pjgibbons

I've tried to run mbam-check - a window opens for a split second, then it disappears. I've tried it numerous times, restarted, etc. I don't know why it won't run.

Still in German, but gave me the option to translate. thanks again

Your paypal page is in German, any idea how I get to an English version?

K sounds good. My son is using Java for a programming class, so I'll leave that one alone. Thanks again for all of your help

Should I also delete Java SE Development Kit 6 Update 25 (64 bit)? Also, do you recommend any particular antivirus? I've got the Norton security suite installed on the machine (with automatic updates), but it never signaled that there was a problem throughout this disaster:(

Combo fix log: ComboFix 13-03-12.02 - Pam 03/13/13 20:52:57.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3456 [GMT -5:00] Running from: C:\Users\Pam\Desktop\ComboFix.exe Command switches used :: L:\CFScript.txt AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FILE :: "C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\TEMP\jna6072080013482144580.dll ((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 ))))))))))))))))))))))))))))))) 2071-07-25 15:13:30 . 2006-11-22 02:48:08 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\QBDataServiceUser18\AppData\Local\temp 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2013-03-13 18:57:34 . 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET 2013-03-13 00:56:12 . 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2013-03-13 00:30:17 . 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS 2013-03-12 03:33:58 . 2013-03-12 03:33:58 -------- d-----w- C:\FRST 2013-03-11 14:58:30 . 2013-03-11 14:58:30 -------- d-----w- C:\Program Files (x86)\Common Files\Java 2013-03-11 14:58:15 . 2013-03-11 14:57:25 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57:54 . 2013-03-11 14:57:28 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22:47 . 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 11:15:51 . 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec 2013-03-11 03:25:22 . 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25:05 . 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-11 03:25:04 . 2013-03-11 03:25:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25:04 . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-03-11 03:24:51 . 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs 2013-02-13 09:04:07 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04:07 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07:51 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-02-13 02:07:50 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07:49 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07:38 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys 2013-02-13 02:07:35 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll 2013-02-13 02:07:35 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 02:07:35 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 02:07:35 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 02:07:34 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 02:07:34 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 02:07:32 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-02-13 02:07:32 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-03-13 02:39:52 . 2009-12-12 14:06:41 72013344 ----a-w- C:\Windows\system32\MRT.exe 2013-03-13 01:39:44 . 2013-03-13 02:00:21 512 ----a-w- C:\mbr.zip 2013-03-13 01:39:44 . 2013-03-13 01:44:57 512 ----a-w- C:\Users\mbr.zip 2013-03-13 01:04:25 . 2011-05-08 20:05:22 2480064 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43:10 . 2013-01-24 16:25:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43:10 . 2011-06-29 12:59:44 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09:54 . 2013-03-13 01:44:48 512 ----a-w- C:\Users\MBRbackup.zip 2013-03-11 14:57:25 . 2011-03-27 15:22:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 . 2013-03-13 00:31:10 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 . 2013-03-13 00:31:10 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 . 2013-03-13 00:31:10 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 . 2013-03-13 00:31:11 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-01-21 00:11:59 . 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43:21 . 2013-02-13 02:07:35 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 . 2012-12-21 09:00:55 46080 ----a-w- C:\Windows\system32\atmlib.dll 2012-12-16 14:45:03 . 2012-12-21 09:00:55 367616 ----a-w- C:\Windows\system32\atmfd.dll 2012-12-16 14:13:28 . 2012-12-21 09:00:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 . 2012-12-21 09:00:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 14:07:23 160328] "WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 23:21:54 1449824] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18:59:26 18705664] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 15:52:02 98304] "ATICustomerCare"="C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 00:24:46 307200] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 01:06:18 59280] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 16:18:54 1185112] "IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 01:52:00 140640] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 00:33:22 421776] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 21:49:28 682344] R2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 15:32:12 128536] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 18:55:20 161536] R3 27303051;27303051;C:\Windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 07:01:44 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\system32\DRIVERS\libusb0.sys [2011-03-31 02:00:21 43456] R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\system32\Drivers\psdrv3.sys [2011-05-08 17:07:54 23816] R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys [2011-04-29 03:18:02 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys [2011-04-29 03:18:04 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\system32\drivers\tscusb2a.sys [2011-04-29 03:18:04 53080] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 16:01:50 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 23:49:06 68440] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-04 08:00:33 1255736] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976] R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 02:01:54 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 02:06:04 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 03:50:05 433200] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 02:53:35 221304] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120] S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 04:19:26 593544] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 09:54:30 513184] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 05:03:51 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 02:53:36 451704] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-04-20 07:04:20 203776] S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-03-16 15:19:38 222720] S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 05:52:36 191896] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 03:09:52 155648] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 21:49:28 398184] S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 04:18:43 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 11:05:00 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 04:48:51 138912] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 21:49:28 24176] --- Other Services/Drivers In Memory --- *Deregistered* - mozyFilter *Deregistered* - MPFP [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14:04 1630672 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-03-14 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 16:25:24 . 2013-03-13 00:43:16] 2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51] 2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 23:50:18 56320] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 22:54:40 178712] "SysTrayApp"="C:\Program Files (x86)\IDT\WDM\sttray64.exe" [bU] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 01:50:00 2726728] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 - - - - ORPHANS REMOVED - - - - AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by Pam at 21:17:44 on 2013-03-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.4181 [GMT -5:00] . AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CrashPlan\CrashPlanService.exe C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\CrashPlan\CrashPlanTray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Live\Mesh\MOE.exe C:\Windows\splwow64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\prevhost.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.yahoo.com/?u uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyServer = :0 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: turbotax.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://www.dell4me.com/myway x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSviA64.sys [2013-3-12 513184] R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776] R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720] R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344] S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160] S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576] S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-14 02:06:41 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-14 01:51:10 -------- d-----w- C:\ComboFix 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET 2013-03-13 12:17:16 -------- d-----w- C:\Users\Pam\AppData\Local\{A0034E39-0497-4A2E-A7EB-2A2917995EBE} 2013-03-13 02:54:06 98816 ----a-w- C:\Windows\sed.exe 2013-03-13 02:54:06 256000 ----a-w- C:\Windows\PEV.exe 2013-03-13 02:54:06 208896 ----a-w- C:\Windows\MBR.exe 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS 2013-03-13 00:16:18 -------- d-----w- C:\Users\Pam\AppData\Local\{A37B3826-F482-4C62-A44C-9E0B306654DD} 2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE} 2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65} 2013-03-12 03:33:58 -------- d-----w- C:\FRST 2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6} 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB} 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec 2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA} 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs 2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B} 2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4} 2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-03-13 00:43:10 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:43:10 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll . ============= FINISH: 21:28:01.60 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 12/05/09 5:47:15 PM System Uptime: 03/13/13 9:13:42 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G254H Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 684 GiB total, 531.733 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.299 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP311: 03/13/13 1:53:52 AM - Scheduled Checkpoint RP312: 03/13/13 3:00:36 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com ActiveState ActivePython 2.6.6.15 (64-bit) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Adobe Shockwave Player 11.5 Age of Empires III AI RoboForm (All Users) Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager ATI Catalyst Registration Banctec Service Agreement BlueJ Bonjour Browser Address Error Redirector Canon CanoScan Toolbox 5.0 Canon IJ Network Scan Utility Canon IJ Network Tool Canon Inkjet Printer Driver Add-On Module Canon MG5200 series MP Drivers Canon MG5200 series User Registration Canon MP Navigator EX 4.0 Canon My Printer Canon Solution Menu EX Canon Utilities Easy-PhotoPrint EX CanoScan LiDE 70 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help Japanese CCC Help Korean Comcast High-Speed Internet Install Wizard Compatibility Pack for the 2007 Office system CrashPlan Crystal Reports for Visual Studio CutePDF Writer 2.7 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Dock Dell Driver Download Manager Dell Getting Started Guide Dell Printer Software Dotfuscator Software Services - Community Edition EDocs ESET Online Scanner v3 Finale 2011 Google Chrome Google Update Helper GPL Ghostscript 8.64 Greenfoot 2.0.1 GSview 4.9 IDT Audio InfraRecorder Intel® Matrix Storage Manager iTunes Java 7 Update 17 Java Auto Updater Java 6 Update 24 Java 6 Update 25 (64-bit) Java SE Development Kit 6 Update 25 (64-bit) libQGLViewer Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Help Viewer 1.1 Microsoft Money Plus Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher 2010 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Publisher 2010 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 IntelliTrace Collection (x64) Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Visual Studio Macro Tools Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Norton Security Suite OpenNI 1.0.0 for Windows (remove only) Payroll Mate (2010) 6.0.15 Payroll Mate (2011) 7.0.9 Picasa 3 Prime Sense - NITE 1.3.0 for Windows (remove only) PrimeSensor 5.0.0 for Windows (Kinect Mod) (remove only) QB Connection Diagnostic Tool QuickBooks Company File Diagnostic Tool QuickBooks Pro 2008 QuickTime Ring Factory 2009 (3.0.2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) Skype Toolbars Skype™ 6.1 Spelling Dictionaries Support For Adobe Reader 9 Sql Server Customer Experience Improvement Program SupportSoft Assisted Service Tax Forms Helper 2008 8.5 Tax Forms Helper 2010 9.5 The Battle for Middle-earth The Battle for Middle-earth II TurboTax 2009 TurboTax 2009 wiliper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2009 wwiiper TurboTax 2010 TurboTax 2010 wiliper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2010 wwiiper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition US-122 MKII / US-144 MKII Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VoiceOver Kit Vuze WCF RIA Services V1.0 SP1 Web Deployment Tool WIDCOMM Bluetooth Software 6.0.1.4300 Windows Driver Package - PrimeSense (psdrv3) PrimeSense (02/16/2011 3.1.2.0) Windows Driver Package - PrimeSense (psdrv3) PrimeSensor (07/13/2010 3.1.0.4) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live OneCare safety scanner Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 03/13/13 9:20:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 03/13/13 9:14:17 PM, Error: Service Control Manager [7038] - The QuickBooksDB18 service was unable to log on as .\QBDataServiceUser18 with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 03/13/13 9:14:17 PM, Error: Service Control Manager [7000] - The QuickBooksDB18 service failed to start due to the following error: The service did not start due to a logon failure. 03/13/13 9:03:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 03/13/13 9:02:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 03/13/13 12:39:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 03/13/13 1:07:40 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 03/12/13 8:59:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 03/12/13 8:59:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 03/12/13 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 03/12/13 8:58:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIM SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 03/12/13 7:18:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 03/12/13 11:42:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000048, 0x0000000000000002, 0x0000000000000001, 0xfffff80003171e7f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-24507-01. 03/12/13 11:36:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007606bb0, 0x0000000000000000, 0x00000000fffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-102445-01. 03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2791765). 03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289). 03/11/13 7:29:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030af26b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-24382-01. 03/11/13 6:21:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 03/11/13 6:20:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338ecda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-73538-01. 03/11/13 6:19:03 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. 03/11/13 6:19:03 AM, Error: SRTSP [4] - Error loading virus definitions. 03/11/13 2:39:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. 03/11/13 2:37:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a726b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-99559-01. 03/11/13 2:29:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030efe45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-101307-01. 03/11/13 2:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 03/11/13 2:25:41 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/11/13 2:19:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 03/11/13 2:18:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 mfehidk spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6 03/11/13 2:14:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880048b45c8, 0xfffff880048b3e20, 0xfffff800030b677a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-27331-01. 03/11/13 2:07:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030aaeea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-96985-01. 03/11/13 10:56:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:55:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:53:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 03/11/13 10:52:22 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 03/11/13 10:46:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003081fe0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-110776-01. 03/11/13 10:42:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 03/11/13 10:42:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/11/13 10:42:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 03/11/13 10:23:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d8cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-32807-01. 03/11/13 10:18:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003376cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-127078-01. 03/11/13 1:44:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect. 03/11/13 1:44:16 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/10/13 9:48:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b6e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-25006-01. 03/10/13 8:57:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 03/10/13 8:54:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80076f2bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-100823-01. 03/10/13 8:32:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800089e198, 0x0000000000000000, 0xfffff800030ed501, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-101509-01. 03/10/13 8:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect. 03/10/13 8:26:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 03/10/13 8:22:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030f4e45, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-104255-01. 03/10/13 8:16:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 03/10/13 8:16:25 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/10/13 7:12:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 03/10/13 10:47:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003100e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-23540-01. 03/10/13 10:42:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s). 03/10/13 10:40:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a8e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-63866-01. 03/08/13 8:02:34 PM, Error: Service Control Manager [7034] - The CrashPlan Backup Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A172.tmp.vir Win64/Olmarik.AY trojan C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A183.tmp.vir Win64/Olmarik.AY trojan C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js Win32/TrojanDownloader.Tracur.V trojan

