Jump to content

pjgibbons

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

948 profile views
  1. I've tried to run mbam-check - a window opens for a split second, then it disappears. I've tried it numerous times, restarted, etc. I don't know why it won't run.
  2. Still in German, but gave me the option to translate. thanks again
  3. Your paypal page is in German, any idea how I get to an English version?
  4. K sounds good. My son is using Java for a programming class, so I'll leave that one alone. Thanks again for all of your help
  5. Should I also delete Java SE Development Kit 6 Update 25 (64 bit)? Also, do you recommend any particular antivirus? I've got the Norton security suite installed on the machine (with automatic updates), but it never signaled that there was a problem throughout this disaster:(
  6. Combo fix log: ComboFix 13-03-12.02 - Pam 03/13/13 20:52:57.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3456 [GMT -5:00] Running from: C:\Users\Pam\Desktop\ComboFix.exe Command switches used :: L:\CFScript.txt AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FILE :: "C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\TEMP\jna6072080013482144580.dll ((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 ))))))))))))))))))))))))))))))) 2071-07-25 15:13:30 . 2006-11-22 02:48:08 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\QBDataServiceUser18\AppData\Local\temp 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2013-03-13 18:57:34 . 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET 2013-03-13 00:56:12 . 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2013-03-13 00:30:17 . 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS 2013-03-12 03:33:58 . 2013-03-12 03:33:58 -------- d-----w- C:\FRST 2013-03-11 14:58:30 . 2013-03-11 14:58:30 -------- d-----w- C:\Program Files (x86)\Common Files\Java 2013-03-11 14:58:15 . 2013-03-11 14:57:25 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57:54 . 2013-03-11 14:57:28 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22:47 . 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 11:15:51 . 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec 2013-03-11 03:25:22 . 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25:05 . 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-11 03:25:04 . 2013-03-11 03:25:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25:04 . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-03-11 03:24:51 . 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs 2013-02-13 09:04:07 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04:07 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07:51 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-02-13 02:07:50 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07:49 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07:38 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys 2013-02-13 02:07:35 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll 2013-02-13 02:07:35 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 02:07:35 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 02:07:35 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 02:07:34 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 02:07:34 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 02:07:32 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-02-13 02:07:32 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-03-13 02:39:52 . 2009-12-12 14:06:41 72013344 ----a-w- C:\Windows\system32\MRT.exe 2013-03-13 01:39:44 . 2013-03-13 02:00:21 512 ----a-w- C:\mbr.zip 2013-03-13 01:39:44 . 2013-03-13 01:44:57 512 ----a-w- C:\Users\mbr.zip 2013-03-13 01:04:25 . 2011-05-08 20:05:22 2480064 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43:10 . 2013-01-24 16:25:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43:10 . 2011-06-29 12:59:44 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09:54 . 2013-03-13 01:44:48 512 ----a-w- C:\Users\MBRbackup.zip 2013-03-11 14:57:25 . 2011-03-27 15:22:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 . 2013-03-13 00:31:10 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 . 2013-03-13 00:31:10 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 . 2013-03-13 00:31:11 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-01-21 00:11:59 . 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43:21 . 2013-02-13 02:07:35 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 . 2012-12-21 09:00:55 46080 ----a-w- C:\Windows\system32\atmlib.dll 2012-12-16 14:45:03 . 2012-12-21 09:00:55 367616 ----a-w- C:\Windows\system32\atmfd.dll 2012-12-16 14:13:28 . 2012-12-21 09:00:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 . 2012-12-21 09:00:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 14:07:23 160328] "WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 23:21:54 1449824] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18:59:26 18705664] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 15:52:02 98304] "ATICustomerCare"="C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 00:24:46 307200] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 01:06:18 59280] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 16:18:54 1185112] "IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 01:52:00 140640] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 00:33:22 421776] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 21:49:28 682344] R2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 15:32:12 128536] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 18:55:20 161536] R3 27303051;27303051;C:\Windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 07:01:44 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\system32\DRIVERS\libusb0.sys [2011-03-31 02:00:21 43456] R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\system32\Drivers\psdrv3.sys [2011-05-08 17:07:54 23816] R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys [2011-04-29 03:18:02 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys [2011-04-29 03:18:04 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\system32\drivers\tscusb2a.sys [2011-04-29 03:18:04 53080] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 16:01:50 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 23:49:06 68440] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-04 08:00:33 1255736] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976] R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 02:01:54 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 02:06:04 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 03:50:05 433200] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 02:53:35 221304] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120] S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 04:19:26 593544] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 