[sync-eu.exe.bid issue]

I've tried to run mbam-check - a window opens for a split second, then it disappears.  I've tried it numerous times, restarted, etc.  I don't know why it won't run.

[trojan.agent infection, system crashing every few minutes]

Still in German, but gave me the option to translate. thanks again

[trojan.agent infection, system crashing every few minutes]

Your paypal page is in German, any idea how I get to an English version?

[trojan.agent infection, system crashing every few minutes]

K sounds good. My son is using Java for a programming class, so I'll leave that one alone. Thanks again for all of your help

[trojan.agent infection, system crashing every few minutes]

Should I also delete Java SE Development Kit 6 Update 25 (64 bit)? Also, do you recommend any particular antivirus? I've got the Norton security suite installed on the machine (with automatic updates), but it never signaled that there was a problem throughout this disaster:(

[trojan.agent infection, system crashing every few minutes]

Combo fix log:

ComboFix 13-03-12.02 - Pam 03/13/13 20:52:57.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3456 [GMT -5:00]

Running from: C:\Users\Pam\Desktop\ComboFix.exe

Command switches used :: L:\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\TEMP\jna6072080013482144580.dll

((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 )))))))))))))))))))))))))))))))

2071-07-25 15:13:30 . 2006-11-22 02:48:08 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\QBDataServiceUser18\AppData\Local\temp

2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp

2013-03-13 18:57:34 . 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET

2013-03-13 00:56:12 . 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2013-03-13 00:30:17 . 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS

2013-03-12 03:33:58 . 2013-03-12 03:33:58 -------- d-----w- C:\FRST

2013-03-11 14:58:30 . 2013-03-11 14:58:30 -------- d-----w- C:\Program Files (x86)\Common Files\Java

2013-03-11 14:58:15 . 2013-03-11 14:57:25 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 14:57:54 . 2013-03-11 14:57:28 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-11 11:22:47 . 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 11:15:51 . 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec

2013-03-11 03:25:22 . 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-11 03:25:05 . 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-11 03:25:04 . 2013-03-11 03:25:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-11 03:25:04 . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys

2013-03-11 03:24:51 . 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs

2013-02-13 09:04:07 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:04:07 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:07:51 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe

2013-02-13 02:07:50 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:07:49 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 02:07:38 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys

2013-02-13 02:07:35 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll

2013-02-13 02:07:35 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 02:07:35 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 02:07:35 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 02:07:34 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 02:07:34 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 02:07:32 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-02-13 02:07:32 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-13 02:39:52 . 2009-12-12 14:06:41 72013344 ----a-w- C:\Windows\system32\MRT.exe

2013-03-13 01:39:44 . 2013-03-13 02:00:21 512 ----a-w- C:\mbr.zip

2013-03-13 01:39:44 . 2013-03-13 01:44:57 512 ----a-w- C:\Users\mbr.zip

2013-03-13 01:04:25 . 2011-05-08 20:05:22 2480064 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-03-13 00:43:10 . 2013-01-24 16:25:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-13 00:43:10 . 2011-06-29 12:59:44 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 20:09:54 . 2013-03-13 01:44:48 512 ----a-w- C:\Users\MBRbackup.zip

2013-03-11 14:57:25 . 2011-03-27 15:22:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-12 05:45:24 . 2013-03-13 00:31:10 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 . 2013-03-13 00:31:10 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 . 2013-03-13 00:31:10 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 . 2013-03-13 00:31:10 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 . 2013-03-13 00:31:10 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 . 2013-03-13 00:31:11 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-21 00:11:59 . 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-01-04 04:43:21 . 2013-02-13 02:07:35 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 . 2012-12-21 09:00:55 46080 ----a-w- C:\Windows\system32\atmlib.dll

2012-12-16 14:45:03 . 2012-12-21 09:00:55 367616 ----a-w- C:\Windows\system32\atmfd.dll

2012-12-16 14:13:28 . 2012-12-21 09:00:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 . 2012-12-21 09:00:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 14:07:23 160328]

"WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 23:21:54 1449824]

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18:59:26 18705664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 15:52:02 98304]

"ATICustomerCare"="C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 00:24:46 307200]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 01:06:18 59280]

"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 16:18:54 1185112]

"IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 01:52:00 140640]

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 00:33:22 421776]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]

QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 21:49:28 682344]

R2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 15:32:12 128536]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 18:55:20 161536]

R3 27303051;27303051;C:\Windows\system32\drivers\33678759.sys [x]

R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 07:01:44 54824]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\system32\DRIVERS\libusb0.sys [2011-03-31 02:00:21 43456]

R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]

R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\system32\Drivers\psdrv3.sys [2011-05-08 17:07:54 23816]

R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys [x]

R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys [2011-04-29 03:18:02 419160]

R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys [2011-04-29 03:18:04 31576]

R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\system32\drivers\tscusb2a.sys [2011-04-29 03:18:04 53080]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 16:01:50 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 23:49:06 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-04 08:00:33 1255736]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]

R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 02:01:54 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 02:06:04 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 03:50:05 433200]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 02:53:35 221304]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120]

S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 04:19:26 593544]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 09:54:30 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 05:03:51 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 02:53:36 451704]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-04-20 07:04:20 203776]

S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-03-16 15:19:38 222720]

S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 05:52:36 191896]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 03:09:52 155648]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 21:49:28 398184]

S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 04:18:43 126400]

S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 11:05:00 150928]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 04:48:51 138912]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 21:49:28 24176]

--- Other Services/Drivers In Memory ---

*Deregistered* - mozyFilter

*Deregistered* - MPFP

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-06 03:14:04 1630672 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-03-14 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 16:25:24 . 2013-03-13 00:43:16]