Wow this is taking forever. It's been running for an hour and a half, and it says it's only 36% done. So far, no threats found.

Will be offline for 2-3 hours - post what you want me to do next, and I will take care of it as soon as I'm back.

It's been fine. I left it on all night (it's 10:40am here) and it hasn't crashed. Did a mbam scan, came up clean.

I ran a mbam scan this morning and it came up clean

I ran combofix twice and am including both logs. I thought I'd disabled Norton completely, but it started scanning something in the middle of the combofix scan, so I figured better safe than sorry. first scan: ComboFix 13-03-12.02 - Pam 03/12/13 21:56:22.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3284 [GMT -5:00] Running from: c:\users\Pam\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Microsoft\Windows\DRM\A172.tmp c:\programdata\Microsoft\Windows\DRM\A183.tmp c:\users\Pam\314_gotomypc.exe c:\users\Pam\370_gotomypc.exe c:\users\Pam\AppData\Local\assembly\tmp c:\users\Pam\AppData\Local\ie_runner_app.exe c:\users\Pam\Desktop\Internet Explorer.lnk c:\users\Pam\WINDOWS c:\windows\Downloaded Program Files\DM.0 c:\windows\Downloaded Program Files\DM.1 c:\windows\Downloaded Program Files\DM.1\DMService.exe c:\windows\Downloaded Program Files\DM.1\WhlMgr.dll c:\windows\TEMP\jna8284382155021705789.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DMService -------\Service_DMService . . ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 ))))))))))))))))))))))))))))))) . . 2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-13 03:10 . 2013-03-13 03:10 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp 2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions 2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS 2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST 2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific 2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs 2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip 2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip 2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip 2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mozyFilter *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKCU-Run-Upromise Update - c:\program files (x86)\Upromise\dca-ua.exe Wow6432Node-HKCU-Run-Upromise Tray - c:\program files (x86)\Upromise\UpromiseTray.exe SafeBoot-27303051.sys SafeBoot-86078694.sys SafeBoot-95364534.sys SafeBoot-mcmscsvc SafeBoot-MCODS HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Upromise TurboSaver - c:\program files (x86)\Upromise\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2013-03-12 22:23:58 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-13 03:23 . Pre-Run: 564,631,904,256 bytes free Post-Run: 564,211,740,672 bytes free . - - End Of File - - D1CA6FB3A2F1CE1E71D1F8B9D52158D6 second scan: ComboFix 13-03-12.02 - Pam 03/12/13 22:43:02.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3963 [GMT -5:00] Running from: c:\users\Pam\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\jna8271226750236814921.dll . . ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 ))))))))))))))))))))))))))))))) . . 2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions 2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS 2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST 2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific 2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs 2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip 2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip 2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip 2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160] R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576] R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mozyFilter *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://news.yahoo.com/?u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: paycycle.com\www Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-12 22:58:22 ComboFix-quarantined-files.txt 2013-03-13 03:58 ComboFix2.txt 2013-03-13 03:23 . Pre-Run: 564,720,992,256 bytes free Post-Run: 564,411,543,552 bytes free . - - End Of File - - 0A8D42F28F788AF32E9BC5492DEF8DE6

K will do. Guess we're not a good time zone match as I'm in Chicago. Sleep well.

Ah crap it's back. Hasn't crashed yet, though.

Going to have a glass of wine myself. File was in sda 4. Ran the command you gave me (please don't tell me it was supposed to generate a file, because it didn't, lol) and booted into normal mode. So far, so good. Usually by now, I've had notifications from mbam pop up, but none have so far.

I also checked view hidden files, still not there

Not there. I just went back into windows to double check, and it's in the same folder as mbrbackup. Checked a second time in xpud, only mbrbackup is listed.

I copied the file in windows into the same directory as mbrbackup. Now I'm in xpud, I see mbrbackup, but I don't see the mbr zip file. Do I go ahead with typing the command in the terminal, or do we have another problem?

Allrighty then. Sda 1 had nothing in it, which apparently was the problem, lol. It was sda 3 that we wanted. The file is attached.MBRbackup.zip

Daniel, I don't know what to tell you. I've run this several times, coped it to several folders, searched in both safe and normal modes, but if i'm not in xpud, I can't find any trace of that file. There was a usr folder in xpud, but none with my name on it, so I copied the backup file to the usr folder, to the rdesktop folder and to the shared folder, but can't find it once I'm in windows. It's been ages since I've used DOS - is there a way to copy it through the command prompt? I don't know if external drives are recognized in DOS.

Ok, I've tried this 3 times. I see the mbrbackup zip file in xpud, but i can't find it anywhere when I go into windows. I've searched the entire computer, and it doesn't show up anywhere. When I type :dd if=/dev/sda of=MBRbackup.zip bs=512 count=1, its just sda in the line, not sda 1, correct?