09:54:30 513184] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 05:03:51 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 02:53:36 451704] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-04-20 07:04:20 203776] S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-03-16 15:19:38 222720] S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 05:52:36 191896] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 03:09:52 155648] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 21:49:28 398184] S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 04:18:43 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 11:05:00 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 04:48:51 138912] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 21:49:28 24176] --- Other Services/Drivers In Memory --- *Deregistered* - mozyFilter *Deregistered* - MPFP [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14:04 1630672 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-03-14 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 16:25:24 . 2013-03-13 00:43:16] 2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51] 2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 23:50:18 56320] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 22:54:40 178712] "SysTrayApp"="C:\Program Files (x86)\IDT\WDM\sttray64.exe" [bU] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 01:50:00 2726728] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 - - - - ORPHANS REMOVED - - - - AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by Pam at 21:17:44 on 2013-03-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.4181 [GMT -5:00] . AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CrashPlan\CrashPlanService.exe C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\CrashPlan\CrashPlanTray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Live\Mesh\MOE.exe C:\Windows\splwow64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\prevhost.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.yahoo.com/?u uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyServer = :0 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: turbotax.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://www.dell4me.com/myway x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSviA64.sys [2013-3-12 513184] R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776] R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720] R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344] S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160] S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576] S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-14 02:06:41 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-14 01:51:10 -------- d-----w- C:\ComboFix 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET 2013-03-13 12:17:16 -------- d-----w- C:\Users\Pam\AppData\Local\{A0034E39-0497-4A2E-A7EB-2A2917995EBE} 2013-03-13 02:54:06 98816 ----a-w- C:\Windows\sed.exe 2013-03-13 02:54:06 256000 ----a-w- C:\Windows\PEV.exe 2013-03-13 02:54:06 208896 ----a-w- C:\Windows\MBR.exe 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS 2013-03-13 00:16:18 -------- d-----w- C:\Users\Pam\AppData\Local\{A37B3826-F482-4C62-A44C-9E0B306654DD} 2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE} 2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65} 2013-03-12 03:33:58 -------- d-----w- C:\FRST 2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6} 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB} 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec 2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA} 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs 2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B} 2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4} 2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-03-13 00:43:10 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:43:10 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll . ============= FINISH: 21:28:01.60 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 12/05/09 5:47:15 PM System Uptime: 03/13/13 9:13:42 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G254H Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 684 GiB total, 531.733 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.299 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP311: 03/13/13 1:53:52 AM - Scheduled Checkpoint RP312: 03/13/13 3:00:36 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com ActiveState ActivePython 2.6.6.15 (64-bit) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Adobe Shockwave Player 11.5 Age of Empires III AI RoboForm (All Users) Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager ATI Catalyst Registration Banctec Service Agreement BlueJ Bonjour Browser Address Error Redirector Canon CanoScan Toolbox 5.0 Canon IJ Network Scan Utility Canon IJ Network Tool Canon Inkjet Printer Driver Add-On Module Canon MG5200 series MP Drivers Canon MG5200 series User Registration Canon MP Navigator EX 4.0 Canon My Printer Canon Solution Menu EX Canon Utilities Easy-PhotoPrint EX CanoScan LiDE 70 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help Japanese CCC Help Korean Comcast High-Speed Internet Install Wizard Compatibility Pack for the 2007 Office system CrashPlan Crystal Reports for Visual Studio CutePDF Writer 2.7 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Dock Dell Driver Download Manager Dell Getting Started Guide Dell Printer Software Dotfuscator Software Services - Community Edition EDocs ESET Online Scanner v3 Finale 2011 Google Chrome Google Update Helper GPL Ghostscript 8.64 Greenfoot 2.0.1 GSview 4.9 IDT Audio InfraRecorder Intel® Matrix Storage Manager iTunes Java 7 Update 17 Java Auto Updater Java 6 Update 24 Java 6 Update 25 (64-bit) Java SE Development Kit 6 Update 25 (64-bit) libQGLViewer Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Help Viewer 1.1 Microsoft Money Plus Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher 2010 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Publisher 2010 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 IntelliTrace Collection (x64) Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Visual Studio Macro Tools Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Norton Security Suite OpenNI 1.0.0 for Windows (remove only) Payroll Mate (2010) 6.0.15 Payroll Mate (2011) 7.0.9 Picasa 3 Prime Sense - NITE 1.3.0 for Windows (remove only) PrimeSensor 5.0.0 for Windows (Kinect Mod) (remove only) QB Connection Diagnostic Tool QuickBooks Company File Diagnostic Tool QuickBooks Pro 2008 QuickTime Ring Factory 2009 (3.0.2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) Skype Toolbars Skype™ 6.1 Spelling Dictionaries Support For Adobe Reader 9 Sql Server Customer Experience