
DPF: {B0073133-2D9B-4AC6-8AAC-6EB8E9343040} - hxxp://rmx-mcu.gobcn.ca/EMA.Utils/EMA.ClassLoader/EMA.CLASSLOADER/Release/EMA.ClassLoader.cab
FF - ProfilePath - c:\users\Michael Ducharme\AppData\Roaming\Mozilla\Firefox\Profiles\default.fam\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}"=hex:51,66,7a,6c,4c,1d,38,12,fb,75,f9,
3d,c0,fd,2a,09,db,aa,6a,3a,df,d1,96,21
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-26 10:38:22
ComboFix-quarantined-files.txt 2012-02-26 16:38
ComboFix2.txt 2012-02-24 17:34
ComboFix3.txt 2012-02-23 05:56
ComboFix4.txt 2012-02-21 03:48
.
Pre-Run: 19,174,277,120 bytes free
Post-Run: 18,830,729,216 bytes free
.
- - End Of File - - 2CD84D9E91E35C47CD62D71860543073

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 26 February 2012 - 01:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\BD75.tmp
c:\windows\system32\FAC1.tmp
c:\windows\system32\FAC3.tmp
c:\windows\system32\4E.tmp
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Michael Ducharme

Michael Ducharme
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 26 February 2012 - 02:18 PM

Hi, I hope you don't mind - I went and I manually deleted those specific files listed in your script (they have not reappeared, and no new .tmp or .cmd files have appeared in system32) and cleared my Java cache manually - last time I ran combofix it seemed to erase my F-Secure Online Backup config file and I had to reconfigure the entire thing from scratch, so I would rather not run combofix if it is only to delete those 5 files and clear my Java cache. If you need the log or there is some other reason I will run combofix again of course.. let me know. Still no signs of virus/malware.

Edited by Michael Ducharme, 26 February 2012 - 02:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users