Ok this is the first time I'm not sure - I expanded mnt and it lists sda 1-4. I'm not clear on what you want me to do next. Do I click tool, open terminal, then type exactly what you have above, or do I need to change the sd designation?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01 Ran by SYSTEM at 12-03-2013 16:29:35 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x] HKLM\...\Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-05-22] (IDT, Inc.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Administrator\...\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation) HKU\Administrator\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x] HKU\Pam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Pam\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-11-08] (Siber Systems) HKU\Pam\...\Run: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [x] HKU\Pam\...\Run: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [x] HKU\Pam\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Pam\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation) HKU\Pam\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.) HKU\Pam\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" [468408 2009-06-05] (Adobe Systems, Inc.) HKU\QBDataServiceUser18\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x] HKU\QBDataServiceUser18\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x] Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\CrashPlan Tray.lnk ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) =================== 2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan) 2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.) 2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-06] (Dell Inc.) 3 DMService; C:\Windows\Downloaded Program Files\DM.1\DMService.exe [487312 2010-11-25] (Microsoft Corporation) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation) 2 QuickBooksDB18; C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.) 2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation) 3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x] 3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x] ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation) 1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation) 3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-13] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation) 3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2011-03-30] (http://libusb-win32.sourceforge.net) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.) 1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS [126192 2013-03-11] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS [2087664 2013-03-11] (Symantec Corporation) 3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [23816 2011-05-08] (Prime Sense Ltd.) 1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-21] (Symantec Corporation) 1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [53808 2010-05-05] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation) 1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation) 3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM) 3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM) 3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM) 3 27303051; C:\Windows\System32\drivers\33678759.sys [x] 3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x] 3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] 3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x] 3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x] 3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x] 3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x] 3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x] 3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt 2013-03-12 08:52 - 2013-03-12 08:51 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt 2013-03-12 08:43 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp 2013-03-12 08:39 - 2013-03-12 08:40 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE} 2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp 2013-03-12 07:00 - 2013-03-12 07:02 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65} 2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST 2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp 2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp 2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp 2013-03-11 11:13 - 2013-03-11 11:14 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp 2013-03-11 11:06 - 2013-03-11 11:07 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp 2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe 2013-03-11 10:51 - 2013-03-11 10:52 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt 2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt 2013-03-11 10:43 - 2013-03-11 10:50 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine 2013-03-11 10:41 - 2013-03-11 10:42 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe 2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt 2013-03-11 10:35 - 2013-03-11 10:36 - 00007739 ____A C:\AdwCleaner[s1].txt 2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe 2013-03-11 07:54 - 2013-03-11 07:55 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe 2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp 2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp 2013-03-11 07:17 - 2013-03-11 07:18 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp 2013-03-11 06:58 - 2013-03-11 06:57 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-03-11 06:58 - 2013-03-11 06:57 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6} 2013-03-11 06:36 - 2013-03-11 06:49 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe 2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 03:19 - 2013-03-11 03:20 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp 2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB} 2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec 2013-03-10 19:46 - 2013-03-10 19:47 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp 2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA} 2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp 2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-10 19:25 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-03-10 18:47 - 2013-03-10 18:48 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp 2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B} 2013-02-22 13:56 - 2013-03-10 16:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat 2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe 2013-02-13 09:04 - 2013-03-10 12:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4} 2013-02-13 01:01 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-13 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-13 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-02-13 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-13 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-13 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-02-13 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-13 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-13 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-13 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-02-13 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-02-13 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-13 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-13 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-13 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-13 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-13 01:01 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-02-13 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-02-13 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-02-13 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-02-13 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-02-13 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-02-13 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-02-13 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-02-13 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-02-13 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-02-13 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-02-13 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-02-13 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-02-13 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-02-13 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-02-13 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-02-12 18:07 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-12 18:07 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-12 18:07 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-12 18:07 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-12 18:07 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-02-12 18:07 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-12 18:07 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-02-12 18:07 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-02-12 18:07 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-02-12 18:07 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-02-12 18:07 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-12 18:07 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS ==================== One Month Modified Files and Folders ======= 2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt 2013-03-12 08:51 - 2013-03-12 08:52 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt 2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp 2013-03-12 08:42 - 2012-02-19 16:36 - 00000000 ____D C:\Windows\Minidump 2013-03-12 08:42 - 2009-06-17 04:23 - 678886980 ____A C:\Windows\MEMORY.DMP 2013-03-12 08:40 - 2013-03-12 08:39 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE} 2013-03-12 08:39 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Pam\Tracing 2013-03-12 08:37 - 2011-05-13 15:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-12 08:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp 2013-03-12 08:36 - 2009-07-13 20:51 - 01499812 ____A C:\Windows\setupact.log 2013-03-12 07:02 - 2013-03-12 07:00 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65} 2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST 2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp 2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp 2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp 2013-03-11 11:14 - 2013-03-11 11:13 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp 2013-03-11 11:07 - 2013-03-11 11:06 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp 2013-03-11 10:58 - 2009-12-05 15:01 - 01704193 ____A C:\Windows\WindowsUpdate.log 2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe 2013-03-11 10:52 - 2013-03-11 10:51 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt 2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-11 10:50 - 2013-03-11 10:43 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine 2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt 2013-03-11 10:47 - 2009-07-13 21:13 - 00876842 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-11 10:43 - 2013-01-24 08:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-11 10:42 - 2013-03-11 10:41 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe 2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt 2013-03-11 10:36 - 2013-03-11 10:35 - 00007739 ____A C:\AdwCleaner[s1].txt 2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe 2013-03-11 10:13 - 2011-05-13 15:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-11 08:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-03-11 08:01 - 2011-05-18 13:16 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Skype 2013-03-11 07:55 - 2013-03-11 07:54 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe 2013-03-11 07:52 - 2009-07-13 21:08 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp 2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp 2013-03-11 07:18 - 2013-03-11 07:17 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp 2013-03-11 07:07 - 2009-12-05 14:44 - 00532140 ____A C:\Windows\PFRO.log 2013-03-11 06:59 - 2009-01-04 08:56 - 00000000 ____D C:\ProgramData\Adobe 2013-03-11 06:57 - 2013-03-11 06:58 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-03-11 06:57 - 2013-03-11 06:58 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-03-11 06:57 - 2011-03-27 07:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-03-11 06:57 - 2009-01-04 08:51 - 00000000 ____D C:\Program Files (x86)\Java 2013-03-11 06:52 - 2009-12-05 14:23 - 00000000 ____D C:\users\Administrator 2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6} 2013-03-11 06:49 - 2013-03-11 06:36 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe 2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 03:20 - 2013-03-11 03:19 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp 2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB} 2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec 2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files\Bonjour 2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-03-10 21:37 - 2011-08-16 11:41 - 00000000 ____D C:\Program Files\CrashPlan 2013-03-10 21:37 - 2011-07-10 17:49 - 00000000 ____D C:\Program Files (x86)\Ring Factory 2013-03-10 21:37 - 2011-07-08 18:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-03-10 21:37 - 2011-06-20 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze 2013-03-10 21:37 - 2010-11-10 18:43 - 00000000 ____D C:\Python26 2013-03-10 21:37 - 2010-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\Finale 2011 2013-03-10 21:37 - 2010-04-21 05:06 - 00000000 ____D C:\ProgramData\Norton 2013-03-10 21:37 - 2009-12-05 14:23 - 00000000 ____D C:\users\QBDataServiceUser18 2013-03-10 21:37 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-03-10 21:37 - 2009-06-03 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-03-10 21:37 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Kevin 2013-03-10 19:47 - 2013-03-10 19:46 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp 2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA} 2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp 2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-10 18:48 - 2013-03-10 18:47 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp 2013-03-10 18:48 - 2009-12-05 14:23 - 00000000 ____D C:\users\Pam 2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B} 2013-03-10 17:06 - 2012-06-27 08:53 - 00000024 ____A C:\Users\Pam\random.dat 2013-03-10 17:02 - 2010-10-01 18:07 - 00000000 ____D C:\Users\Pam\Documents\Sara 2 2013-03-10 16:56 - 2013-02-22 13:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat 2013-03-10 16:56 - 2011-10-25 18:14 - 00000032 ____A C:\Users\Pam\jagex_cl_runescape_LIVE.dat 2013-03-10 12:50 - 2013-02-13 09:04 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4} 2013-03-01 09:52 - 2011-02-12 07:53 - 00000000 ____D C:\Users\Pam\AppData\Local\{1339582B-495A-4F41-96DE-D29C21E8004D} 2013-02-26 20:43 - 2013-01-24 08:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-26 20:43 - 2011-06-29 04:59 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-22 13:56 - 2012-06-27 08:53 - 00000000 ____D C:\Users\Pam\jagexcache 2013-02-19 18:20 - 2010-10-02 11:53 - 00000509 ____A C:\Windows\demdata.txt 2013-02-13 21:20 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Personal 2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe 2013-02-13 19:11 - 2008-10-29 10:53 - 00000000 ____D C:\Users\Pam\Documents\QB 2008 data files 2013-02-13 14:47 - 2006-07-17 14:08 - 00000000 ____D C:\Users\Pam\Documents\JDM 2013-02-13 14:43 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Insctr 2013-02-13 07:21 - 2012-05-10 18:11 - 00000000 ____D C:\Users\Pam\Documents\Quicken 2013-02-13 01:41 - 2009-07-13 20:45 - 00648776 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-13 01:20 - 2009-01-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-02-13 01:09 - 2009-12-12 06:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-12 21:04 - 2013-01-24 16:58 - 00000000 ____D C:\Users\Pam\AppData\Local\{94636BCD-8EC9-4864-A7BC-33E9FFF0E645} ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-08 20:19:04 Restore point made on: 2013-03-11 06:57:10 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 6077.91 MB Available physical RAM: 5338.51 MB Total Pagefile: 6076.06 MB Available Pagefile: 5345.73 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:505.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.3 GB) NTFS 4 Drive f: () (Removable) (Total:1.92 GB) (Free:1.59 GB) FAT 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 1967 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Disk ID: 88000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 62 MB 31 KB Partition 2 Primary 15 GB 63 MB Partition 3 Primary 683 GB 15 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 FAT Partition 62 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 15 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 683 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1966 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 1966 MB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 88000000 Partition 1: ========= Hex: 80001E00000000001D00000000000000 Active: YES Type: 00 Size: 0 byte ATTENTION ===> 0 byte partition bootkit on partition 1 Partition 2: ========= Hex: 00010100DEFE3F073F000000C9F50100 Active: NO Type: DE Size: 63 MB Partition 3: ========= Hex: 0008010807FEFFFF00F801000000E001 Active: NO Type: 07 (NTFS) Size: 15 GB Partition 4: ========= Hex: 80FEFFFF07FEFFFF00F8E10100607255 Active: YES Type: 07 (NTFS) Size: 684 GB ============================== Partitions of Disk 1: =============== Disk ID: 00000000 Partition 1: ========= Hex: 800101000E0FA0BB20000000E0773D00 Active: YES Type: 0E Size: 2 GB Last Boot: 2013-03-11 04:58 ==================== End Of Log =============================

Yes, I've been using a usb to move the programs you've had me using to the infected computer, since I can't get it to stay up long enough to download them directly. I inoculated the usb with the panda vaccine.