Improvement Program SupportSoft Assisted Service Tax Forms Helper 2008 8.5 Tax Forms Helper 2010 9.5 The Battle for Middle-earth The Battle for Middle-earth II TurboTax 2009 TurboTax 2009 wiliper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2009 wwiiper TurboTax 2010 TurboTax 2010 wiliper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2010 wwiiper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition US-122 MKII / US-144 MKII Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VoiceOver Kit Vuze WCF RIA Services V1.0 SP1 Web Deployment Tool WIDCOMM Bluetooth Software 6.0.1.4300 Windows Driver Package - PrimeSense (psdrv3) PrimeSense (02/16/2011 3.1.2.0) Windows Driver Package - PrimeSense (psdrv3) PrimeSensor (07/13/2010 3.1.0.4) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live OneCare safety scanner Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 03/13/13 9:20:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 03/13/13 9:14:17 PM, Error: Service Control Manager [7038] - The QuickBooksDB18 service was unable to log on as .\QBDataServiceUser18 with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 03/13/13 9:14:17 PM, Error: Service Control Manager [7000] - The QuickBooksDB18 service failed to start due to the following error: The service did not start due to a logon failure. 03/13/13 9:03:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 03/13/13 9:02:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 03/13/13 12:39:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 03/13/13 1:07:40 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 03/12/13 8:59:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 03/12/13 8:59:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 03/12/13 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 03/12/13 8:58:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIM SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 7:18:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 03/12/13 11:42:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000048, 0x0000000000000002, 0x0000000000000001, 0xfffff80003171e7f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-24507-01. 03/12/13 11:36:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007606bb0, 0x0000000000000000, 0x00000000fffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-102445-01. 03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2791765). 03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289). 03/11/13 7:29:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030af26b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-24382-01. 03/11/13 6:21:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 03/11/13 6:20:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338ecda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-73538-01. 03/11/13 6:19:03 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. 03/11/13 6:19:03 AM, Error: SRTSP [4] - Error loading virus definitions. 03/11/13 2:39:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. 03/11/13 2:37:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a726b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-99559-01. 03/11/13 2:29:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030efe45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-101307-01. 03/11/13 2:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 03/11/13 2:25:41 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/11/13 2:19:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 03/11/13 2:18:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 mfehidk spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6 03/11/13 2:14:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880048b45c8, 0xfffff880048b3e20, 0xfffff800030b677a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-27331-01. 03/11/13 2:07:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030aaeea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-96985-01. 03/11/13 10:56:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:55:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:53:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:52:22 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:46:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003081fe0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-110776-01. 03/11/13 10:42:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 03/11/13 10:42:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/11/13 10:42:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 03/11/13 10:23:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d8cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-32807-01. 03/11/13 10:18:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003376cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-127078-01. 03/11/13 1:44:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect. 03/11/13 1:44:16 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/10/13 9:48:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b6e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-25006-01. 03/10/13 8:57:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 03/10/13 8:54:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80076f2bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-100823-01. 03/10/13 8:32:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800089e198, 0x0000000000000000, 0xfffff800030ed501, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-101509-01. 03/10/13 8:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect. 03/10/13 8:26:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 03/10/13 8:22:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030f4e45, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-104255-01. 03/10/13 8:16:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 03/10/13 8:16:25 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/10/13 7:12:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 03/10/13 10:47:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003100e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-23540-01. 03/10/13 10:42:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s). 03/10/13 10:40:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a8e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-63866-01. 03/08/13 8:02:34 PM, Error: Service Control Manager [7034] - The CrashPlan Backup Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  7. C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A172.tmp.vir Win64/Olmarik.AY trojan C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A183.tmp.vir Win64/Olmarik.AY trojan C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js Win32/TrojanDownloader.Tracur.V trojan
  8. Wow this is taking forever. It's been running for an hour and a half, and it says it's only 36% done. So far, no threats found.