<p> </p> <div>11:53:50.0045 0288 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42</div> <div>11:53:50.0076 0288 ============================================================</div> <div>11:53:50.0076 0288 Current date / time: 2013/03/12 11:53:50.0076</div> <div>11:53:50.0076 0288 SystemInfo:</div> <div>11:53:50.0076 0288 </div> <div>11:53:50.0076 0288 OS Version: 6.1.7601 ServicePack: 1.0</div> <div>11:53:50.0076 0288 Product type: Workstation</div> <div>11:53:50.0076 0288 ComputerName: MAIN-DELL</div> <div>11:53:50.0076 0288 UserName: Pam</div> <div>11:53:50.0076 0288 Windows directory: C:\Windows</div> <div>11:53:50.0076 0288 System windows directory: C:\Windows</div> <div>11:53:50.0076 0288 Running under WOW64</div> <div>11:53:50.0076 0288 Processor architecture: Intel x64</div> <div>11:53:50.0076 0288 Number of processors: 4</div> <div>11:53:50.0076 0288 Page size: 0x1000</div> <div>11:53:50.0076 0288 Boot type: Safe boot</div> <div>11:53:50.0076 0288 ============================================================</div> <div>11:53:50.0388 0288 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</div> <div>11:53:50.0388 0288 Drive \Device\Harddisk1\DR1 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'</div> <div>11:53:50.0419 0288 ============================================================</div> <div>11:53:50.0419 0288 \Device\Harddisk0\DR0:</div> <div>11:53:50.0419 0288 MBR partitions:</div> <div>11:53:50.0419 0288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000</div> <div>11:53:50.0419 0288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000</div> <div>11:53:50.0419 0288 \Device\Harddisk1\DR1:</div> <div>11:53:50.0419 0288 MBR partitions:</div> <div>11:53:50.0419 0288 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0</div> <div>11:53:50.0419 0288 ============================================================</div> <div>11:53:50.0450 0288 C: <-> \Device\Harddisk0\DR0\Partition2</div> <div>11:53:50.0482 0288 D: <-> \Device\Harddisk0\DR0\Partition1</div> <div>11:53:50.0482 0288 ============================================================</div> <div>11:53:50.0482 0288 Initialize success</div> <div>11:53:50.0482 0288 ============================================================</div> <div>11:54:06.0955 0484 ============================================================</div> <div>11:54:06.0955 0484 Scan started</div> <div>11:54:06.0955 0484 Mode: Manual; </div> <div>11:54:06.0955 0484 ============================================================</div> <div>11:54:07.0018 0484 ================ Scan system memory ========================</div> <div>11:54:07.0018 0484 System memory - ok</div> <div>11:54:07.0018 0484 ================ Scan services =============================</div> <div>11:54:07.0189 0484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys</div> <div>11:54:07.0189 0484 1394ohci - ok</div> <div>11:54:07.0205 0484 27303051 - ok</div> <div>11:54:07.0252 0484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys</div> <div>11:54:07.0252 0484 ACPI - ok</div> <div>11:54:07.0298 0484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys</div> <div>11:54:07.0298 0484 AcpiPmi - ok</div> <div>11:54:07.0423 0484 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>11:54:07.0423 0484 AdobeARMservice - ok</div> <div>11:54:07.0564 0484 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</div> <div>11:54:07.0564 0484 AdobeFlashPlayerUpdateSvc - ok</div> <div>11:54:07.0610 0484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys</div> <div>11:54:07.0610 0484 adp94xx - ok</div> <div>11:54:07.0642 0484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys</div> <div>11:54:07.0642 0484 adpahci - ok</div> <div>11:54:07.0673 0484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys</div> <div>11:54:07.0673 0484 adpu320 - ok</div> <div>11:54:07.0720 0484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll</div> <div>11:54:07.0720 0484 AeLookupSvc - ok</div> <div>11:54:07.0782 0484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys</div> <div>11:54:07.0798 0484 AFD - ok</div> <div>11:54:07.0829 0484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys</div> <div>11:54:07.0829 0484 agp440 - ok</div> <div>11:54:07.0829 0484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe</div> <div>11:54:07.0829 0484 ALG - ok</div> <div>11:54:07.0844 0484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys</div> <div>11:54:07.0844 0484 aliide - ok</div> <div>11:54:07.0907 0484 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe</div> <div>11:54:07.0907 0484 AMD External Events Utility - ok</div> <div>11:54:07.0922 0484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys</div> <div>11:54:07.0922 0484 amdide - ok</div> <div>11:54:07.0938 0484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys</div> <div>11:54:07.0938 0484 AmdK8 - ok</div> <div>11:54:08.0141 0484 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys</div> <div>11:54:08.0250 0484 amdkmdag - ok</div> <div>11:54:08.0281 0484 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys</div> <div>11:54:08.0281 0484 amdkmdap - ok</div> <div>11:54:08.0312 0484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys</div> <div>11:54:08.0312 0484 AmdPPM - ok</div> <div>11:54:08.0375 0484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys</div> <div>11:54:08.0375 0484 amdsata - ok</div> <div>11:54:08.0375 0484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys</div> <div>11:54:08.0390 0484 amdsbs - ok</div> <div>11:54:08.0406 0484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys</div> <div>11:54:08.0406 0484 amdxata - ok</div> <div>11:54:08.0453 0484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys</div> <div>11:54:08.0453 0484 AppID - ok</div> <div>11:54:08.0484 0484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll</div> <div>11:54:08.0484 0484 AppIDSvc - ok</div> <div>11:54:08.0531 0484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll</div> <div>11:54:08.0531 0484 Appinfo - ok</div> <div>11:54:08.0609 0484 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>11:54:08.0609 0484 Apple Mobile Device - ok</div> <div>11:54:08.0624 0484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys</div> <div>11:54:08.0624 0484 arc - ok</div> <div>11:54:08.0640 0484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys</div> <div>11:54:08.0640 0484 arcsas - ok</div> <div>11:54:08.0780 0484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</div> <div>11:54:08.0780 0484 aspnet_state - ok</div> <div>11:54:08.0796 0484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys</div> <div>11:54:08.0796 0484 AsyncMac - ok</div> <div>11:54:08.0843 0484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys</div> <div>11:54:08.0843 0484 atapi - ok</div> <div>11:54:09.0014 0484 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys</div> <div>11:54:09.0061 0484 atikmdag - ok</div> <div>11:54:09.0108 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll</div> <div>11:54:09.0124 0484 AudioEndpointBuilder - ok</div> <div>11:54:09.0124 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll</div> <div>11:54:09.0139 0484 AudioSrv - ok</div> <div>11:54:09.0186 0484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll</div> <div>11:54:09.0186 0484 AxInstSV - ok</div> <div>11:54:09.0248 0484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys</div> <div>11:54:09.0248 0484 b06bdrv - ok</div> <div>11:54:09.0280 0484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys</div> <div>11:54:09.0280 0484 b57nd60a - ok</div> <div>11:54:09.0342 0484 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys</div> <div>11:54:09.0373 0484 BCM43XX - ok</div> <div>11:54:09.0420 0484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll</div> <div>11:54:09.0420 0484 BDESVC - ok</div> <div>11:54:09.0436 0484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys</div> <div>11:54:09.0436 0484 Beep - ok</div> <div>11:54:09.0514 0484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll</div> <div>11:54:09.0529 0484 BFE - ok</div> <div>11:54:09.0716 0484 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys</div> <div>11:54:09.0732 0484 BHDrvx64 - ok</div> <div>11:54:09.0779 0484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll</div> <div>11:54:09.0794 0484 BITS - ok</div> <div>11:54:09.0826 0484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys</div> <div>11:54:09.0826 0484 blbdrive - ok</div> <div>11:54:09.0935 0484 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe</div> <div>11:54:09.0950 0484 Bonjour Service - ok</div> <div>11:54:09.0982 0484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys</div> <div>11:54:09.0997 0484 bowser - ok</div> <div>11:54:10.0013 0484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys</div> <div>11:54:10.0013 0484 BrFiltLo - ok</div> <div>11:54:10.0028 0484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys</div> <div>11:54:10.0028 0484 BrFiltUp - ok</div> <div>11:54:10.0060 0484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll</div> <div>11:54:10.0060 0484 Browser - ok</div> <div>11:54:10.0075 0484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys</div> <div>11:54:10.0091 0484 Brserid - ok</div> <div>11:54:10.0106 0484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys</div> <div>11:54:10.0106 0484 BrSerWdm - ok</div> <div>11:54:10.0122 0484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys</div> <div>11:54:10.0122 0484 BrUsbMdm - ok</div> <div>11:54:10.0138 0484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys</div> <div>11:54:10.0138 0484 BrUsbSer - ok</div> <div>11:54:10.0138 0484 BTCFilterService - ok</div> <div>11:54:10.0169 0484 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys</div> <div>11:54:10.0169 0484 BthEnum - ok</div> <div>11:54:10.0184 0484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys</div> <div>11:54:10.0184 0484 BTHMODEM - ok</div> <div>11:54:10.0216 0484 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys</div> <div>11:54:10.0216 0484 BthPan - ok</div> <div>11:54:10.0278 0484 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys</div> <div>11:54:10.0278 0484 BTHPORT - ok</div> <div>11:54:10.0294 0484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll</div> <div>11:54:10.0309 0484 bthserv - ok</div> <div>11:54:10.0325 0484 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys</div> <div>11:54:10.0325 0484 BTHUSB - ok</div> <div>11:54:10.0372 0484 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys</div> <div>11:54:10.0372 0484 btusbflt - ok</div> <div>11:54:10.0387 0484 [ A44AD9AB3BF98A65EB58662E3C78EAE0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys</div> <div>11:54:10.0387 0484 btwaudio - ok</div> <div>11:54:10.0418 0484 [ A441D453821A6336F516F97F79BBFA17 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys</div> <div>11:54:10.0418 0484 btwavdt - ok</div> <div>11:54:10.0450 0484 [ B550C75397D96251A92391555FE5534C ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys</div> <div>11:54:10.0450 0484 btwrchid - ok</div> <div>11:54:10.0528 0484 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys</div> <div>11:54:10.0543 0484 ccHP - ok</div> <div>11:54:10.0543 0484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys</div> <div>11:54:10.0559 0484 cdfs - ok</div> <div>11:54:10.0590 0484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys</div> <div>11:54:10.0606 0484 cdrom - ok</div> <div>11:54:10.0637 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll</div> <div>11:54:10.0637 0484 CertPropSvc - ok</div> <div>11:54:10.0684 0484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys</div> <div>11:54:10.0684 0484 circlass - ok</div> <div>11:54:10.0715 0484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys</div> <div>11:54:10.0715 0484 CLFS - ok</div> <div>11:54:10.0793 0484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</div> <div>11:54:10.0793 0484 clr_optimization_v2.0.50727_32 - ok</div> <div>11:54:10.0855 0484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe</div> <div>11:54:10.0855 0484 clr_optimization_v2.0.50727_64 - ok</div> <div>11:54:10.0933 0484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</div> <div>11:54:10.0933 0484 clr_optimization_v4.0.30319_32 - ok</div> <div>11:54:10.0964 0484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</div> <div>11:54:10.0964 0484 clr_optimization_v4.0.30319_64 - ok</div> <div>11:54:10.0980 0484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys</div> <div>11:54:10.0980 0484 CmBatt - ok</div> <div>11:54:11.0027 0484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys</div> <div>11:54:11.0027 0484 cmdide - ok</div> <div>11:54:11.0058 0484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys</div> <div>11:54:11.0074 0484 CNG - ok</div> <div>11:54:11.0089 0484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys</div> <div>11:54:11.0089 0484 Compbatt - ok</div> <div>11:54:11.0120 0484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys</div> <div>11:54:11.0120 0484 CompositeBus - ok</div> <div>11:54:11.0120 0484 COMSysApp - ok</div> <div>11:54:11.0230 0484 [ E2CEC73B4D221B9FFE906748D1F5FC54 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe</div> <div>11:54:11.0230 0484 CrashPlanService - ok</div> <div>11:54:11.0245 0484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys</div> <div>11:54:11.0245 0484 crcdisk - ok</div> <div>11:54:11.0261 0484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll</div> <div>11:54:11.0261 0484 CryptSvc - ok</div> <div>11:54:11.0308 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll</div> <div>11:54:11.0323 0484 DcomLaunch - ok</div> <div>11:54:11.0354 0484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll</div> <div>11:54:11.0354 0484 defragsvc - ok</div> <div>11:54:11.0401 0484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys</div> <div>11:54:11.0417 0484 DfsC - ok</div> <div>11:54:11.0432 0484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll</div> <div>11:54:11.0448 0484 Dhcp - ok</div> <div>11:54:11.0479 0484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys</div> <div>11:54:11.0479 0484 discache - ok</div> <div>11:54:11.0510 0484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys</div> <div>11:54:11.0510 0484 Disk - ok</div> <div>11:54:11.0588 0484 [ ADBFBACB97C73ED85A2B6DF89CAB57DB ] DLPWD C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE</div> <div>11:54:11.0588 0484 DLPWD - ok</div> <div>11:54:11.0635 0484 [ A411AB2E7CD15CC7AD9D8E19A6ADD7A7 ] DLSDB C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE</div> <div>11:54:11.0635 0484 DLSDB - ok</div> <div>11:54:11.0713 0484 [ 4E82A6C63AF27769D116EAB576E5357E ] DMService C:\Windows\Downloaded Program Files\DM.1\DMService.exe</div> <div>11:54:11.0713 0484 DMService - ok</div> <div>11:54:11.0760 0484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll</div> <div>11:54:11.0760 0484 Dnscache - ok</div> <div>11:54:11.0776 0484 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe</div> <div>11:54:11.0776 0484 DockLoginService - ok</div> <div>11:54:11.0822 0484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll</div> <div>11:54:11.0822 0484 dot3svc - ok</div> <div>11:54:11.0838 0484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll</div> <div>11:54:11.0838 0484 DPS - ok</div> <div>11:54:11.0900 0484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys</div> <div>11:54:11.0900 0484 drmkaud - ok</div> <div>11:54:11.0947 0484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys</div> <div>11:54:11.0963 0484 DXGKrnl - ok</div> <div>11:54:11.0994 0484 [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys</div> <div>11:54:11.0994 0484 e1express - ok</div> <div>11:54:12.0041 0484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll</div> <div>11:54:12.0041 0484 EapHost - ok</div> <div>11:54:12.0103 0484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys</div> <div>11:54:12.0134 0484 ebdrv - ok</div> <div>11:54:12.0212 0484 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys</div> <div>11:54:12.0212 0484 eeCtrl - ok</div> <div>11:54:12.0259 0484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe</div> <div>11:54:12.0259 0484 EFS - ok</div> <div>11:54:12.0275 0484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe</div> <div>11:54:12.0290 0484 ehRecvr - ok</div> <div>11:54:12.0322 0484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe</div> <div>11:54:12.0322 0484 ehSched - ok</div> <div>11:54:12.0384 0484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys</div> <div>11:54:12.0384 0484 elxstor - ok</div> <div>11:54:12.0446 0484 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys</div> <div>11:54:12.0446 0484 EraserUtilRebootDrv - ok</div> <div>11:54:12.0446 0484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys</div> <div>11:54:12.0446 0484 ErrDev - ok</div> <div>11:54:12.0478 0484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll</div> <div>11:54:12.0493 0484 EventSystem - ok</div> <div>11:54:12.0509 0484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys</div> <div>11:54:12.0509 0484 exfat - ok</div> <div>11:54:12.0524 0484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys</div> <div>11:54:12.0540 0484 fastfat - ok</div> <div>11:54:12.0587 0484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe</div> <div>11:54:12.0602 0484 Fax - ok</div> <div>11:54:12.0602 0484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys</div> <div>11:54:12.0618 0484 fdc - ok</div> <div>11:54:12.0649 0484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll</div> <div>11:54:12.0649 0484 fdPHost - ok</div> <div>11:54:12.0649 0484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll</div> <div>11:54:12.0649 0484 FDResPub - ok</div> <div>11:54:12.0665 0484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys</div> <div>11:54:12.0665 0484 FileInfo - ok</div> <div>11:54:12.0680 0484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys</div> <div>11:54:12.0680 0484 Filetrace - ok</div> <div>11:54:12.0696 0484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys</div> <div>11:54:12.0696 0484 flpydisk - ok</div> <div>11:54:12.0712 0484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys</div> <div>11:54:12.0712 0484 FltMgr - ok</div> <div>11:54:12.0743 0484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll</div> <div>11:54:12.0758 0484 FontCache - ok</div> <div>11:54:12.0821 0484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe</div> <div>11:54:12.0821 0484 FontCache3.0.0.0 - ok</div> <div>11:54:12.0836 0484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys</div> <div>11:54:12.0836 0484 FsDepends - ok</div> <div>11:54:12.0852 0484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys</div> <div>11:54:12.0852 0484 Fs_Rec - ok</div> <div>11:54:12.0883 0484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys</div> <div>11:54:12.0883 0484 fvevol - ok</div> <div>11:54:12.0930 0484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys</div> <div>11:54:12.0930 0484 gagp30kx - ok</div> <div>11:54:12.0946 0484 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys</div> <div>11:54:12.0946 0484 GEARAspiWDM - ok</div> <div>11:54:12.0977 0484 getPlusHelper - ok</div> <div>11:54:13.0008 0484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll</div> <div>11:54:13.0008 0484 gpsvc - ok</div> <div>11:54:13.0102 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div> <div>11:54:13.0102 0484 gupdate - ok</div> <div>11:54:13.0117 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div> <div>11:54:13.0117 0484 gupdatem - ok</div> <div>11:54:13.0148 0484 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe</div> <div>11:54:13.0148 0484 gusvc - ok</div> <div>11:54:13.0164 0484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys</div> <div>11:54:13.0164 0484 hcw85cir - ok</div> <div>11:54:13.0211 0484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys</div> <div>11:54:13.0211 0484 HdAudAddService - ok</div> <div>11:54:13.0273 0484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys</div> <div>11:54:13.0273 0484 HDAudBus - ok</div> <div>11:54:13.0289 0484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys</div> <div>11:54:13.0289 0484 HidBatt - ok</div> <div>11:54:13.0304 0484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys</div> <div>11:54:13.0304 0484 HidBth - ok</div> <div>11:54:13.0320 0484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys</div> <div>11:54:13.0320 0484 HidIr - ok</div> <div>11:54:13.0351 0484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll</div> <div>11:54:13.0351 0484 hidserv - ok</div> <div>11:54:13.0382 0484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys</div> <div>11:54:13.0382 0484 HidUsb - ok</div> <div>11:54:13.0414 0484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll</div> <div>11:54:13.0414 0484 hkmsvc - ok</div> <div>11:54:13.0460 0484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll</div> <div>11:54:13.0460 0484 HomeGroupListener - ok</div> <div>11:54:13.0492 0484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll</div> <div>11:54:13.0507 0484 HomeGroupProvider - ok</div> <div>11:54:13.0523 0484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys</div> <div>11:54:13.0523 0484 HpSAMD - ok</div> <div>11:54:13.0554 0484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys</div> <div>11:54:13.0570 0484 HTTP - ok</div> <div>11:54:13.0601 0484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys</div> <div>11:54:13.0601 0484 hwpolicy - ok</div> <div>11:54:13.0648 0484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys</div> <div>11:54:13.0648 0484 i8042prt - ok</div> <div>11:54:13.0710 0484 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe</div> <div>11:54:13.0710 0484 IAANTMON - ok</div> <div>11:54:13.0757 0484 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys</div> <div>11:54:13.0757 0484 iaStor - ok</div> <div>11:54:13.0788 0484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys</div> <div>11:54:13.0804 0484 iaStorV - ok</div> <div>11:54:13.0850 0484 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div> <div>11:54:13.0850 0484 IDriverT - ok</div> <div>11:54:13.0882 0484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe</div> <div>11:54:13.0897 0484 idsvc - ok</div> <div>11:54:13.0991 0484 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys</div> <div>11:54:14.0006 0484 IDSVia64 - ok</div> <div>11:54:14.0038 0484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys</div> <div>11:54:14.0038 0484 iirsp - ok</div> <div>11:54:14.0084 0484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll</div> <div>11:54:14.0100 0484 IKEEXT - ok</div> <div>11:54:14.0116 0484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys</div> <div>11:54:14.0116 0484 intelide - ok</div> <div>11:54:14.0131 0484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys</div> <div>11:54:14.0131 0484 intelppm - ok</div> <div>11:54:14.0194 0484 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe</div> <div>11:54:14.0194 0484 IntuitUpdateService - ok</div> <div>11:54:14.0240 0484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll</div> <div>11:54:14.0240 0484 IPBusEnum - ok</div> <div>11:54:14.0287 0484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys</div> <div>11:54:14.0287 0484 IpFilterDriver - ok</div> <div>11:54:14.0318 0484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll</div> <div>11:54:14.0334 0484 iphlpsvc - ok</div> <div>11:54:14.0365 0484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys</div> <div>11:54:14.0365 0484 IPMIDRV - ok</div> <div>11:54:14.0381 0484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys</div> <div>11:54:14.0381 0484 IPNAT - ok</div> <div>11:54:14.0443 0484 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe</div> <div>11:54:14.0459 0484 iPod Service - ok</div> <div>11:54:14.0474 0484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys</div> <div>11:54:14.0474 0484 IRENUM - ok</div> <div>11:54:14.0474 0484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys</div> <div>11:54:14.0490 0484 isapnp - ok</div> <div>11:54:14.0521 0484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys</div> <div>11:54:14.0537 0484 iScsiPrt - ok</div> <div>11:54:14.0552 0484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys</div> <div>11:54:14.0552 0484 kbdclass - ok</div> <div>11:54:14.0568 0484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys</div> <div>11:54:14.0568 0484 kbdhid - ok</div> <div>11:54:14.0584 0484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe</div> <div>11:54:14.0584 0484 KeyIso - ok</div> <div>11:54:14.0615 0484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys</div> <div>11:54:14.0615 0484 KSecDD - ok</div> <div>11:54:14.0646 0484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys</div> <div>11:54:14.0646 0484 KSecPkg - ok</div> <div>11:54:14.0677 0484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys</div> <div>11:54:14.0677 0484 ksthunk - ok</div> <div>11:54:14.0708 0484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll</div> <div>11:54:14.0724 0484 KtmRm - ok</div> <div>11:54:14.0740 0484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll</div> <div>11:54:14.0740 0484 LanmanServer - ok</div> <div>11:54:14.0786 0484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll</div> <div>11:54:14.0786 0484 LanmanWorkstation - ok</div> <div>11:54:14.0818 0484 Lavasoft Kernexplorer - ok</div> <div>11:54:14.0864 0484 [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys</div> <div>11:54:14.0864 0484 libusb0 - ok</div> <div>11:54:14.0896 0484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys</div> <div>11:54:14.0896 0484 lltdio - ok</div> <div>11:54:14.0927 