  9. Will be offline for 2-3 hours - post what you want me to do next, and I will take care of it as soon as I'm back.
  10. It's been fine. I left it on all night (it's 10:40am here) and it hasn't crashed. Did a mbam scan, came up clean.
  11. I ran a mbam scan this morning and it came up clean
  12. I ran combofix twice and am including both logs. I thought I'd disabled Norton completely, but it started scanning something in the middle of the combofix scan, so I figured better safe than sorry. first scan: ComboFix 13-03-12.02 - Pam 03/12/13 21:56:22.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3284 [GMT -5:00] Running from: c:\users\Pam\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Microsoft\Windows\DRM\A172.tmp c:\programdata\Microsoft\Windows\DRM\A183.tmp c:\users\Pam\314_gotomypc.exe c:\users\Pam\370_gotomypc.exe c:\users\Pam\AppData\Local\assembly\tmp c:\users\Pam\AppData\Local\ie_runner_app.exe c:\users\Pam\Desktop\Internet Explorer.lnk c:\users\Pam\WINDOWS c:\windows\Downloaded Program Files\DM.0 c:\windows\Downloaded Program Files\DM.1 c:\windows\Downloaded Program Files\DM.1\DMService.exe c:\windows\Downloaded Program Files\DM.1\WhlMgr.dll c:\windows\TEMP\jna8284382155021705789.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DMService -------\Service_DMService . . ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 ))))))))))))))))))))))))))))))) . . 2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-13 03:10 . 2013-03-13 03:10 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp 2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions 2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS 2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST 2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific 2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs 2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip 2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip 2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip 2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mozyFilter *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKCU-Run-Upromise Update - c:\program files (x86)\Upromise\dca-ua.exe Wow6432Node-HKCU-Run-Upromise Tray - c:\program files (x86)\Upromise\UpromiseTray.exe SafeBoot-27303051.sys SafeBoot-86078694.sys SafeBoot-95364534.sys SafeBoot-mcmscsvc SafeBoot-MCODS HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Upromise TurboSaver - c:\program files (x86)\Upromise\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2013-03-12 22:23:58 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-13 03:23 . Pre-Run: 564,631,904,256 bytes free Post-Run: 564,211,740,672 bytes free . - - End Of File - - D1CA6FB3A2F1CE1E71D1F8B9D52158D6 second scan: ComboFix 13-03-12.02 - Pam 03/12/13 22:43:02.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3963 [GMT -5:00] Running from: c:\users\Pam\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\jna8271226750236814921.dll . . ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 ))))))))))))))))))))))))))))))) . . 2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions 2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS 2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST 2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific 2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs 2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip 2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip 2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip 2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mozyFilter *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-12 22:58:22 ComboFix-quarantined-files.txt 2013-03-13 03:58 ComboFix2.txt 2013-03-13 03:23 . Pre-Run: 564,720,992,256 bytes free Post-Run: 564,411,543,552 bytes free . - - End Of File - - 0A8D42F28F788AF32E9BC5492DEF8DE6
  13. K will do. Guess we're not a good time zone match as I'm in Chicago. Sleep well.
  14. Going to have a glass of wine myself. File was in sda 4. Ran the command you gave me (please don't tell me it was supposed to generate a file, because it didn't, lol) and booted into normal mode. So far, so good. Usually by now, I've had notifications from mbam pop up, but none have so far.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.