0484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll</div> <div>11:54:14.0927 0484 lltdsvc - ok</div> <div>11:54:14.0942 0484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll</div> <div>11:54:14.0942 0484 lmhosts - ok</div> <div>11:54:14.0974 0484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys</div> <div>11:54:14.0974 0484 LSI_FC - ok</div> <div>11:54:14.0989 0484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys</div> <div>11:54:14.0989 0484 LSI_SAS - ok</div> <div>11:54:15.0005 0484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys</div> <div>11:54:15.0005 0484 LSI_SAS2 - ok</div> <div>11:54:15.0005 0484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys</div> <div>11:54:15.0020 0484 LSI_SCSI - ok</div> <div>11:54:15.0036 0484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys</div> <div>11:54:15.0036 0484 luafv - ok</div> <div>11:54:15.0083 0484 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys</div> <div>11:54:15.0083 0484 MBAMProtector - ok</div> <div>11:54:15.0145 0484 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div> <div>11:54:15.0145 0484 MBAMScheduler - ok</div> <div>11:54:15.0192 0484 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>11:54:15.0208 0484 MBAMService - ok</div> <div>11:54:15.0239 0484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll</div> <div>11:54:15.0254 0484 Mcx2Svc - ok</div> <div>11:54:15.0286 0484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys</div> <div>11:54:15.0286 0484 megasas - ok</div> <div>11:54:15.0301 0484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys</div> <div>11:54:15.0301 0484 MegaSR - ok</div> <div>11:54:15.0332 0484 [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys</div> <div>11:54:15.0332 0484 mfeavfk - ok</div> <div>11:54:15.0348 0484 [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys</div> <div>11:54:15.0348 0484 mfehidk - ok</div> <div>11:54:15.0379 0484 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys</div> <div>11:54:15.0379 0484 mferkdk - ok</div> <div>11:54:15.0410 0484 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys</div> <div>11:54:15.0410 0484 mfesmfk - ok</div> <div>11:54:15.0442 0484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll</div> <div>11:54:15.0442 0484 MMCSS - ok</div> <div>11:54:15.0457 0484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys</div> <div>11:54:15.0457 0484 Modem - ok</div> <div>11:54:15.0504 0484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys</div> <div>11:54:15.0504 0484 monitor - ok</div> <div>11:54:15.0504 0484 motccgp - ok</div> <div>11:54:15.0520 0484 motccgpfl - ok</div> <div>11:54:15.0520 0484 MotoSwitchService - ok</div> <div>11:54:15.0535 0484 Motousbnet - ok</div> <div>11:54:15.0551 0484 motusbdevice - ok</div> <div>11:54:15.0582 0484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys</div> <div>11:54:15.0582 0484 mouclass - ok</div> <div>11:54:15.0598 0484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys</div> <div>11:54:15.0598 0484 mouhid - ok</div> <div>11:54:15.0629 0484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys</div> <div>11:54:15.0629 0484 mountmgr - ok</div> <div>11:54:15.0644 0484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys</div> <div>11:54:15.0644 0484 mpio - ok</div> <div>11:54:15.0660 0484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys</div> <div>11:54:15.0660 0484 mpsdrv - ok</div> <div>11:54:15.0707 0484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll</div> <div>11:54:15.0707 0484 MpsSvc - ok</div> <div>11:54:15.0754 0484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys</div> <div>11:54:15.0754 0484 MRxDAV - ok</div> <div>11:54:15.0816 0484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys</div> <div>11:54:15.0816 0484 mrxsmb - ok</div> <div>11:54:15.0847 0484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys</div> <div>11:54:15.0847 0484 mrxsmb10 - ok</div> <div>11:54:15.0863 0484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys</div> <div>11:54:15.0863 0484 mrxsmb20 - ok</div> <div>11:54:15.0878 0484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys</div> <div>11:54:15.0878 0484 msahci - ok</div> <div>11:54:15.0894 0484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys</div> <div>11:54:15.0910 0484 msdsm - ok</div> <div>11:54:15.0910 0484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe</div> <div>11:54:15.0910 0484 MSDTC - ok</div> <div>11:54:15.0956 0484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys</div> <div>11:54:15.0956 0484 Msfs - ok</div> <div>11:54:15.0972 0484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys</div> <div>11:54:15.0972 0484 mshidkmdf - ok</div> <div>11:54:15.0972 0484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys</div> <div>11:54:15.0972 0484 msisadrv - ok</div> <div>11:54:16.0019 0484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll</div> <div>11:54:16.0019 0484 MSiSCSI - ok</div> <div>11:54:16.0019 0484 msiserver - ok</div> <div>11:54:16.0050 0484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys</div> <div>11:54:16.0050 0484 MSKSSRV - ok</div> <div>11:54:16.0066 0484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys</div> <div>11:54:16.0066 0484 MSPCLOCK - ok</div> <div>11:54:16.0081 0484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys</div> <div>11:54:16.0081 0484 MSPQM - ok</div> <div>11:54:16.0128 0484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys</div> <div>11:54:16.0128 0484 MsRPC - ok</div> <div>11:54:16.0128 0484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys</div> <div>11:54:16.0128 0484 mssmbios - ok</div> <div>11:54:16.0237 0484 MSSQL$SQLEXPRESS - ok</div> <div>11:54:16.0315 0484 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE</div> <div>11:54:16.0315 0484 MSSQLServerADHelper100 - ok</div> <div>11:54:16.0331 0484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys</div> <div>11:54:16.0331 0484 MSTEE - ok</div> <div>11:54:16.0346 0484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys</div> <div>11:54:16.0346 0484 MTConfig - ok</div> <div>11:54:16.0362 0484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys</div> <div>11:54:16.0362 0484 Mup - ok</div> <div>11:54:16.0424 0484 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe</div> <div>11:54:16.0424 0484 N360 - ok</div> <div>11:54:16.0471 0484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll</div> <div>11:54:16.0471 0484 napagent - ok</div> <div>11:54:16.0518 0484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys</div> <div>11:54:16.0518 0484 NativeWifiP - ok</div> <div>11:54:16.0627 0484 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS</div> <div>11:54:16.0627 0484 NAVENG - ok</div> <div>11:54:16.0690 0484 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS</div> <div>11:54:16.0721 0484 NAVEX15 - ok</div> <div>11:54:16.0768 0484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys</div> <div>11:54:16.0768 0484 NDIS - ok</div> <div>11:54:16.0799 0484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys</div> <div>11:54:16.0799 0484 NdisCap - ok</div> <div>11:54:16.0814 0484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys</div> <div>11:54:16.0814 0484 NdisTapi - ok</div> <div>11:54:16.0830 0484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys</div> <div>11:54:16.0830 0484 Ndisuio - ok</div> <div>11:54:16.0861 0484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys</div> <div>11:54:16.0861 0484 NdisWan - ok</div> <div>11:54:16.0908 0484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys</div> <div>11:54:16.0908 0484 NDProxy - ok</div> <div>11:54:16.0939 0484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys</div> <div>11:54:16.0939 0484 NetBIOS - ok</div> <div>11:54:16.0955 0484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys</div> <div>11:54:16.0955 0484 NetBT - ok</div> <div>11:54:16.0970 0484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe</div> <div>11:54:16.0970 0484 Netlogon - ok</div> <div>11:54:17.0017 0484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll</div> <div>11:54:17.0033 0484 Netman - ok</div> <div>11:54:17.0080 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div> <div>11:54:17.0080 0484 NetMsmqActivator - ok</div> <div>11:54:17.0080 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div> <div>11:54:17.0080 0484 NetPipeActivator - ok</div> <div>11:54:17.0095 0484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll</div> <div>11:54:17.0111 0484 netprofm - ok</div> <div>11:54:17.0111 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div> <div>11:54:17.0111 0484 NetTcpActivator - ok</div> <div>11:54:17.0111 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div> <div>11:54:17.0111 0484 NetTcpPortSharing - ok</div> <div>11:54:17.0158 0484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys</div> <div>11:54:17.0158 0484 nfrd960 - ok</div> <div>11:54:17.0173 0484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll</div> <div>11:54:17.0173 0484 NlaSvc - ok</div> <div>11:54:17.0204 0484 nosGetPlusHelper - ok</div> <div>11:54:17.0220 0484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys</div> <div>11:54:17.0236 0484 Npfs - ok</div> <div>11:54:17.0236 0484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll</div> <div>11:54:17.0236 0484 nsi - ok</div> <div>11:54:17.0251 0484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys</div> <div>11:54:17.0251 0484 nsiproxy - ok</div> <div>11:54:17.0329 0484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys</div> <div>11:54:17.0345 0484 Ntfs - ok</div> <div>11:54:17.0360 0484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys</div> <div>11:54:17.0360 0484 Null - ok</div> <div>11:54:17.0407 0484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys</div> <div>11:54:17.0423 0484 nvraid - ok</div> <div>11:54:17.0438 0484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys</div> <div>11:54:17.0438 0484 nvstor - ok</div> <div>11:54:17.0470 0484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys</div> <div>11:54:17.0470 0484 nv_agp - ok</div> <div>11:54:17.0548 0484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE</div> <div>11:54:17.0563 0484 odserv - ok</div> <div>11:54:17.0579 0484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys</div> <div>11:54:17.0579 0484 ohci1394 - ok</div> <div>11:54:17.0626 0484 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE</div> <div>11:54:17.0626 0484 ose - ok</div> <div>11:54:17.0766 0484 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</div> <div>11:54:17.0813 0484 osppsvc - ok</div> <div>11:54:17.0860 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll</div> <div>11:54:17.0860 0484 p2pimsvc - ok</div> <div>11:54:17.0875 0484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll</div> <div>11:54:17.0891 0484 p2psvc - ok</div> <div>11:54:17.0922 0484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys</div> <div>11:54:17.0922 0484 Parport - ok</div> <div>11:54:17.0969 0484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys</div> <div>11:54:17.0969 0484 partmgr - ok</div> <div>11:54:17.0984 0484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll</div> <div>11:54:17.0984 0484 PcaSvc - ok</div> <div>11:54:18.0016 0484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys</div> <div>11:54:18.0016 0484 pci - ok</div> <div>11:54:18.0031 0484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys</div> <div>11:54:18.0031 0484 pciide - ok</div> <div>11:54:18.0062 0484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys</div> <div>11:54:18.0062 0484 pcmcia - ok</div> <div>11:54:18.0078 0484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys</div> <div>11:54:18.0078 0484 pcw - ok</div> <div>11:54:18.0109 0484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys</div> <div>11:54:18.0109 0484 PEAUTH - ok</div> <div>11:54:18.0187 0484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe</div> <div>11:54:18.0187 0484 PerfHost - ok</div> <div>11:54:18.0250 0484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll</div> <div>11:54:18.0265 0484 pla - ok</div> <div>11:54:18.0328 0484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll</div> <div>11:54:18.0328 0484 PlugPlay - ok</div> <div>11:54:18.0343 0484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll</div> <div>11:54:18.0343 0484 PNRPAutoReg - ok</div> <div>11:54:18.0499 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll</div> <div>11:54:18.0515 0484 PNRPsvc - ok</div> <div>11:54:18.0530 0484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll</div> <div>11:54:18.0530 0484 PolicyAgent - ok</div> <div>11:54:18.0577 0484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll</div> <div>11:54:18.0577 0484 Power - ok</div> <div>11:54:18.0624 0484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys</div> <div>11:54:18.0624 0484 PptpMiniport - ok</div> <div>11:54:18.0640 0484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys</div> <div>11:54:18.0640 0484 Processor - ok</div> <div>11:54:18.0686 0484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll</div> <div>11:54:18.0686 0484 ProfSvc - ok</div> <div>11:54:18.0702 0484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe</div> <div>11:54:18.0702 0484 ProtectedStorage - ok</div> <div>11:54:18.0749 0484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys</div> <div>11:54:18.0749 0484 Psched - ok</div> <div>11:54:18.0780 0484 [ 5F6085E17866C1BF098C42D30A894DED ] psdrv3 C:\Windows\system32\Drivers\psdrv3.sys</div> <div>11:54:18.0780 0484 psdrv3 - ok</div> <div>11:54:18.0827 0484 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</div> <div>11:54:18.0827 0484 QBCFMonitorService - ok</div> <div>11:54:18.0858 0484 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe</div> <div>11:54:18.0874 0484 QBFCService - ok</div> <div>11:54:18.0920 0484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys</div> <div>11:54:18.0936 0484 ql2300 - ok</div> <div>11:54:18.0967 0484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys</div> <div>11:54:18.0967 0484 ql40xx - ok</div> <div>11:54:19.0030 0484 QuickBooksDB18 - ok</div> <div>11:54:19.0045 0484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll</div> <div>11:54:19.0061 0484 QWAVE - ok</div> <div>11:54:19.0076 0484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys</div> <div>11:54:19.0076 0484 QWAVEdrv - ok</div> <div>11:54:19.0076 0484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys</div> <div>11:54:19.0076 0484 RasAcd - ok</div> <div>11:54:19.0092 0484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys</div> <div>11:54:19.0092 0484 RasAgileVpn - ok</div> <div>11:54:19.0108 0484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll</div> <div>11:54:19.0108 0484 RasAuto - ok</div> <div>11:54:19.0139 0484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys</div> <div>11:54:19.0154 0484 Rasl2tp - ok</div> <div>11:54:19.0170 0484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll</div> <div>11:54:19.0170 0484 RasMan - ok</div> <div>11:54:19.0201 0484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys</div> <div>11:54:19.0201 0484 RasPppoe - ok</div> <div>11:54:19.0217 0484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys</div> <div>11:54:19.0217 0484 RasSstp - ok</div> <div>11:54:19.0264 0484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys</div> <div>11:54:19.0264 0484 rdbss - ok</div> <div>11:54:19.0279 0484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys</div> <div>11:54:19.0279 0484 rdpbus - ok</div> <div>11:54:19.0279 0484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys</div> <div>11:54:19.0279 0484 RDPCDD - ok</div> <div>11:54:19.0310 0484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys</div> <div>11:54:19.0310 0484 RDPENCDD - ok</div> <div>11:54:19.0310 0484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys</div> <div>11:54:19.0310 0484 RDPREFMP - ok</div> <div>11:54:19.0357 0484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys</div> <div>11:54:19.0357 0484 RDPWD - ok</div> <div>11:54:19.0388 0484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys</div> <div>11:54:19.0404 0484 rdyboost - ok</div> <div>11:54:19.0435 0484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll</div> <div>11:54:19.0435 0484 RemoteAccess - ok</div> <div>11:54:19.0451 0484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll</div> <div>11:54:19.0451 0484 RemoteRegistry - ok</div> <div>11:54:19.0498 0484 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys</div> <div>11:54:19.0513 0484 RFCOMM - ok</div> <div>11:54:19.0544 0484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll</div> <div>11:54:19.0544 0484 RpcEptMapper - ok</div> <div>11:54:19.0560 0484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe</div> <div>11:54:19.0560 0484 RpcLocator - ok</div> <div>11:54:19.0607 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll</div> <div>11:54:19.0607 0484 RpcSs - ok</div> <div>11:54:19.0638 0484 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys</div> <div>11:54:19.0654 0484 RsFx0105 - ok</div> <div>11:54:19.0685 0484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys</div> <div>11:54:19.0685 0484 rspndr - ok</div> <div>11:54:19.0700 0484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe</div> <div>11:54:19.0700 0484 SamSs - ok</div> <div>11:54:19.0732 0484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys</div> <div>11:54:19.0732 0484 sbp2port - ok</div> <div>11:54:19.0747 0484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll</div> <div>11:54:19.0747 0484 SCardSvr - ok</div> <div>11:54:19.0778 0484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys</div> <div>11:54:19.0778 0484 scfilter - ok</div> <div>11:54:19.0825 0484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll</div> <div>11:54:19.0841 0484 Schedule - ok</div> <div>11:54:19.0888 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll</div> <div>11:54:19.0888 0484 SCPolicySvc - ok</div> <div>11:54:19.0919 0484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll</div> <div>11:54:19.0919 0484 SDRSVC - ok</div> <div>11:54:19.0934 0484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys</div> <div>11:54:19.0934 0484 secdrv - ok</div> <div>11:54:19.0950 0484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll</div> <div>11:54:19.0950 0484 seclogon - ok</div> <div>11:54:19.0966 0484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll</div> <div>11:54:19.0981 0484 SENS - ok</div> <div>11:54:19.0997 0484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll</div> <div>11:54:19.0997 0484 SensrSvc - ok</div> <div>11:54:20.0012 0484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys</div> <div>11:54:20.0012 0484 Serenum - ok</div> <div>11:54:20.0044 0484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys</div> <div>11:54:20.0044 0484 Serial - ok</div> <div>11:54:20.0059 0484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys</div> <div>11:54:20.0059 0484 sermouse - ok</div> <div>11:54:20.0106 0484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll</div> <div>11:54:20.0106 0484 SessionEnv - ok</div> <div>11:54:20.0106 0484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys</div> <div>11:54:20.0106 0484 sffdisk - ok</div> <div>11:54:20.0122 0484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys</div> <div>11:54:20.0122 0484 sffp_mmc - ok</div> <div>11:54:20.0137 0484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys</div> <div>11:54:20.0137 0484 sffp_sd - ok</div> <div>11:54:20.0153 0484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys</div> <div>11:54:20.0153 0484 sfloppy - ok</div> <div>11:54:20.0200 0484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll</div> <div>11:54:20.0215 0484 SharedAccess - ok</div> <div>11:54:20.0231 0484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll</div> <div>11:54:20.0231 0484 ShellHWDetection - ok</div> <div>11:54:20.0246 0484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys</div> <div>11:54:20.0246 0484 SiSRaid2 - ok</div> <div>11:54:20.0262 0484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys</div> <div>11:54:20.0262 0484 SiSRaid4 - ok</div> <div>11:54:20.0340 0484 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe</div> <div>11:54:20.0340 0484 SkypeUpdate - ok</div> <div>11:54:20.0387 0484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys</div> <div>11:54:20.0387 0484 Smb - ok</div> <div>11:54:20.0418 0484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe</div> <div>11:54:20.0418 0484 SNMPTRAP - ok</div> <div>11:54:20.0434 0484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys</div> <div>11:54:20.0434 0484 spldr - ok</div> <div>11:54:20.0480 0484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe</div> <div>11:54:20.0480 0484 Spooler - ok</div> <div>11:54:20.0574 0484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe</div> <div>11:54:20.0605 0484 sppsvc - ok</div> <div>11:54:20.0621 0484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll</div> <div>11:54:20.0621 0484 sppuinotify - ok</div> <div>11:54:20.0746 0484 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE</div> <div>11:54:20.0761 0484 SQLAgent$SQLEXPRESS - ok</div> <div>11:54:20.0808 0484 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe</div> <div>11:54:20.0808 0484 SQLBrowser - ok</div> <div>11:54:20.0870 0484 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</div> <div>11:54:20.0870 0484 SQLWriter - ok</div> <div>11:54:20.0948 0484 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS</div> <div>11:54:20.0948 0484 SRTSP - ok</div> <div>11:54:20.0964 0484 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS</div> <div>11:54:20.0964 0484 SRTSPX - ok</div> <div>11:54:21.0011 0484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys</div> <div>11:54:21.0026 0484 srv - ok</div> <div>11:54:21.0042 0484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys</div> <div>11:54:21.0042 0484 srv2 - ok</div> <div>11:54:21.0058 0484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys</div> <div>11:54:21.0058 0484 srvnet - ok</div> <div>11:54:21.0120 0484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll</div> <div>11:54:21.0120 0484 SSDPSRV - ok</div> <div>11:54:21.0120 0484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll</div> <div>11:54:21.0120 0484 SstpSvc - ok</div> <div>11:54:21.0167 0484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys</div> <div>11:54:21.0167 0484 stexstor - ok</div> <div>11:54:21.0214 0484 [ 6299F206F17E34EAD0EF63DAD8CD4272 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys</div> <div>11:54:21.0229 0484 STHDA - ok</div> <div>11:54:21.0276 0484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll</div> <div>11:54:21.0276 0484 stisvc - ok</div> <div>11:54:21.0292 0484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys</div> <div>11:54:21.0292 0484 swenum - ok</div> <div>11:54:21.0323 0484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll</div> <div>11:54:21.0338 0484 swprv - ok</div> <div>11:54:21.0338 0484 sxuptp - ok</div> <div>11:54:21.0354 0484 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS</div> <div>11:54:21.0354 0484 SymDS - ok</div> <div>11:54:21.0416 0484 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS</div> <div>11:54:21.0416 0484 SymEFA - ok</div> <div>11:54:21.0432 0484 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</div> <div>11:54:21.0448 0484 SymEvent - ok</div> <div>11:54:21.0479 0484 [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys</div> <div>11:54:21.0479 0484 SymIM - ok</div> <div>11:54:21.0510 0484 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS</div> <div>11:54:21.0510 0484 SymIRON - ok</div> <div>11:54:21.0541 0484 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS</div> <div>11:54:21.0557 0484 SYMTDIv - ok</div> <div>11:54:21.0635 0484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll</div> <div>11:54:21.0650 0484 SysMain - ok</div> <div>11:54:21.0682 0484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll</div> <div>11:54:21.0682 0484 TabletInputService - ok</div> <div>11:54:21.0728 0484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll</div> <div>11:54:21.0728 0484 TapiSrv - ok</div> <div>11:54:21.0775 0484 [ 79E084FCCFEF637580A06F3DC36C1A6C ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys</div> <div>11:54:21.0791 0484 TASCAM_US122144 - ok</div> <div>11:54:21.0822 0484 [ DE0AE9891AA5D08A9EC92C326D8000F9 ] TASCAM_US122L_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys</div> <div>11:54:21.0822 0484 TASCAM_US122L_MK2_MIDI - ok</div> <div>11:54:21.0838 0484 [ BC94143174B92C181AE6135750DAEA7D ] TASCAM_US122L_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys</div> <div>11:54:21.0838 0484 TASCAM_US122L_MK2_WDM - ok</div> <div>11:54:21.0869 0484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll</div> <div>11:54:21.0869 0484 TBS - ok</div> <div>11:54:21.0947 0484 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys</div> <div>11:54:21.0962 0484 Tcpip - ok</div> <div>11:54:21.0994 0484 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys</div> <div>11:54:22.0009 0484 TCPIP6 - ok</div> <div>11:54:22.0040 0484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys</div> <div>11:54:22.0040 0484 tcpipreg - ok</div> <div>11:54:22.0087 0484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys</div> <div>11:54:22.0087 0484 TDPIPE - ok</div> <div>11:54:22.0118 0484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys</div> <div>11:54:22.0118 0484 TDTCP - ok</div> <div>11:54:22.0165 0484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys</div> <div>11:54:22.0165 0484 tdx - ok</div> <div>11:54:22.0212 0484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys</div> <div>11:54:22.0212 0484 TermDD - ok</div> <div>11:54:22.0243 0484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll</div> <div>11:54:22.0259 0484 TermService - ok</div> <div>11:54:22.0259 0484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll</div> <div>11:54:22.0274 0484 Themes - ok</div> <div>11:54:22.0306 0484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll</div> <div>11:54:22.0306 0484 THREADORDER - ok</div> <div>11:54:22.0321 0484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll</div> <div>11:54:22.0321 0484 TrkWks - ok</div> <div>11:54:22.0399 0484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe</div> <div>11:54:22.0399 0484 TrustedInstaller - ok</div> <div>11:54:22.0430 0484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys</div> <div>11:54:22.0446 0484 tssecsrv - ok</div> <div>11:54:22.0477 0484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys</div> <div>11:54:22.0493 0484 TsUsbFlt - ok</div> <div>11:54:22.0540 0484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys</div> <div>11:54:22.0540 0484 tunnel - ok</div> <div>11:54:22.0555 0484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys</div> <div>11:54:22.0555 0484 uagp35 - ok</div> <div>11:54:22.0633 0484 [ E212CD75C7558450C0890710F892084C ] uagqecsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe</div> <div>11:54:22.0633 0484 uagqecsvc - ok</div> <div>11:54:22.0680 0484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys</div> <div>11:54:22.0680 0484 udfs - ok</div> <div>11:54:22.0711 0484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe</div> <div>11:54:22.0711 0484 UI0Detect - ok</div> <div>11:54:22.0727 0484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys</div> <div>11:54:22.0727 0484 uliagpkx - ok</div> <div>11:54:22.0758 0484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys</div> <div>11:54:22.0758 0484 umbus - ok</div> <div>11:54:22.0789 0484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys</div> <div>11:54:22.0789 0484 UmPass - ok</div> <div>11:54:22.0805 0484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll</div> <div>11:54:22.0820 0484 upnphost - ok</div> <div>11:54:22.0852 0484 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys</div> <div>11:54:22.0852 0484 USBAAPL64 - ok</div> <div>11:54:22.0898 0484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys</div> <div>11:54:22.0898 0484 usbccgp - ok</div> <div>11:54:22.0945 0484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys</div> <div>11:54:22.0945 0484 usbcir - ok</div> <div>11:54:22.0976 0484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys</div> <div>11:54:22.0976 0484 usbehci - ok</div> <div>11:54:23.0008 0484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys</div> <div>11:54:23.0008 0484 usbhub - ok</div> <div>11:54:23.0023 0484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys</div> <div>11:54:23.0023 0484 usbohci - ok</div> <div>11:54:23.0054 0484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys</div> <div>11:54:23.0054 0484 usbprint - ok</div> <div>11:54:23.0086 0484 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys</div> <div>11:54:23.0086 0484 usbscan - ok</div> <div>11:54:23.0132 0484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS</div> <div>11:54:23.0132 0484 USBSTOR - ok</div> <div>11:54:23.0148 0484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys</div> <div>11:54:23.0148 0484 usbuhci - ok</div> <div>11:54:23.0179 0484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll</div> <div>11:54:23.0179 0484 UxSms - ok</div> <div>11:54:23.0195 0484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe</div> <div>11:54:23.0195 0484 VaultSvc - ok</div> <div>11:54:23.0226 0484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys</div> <div>11:54:23.0242 0484 vdrvroot - ok</div> <div>11:54:23.0242 0484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe</div> <div>11:54:23.0257 0484 vds - ok</div> <div>11:54:23.0273 0484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys</div> <div>11:54:23.0273 0484 vga - ok</div> <div>11:54:23.0273 0484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys</div> <div>11:54:23.0273 0484 VgaSave - ok</div> <div>11:54:23.0304 0484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys</div> <div>11:54:23.0304 0484 vhdmp - ok</div> <div>11:54:23.0335 0484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys</div> <div>11:54:23.0335 0484 viaide - ok</div> <div>11:54:23.0366 0484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys</div> <div>11:54:23.0366 0484 volmgr - ok</div> <div>11:54:23.0398 0484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys</div> <div>11:54:23.0398 0484 volmgrx - ok</div> <div>11:54:23.0429 0484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys</div> <div>11:54:23.0429 0484 volsnap - ok</div> <div>11:54:23.0476 0484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys</div> <div>11:54:23.0476 0484 vsmraid - ok</div> <div>11:54:23.0616 0484 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys</div> <div>11:54:23.0616 0484 VSPerfDrv100 - ok</div> <div>11:54:23.0694 0484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe</div> <div>11:54:23.0710 0484 VSS - ok</div> <div>11:54:23.0741 0484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys</div> <div>11:54:23.0741 0484 vwifibus - ok</div> <div>11:54:23.0756 0484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys</div> <div>11:54:23.0756 0484 vwififlt - ok</div> <div>11:54:23.0788 0484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys</div> <div>11:54:23.0788 0484 vwifimp - ok</div> <div>11:54:23.0819 0484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll</div> <div>11:54:23.0834 0484 W32Time - ok</div> <div>11:54:23.0850 0484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys</div> <div>11:54:23.0850 0484 WacomPen - ok</div> <div>11:54:23.0850 0484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys</div> <div>11:54:23.0850 0484 WANARP - ok</div> <div>11:54:23.0866 0484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys</div> <div>11:54:23.0866 0484 Wanarpv6 - ok</div> <div>11:54:23.0912 0484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe</div> <div>11:54:23.0928 0484 WatAdminSvc - ok</div> <div>11:54:23.0975 0484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe</div> <div>11:54:23.0990 0484 wbengine - ok</div> <div>11:54:24.0006 0484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll</div> <div>11:54:24.0006 0484 WbioSrvc - ok</div> <div>11:54:24.0053 0484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll</div> <div>11:54:24.0053 0484 wcncsvc - ok</div> <div>11:54:24.0068 0484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll</div> <div>11:54:24.0068 0484 WcsPlugInService - ok</div> <div>11:54:24.0084 0484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys</div> <div>11:54:24.0084 0484 Wd - ok</div> <div>11:54:24.0131 0484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys</div> <div>11:54:24.0146 0484 Wdf01000 - ok</div> <div>11:54:24.0162 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll</div> <div>11:54:24.0162 0484 WdiServiceHost - ok</div> <div>11:54:24.0162 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll</div> <div>11:54:24.0162 0484 WdiSystemHost - ok</div> <div>11:54:24.0209 0484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll</div> <div>11:54:24.0209 0484 WebClient - ok</div> <div>11:54:24.0224 0484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll</div> <div>11:54:24.0224 0484 Wecsvc - ok</div> <div>11:54:24.0271 0484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll</div> <div>11:54:24.0271 0484 wercplsupport - ok</div> <div>11:54:24.0287 0484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll</div> <div>11:54:24.0287 0484 WerSvc - ok</div> <div>11:54:24.0334 0484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys</div> <div>11:54:24.0334 0484 WfpLwf - ok</div> <div>11:54:24.0349 0484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys</div> <div>11:54:24.0349 0484 WIMMount - ok</div> <div>11:54:24.0365 0484 WinDefend - ok</div> <div>11:54:24.0365 0484 WinHttpAutoProxySvc - ok</div> <div>11:54:24.0443 0484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll</div> <div>11:54:24.0458 0484 Winmgmt - ok</div> <div>11:54:24.0583 0484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll</div> <div>11:54:24.0599 0484 WinRM - ok</div> <div>11:54:24.0661 0484 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys</div> <div>11:54:24.0661 0484 WinUsb - ok</div> <div>11:54:24.0708 0484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll</div> <div>11:54:24.0724 0484 Wlansvc - ok</div> <div>11:54:24.0786 0484 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe</div> <div>11:54:24.0786 0484 wlcrasvc - ok</div> <div>11:54:24.0880 0484 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div> <div>11:54:24.0895 0484 wlidsvc - ok</div> <div>11:54:24.0942 0484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys</div> <div>11:54:24.0942 0484 WmiAcpi - ok</div> <div>11:54:24.0958 0484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe</div> <div>11:54:24.0958 0484 wmiApSrv - ok</div> <div>11:54:24.0989 0484 WMPNetworkSvc - ok</div> <div>11:54:24.0989 0484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll</div> <div>11:54:24.0989 0484 WPCSvc - ok</div> <div>11:54:25.0020 0484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll</div> <div>11:54:25.0036 0484 WPDBusEnum - ok</div> <div>11:54:25.0067 0484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys</div> <div>11:54:25.0067 0484 ws2ifsl - ok</div> <div>11:54:25.0082 0484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll</div> <div>11:54:25.0082 0484 wscsvc - ok</div> <div>11:54:25.0129 0484 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys</div> <div>11:54:25.0129 0484 WSDPrintDevice - ok</div> <div>11:54:25.0160 0484 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys</div> <div>11:54:25.0160 0484 WSDScan - ok</div> <div>11:54:25.0176 0484 WSearch - ok</div> <div>11:54:25.0238 0484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll</div> <div>11:54:25.0270 0484 wuauserv - ok</div> <div>11:54:25.0301 0484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys</div> <div>11:54:25.0301 0484 WudfPf - ok</div> <div>11:54:25.0332 0484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys</div> <div>11:54:25.0348 0484 WUDFRd - ok</div> <div>11:54:25.0379 0484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll</div> <div>11:54:25.0379 0484 wudfsvc - ok</div> <div>11:54:25.0410 0484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll</div> <div>11:54:25.0426 0484 WwanSvc - ok</div> <div>11:54:25.0441 0484 ================ Scan global ===============================</div> <div>11:54:25.0488 0484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll</div> <div>11:54:25.0519 0484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div> <div>11:54:25.0535 0484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div> <div>11:54:25.0566 0484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll</div> <div>11:54:25.0582 0484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe</div> <div>11:54:25.0597 0484 [Global] - ok</div> <div>11:54:25.0597 0484 ================ Scan MBR ==================================</div> <div>11:54:25.0597 0484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0</div> <div>11:54:25.0597 0484 Suspicious mbr (Forged): \Device\Harddisk0\DR0</div> <div>11:54:25.0660 0484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected</div> <div>11:54:25.0660 0484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)</div> <div>11:54:25.0675 0484 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1</div> <div>11:54:40.0604 0484 \Device\Harddisk1\DR1 - ok</div> <div>11:54:40.0604 0484 ================ Scan VBR ==================================</div> <div>11:54:40.0604 0484 [ 558935E347C8ECEE3B3AF00CCE866096 ] \Device\Harddisk0\DR0\Partition1</div> <div>11:54:40.0604 0484 \Device\Harddisk0\DR0\Partition1 - ok</div> <div>11:54:40.0620 0484 [ 9AF75B854291DF1541FF0996489C2EB8 ] \Device\Harddisk0\DR0\Partition2</div> <div>11:54:40.0620 0484 \Device\Harddisk0\DR0\Partition2 - ok</div> <div>11:54:40.0620 0484 [ 2ED775138C0F13AE7947B6D3D01EF753 ] \Device\Harddisk1\DR1\Partition1</div> <div>11:54:40.0620 0484 \Device\Harddisk1\DR1\Partition1 - ok</div> <div>11:54:40.0620 0484 ============================================================</div> <div>11:54:40.0620 0484 Scan finished</div> <div>11:54:40.0620 0484 ============================================================</div> <div>11:54:40.0636 1948 Detected object count: 1</div> <div>11:54:40.0636 1948 Actual detected object count: 1</div> <div>11:55:04.0738 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user</div> <div>11:55:04.0738 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip </div> <div> </div>