2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51]

2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 23:50:18 56320]

"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 22:54:40 178712]

"SysTrayApp"="C:\Program Files (x86)\IDT\WDM\sttray64.exe" [bU]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 01:50:00 2726728]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://news.yahoo.com/?u

mLocal Page = C:\Windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: paycycle.com\www

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.2.1

- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Pam at 21:17:44 on 2013-03-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.4181 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CrashPlan\CrashPlanService.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\CrashPlan\CrashPlanTray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\prevhost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.yahoo.com/?u

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uProxyServer = :0

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} -

TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: turbotax.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.dell4me.com/myway

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSviA64.sys [2013-3-12 513184]

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776]

R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]

R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]

R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344]

S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]

S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816]

S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160]

S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576]

S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-03-14 02:06:41 -------- d-sh--w- C:\$RECYCLE.BIN

2013-03-14 01:51:10 -------- d-----w- C:\ComboFix

2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET

2013-03-13 12:17:16 -------- d-----w- C:\Users\Pam\AppData\Local\{A0034E39-0497-4A2E-A7EB-2A2917995EBE}

2013-03-13 02:54:06 98816 ----a-w- C:\Windows\sed.exe

2013-03-13 02:54:06 256000 ----a-w- C:\Windows\PEV.exe

2013-03-13 02:54:06 208896 ----a-w- C:\Windows\MBR.exe

2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS

2013-03-13 00:16:18 -------- d-----w- C:\Users\Pam\AppData\Local\{A37B3826-F482-4C62-A44C-9E0B306654DD}

2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-12 03:33:58 -------- d-----w- C:\FRST

2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec

2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs

2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-03-13 00:43:10 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 00:43:10 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

.

============= FINISH: 21:28:01.60 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 12/05/09 5:47:15 PM

System Uptime: 03/13/13 9:13:42 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G254H

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 531.733 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 7.299 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP311: 03/13/13 1:53:52 AM - Scheduled Checkpoint

RP312: 03/13/13 3:00:36 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

ActiveState ActivePython 2.6.6.15 (64-bit)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.5)

Adobe Shockwave Player 11.5

Age of Empires III

AI RoboForm (All Users)

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

ATI Catalyst Registration

Banctec Service Agreement

BlueJ

Bonjour

Browser Address Error Redirector

Canon CanoScan Toolbox 5.0

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon Inkjet Printer Driver Add-On Module

Canon MG5200 series MP Drivers

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

Canon Utilities Easy-PhotoPrint EX

CanoScan LiDE 70

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help Japanese

CCC Help Korean

Comcast High-Speed Internet Install Wizard

Compatibility Pack for the 2007 Office system

CrashPlan

Crystal Reports for Visual Studio

CutePDF Writer 2.7

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Dock

Dell Driver Download Manager

Dell Getting Started Guide

Dell Printer Software

Dotfuscator Software Services - Community Edition

EDocs

ESET Online Scanner v3

Finale 2011

Google Chrome

Google Update Helper

GPL Ghostscript 8.64

Greenfoot 2.0.1

GSview 4.9

IDT Audio

InfraRecorder

Intel® Matrix Storage Manager

iTunes

Java 7 Update 17

Java Auto Updater

Java 6 Update 24

Java 6 Update 25 (64-bit)

Java SE Development Kit 6 Update 25 (64-bit)

libQGLViewer

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Forefront UAG endpoint components v4.0.0

Microsoft Help Viewer 1.1

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher 2010

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Publisher 2010

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2010 Ultimate - ENU

Microsoft Visual Studio Macro Tools

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Norton Security Suite

OpenNI 1.0.0 for Windows (remove only)

Payroll Mate (2010) 6.0.15

Payroll Mate (2011) 7.0.9

Picasa 3

Prime Sense - NITE 1.3.0 for Windows (remove only)

PrimeSensor 5.0.0 for Windows (Kinect Mod) (remove only)

QB Connection Diagnostic Tool

QuickBooks Company File Diagnostic Tool

QuickBooks Pro 2008

QuickTime

Ring Factory 2009 (3.0.2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)

Skype Toolbars

Skype™ 6.1

Spelling Dictionaries Support For Adobe Reader 9

Sql Server Customer Experience Improvement Program

SupportSoft Assisted Service

Tax Forms Helper 2008 8.5

Tax Forms Helper 2010 9.5

The Battle for Middle-earth

The Battle for Middle-earth II

TurboTax 2009

TurboTax 2009 wiliper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2009 wwiiper

TurboTax 2010

TurboTax 2010 wiliper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2010 wwiiper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

US-122 MKII / US-144 MKII

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VoiceOver Kit

Vuze

WCF RIA Services V1.0 SP1

Web Deployment Tool

WIDCOMM Bluetooth Software 6.0.1.4300

Windows Driver Package - PrimeSense (psdrv3) PrimeSense (02/16/2011 3.1.2.0)

Windows Driver Package - PrimeSense (psdrv3) PrimeSensor (07/13/2010 3.1.0.4)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

03/13/13 9:20:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

03/13/13 9:14:17 PM, Error: Service Control Manager [7038] - The QuickBooksDB18 service was unable to log on as .\QBDataServiceUser18 with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

03/13/13 9:14:17 PM, Error: Service Control Manager [7000] - The QuickBooksDB18 service failed to start due to the following error: The service did not start due to a logon failure.

03/13/13 9:03:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

03/13/13 9:02:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

03/13/13 12:39:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

03/13/13 1:07:40 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

03/12/13 8:59:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

03/12/13 8:59:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

03/12/13 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

03/12/13 8:58:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIM SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

03/12/13 7:18:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

03/12/13 11:42:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000048, 0x0000000000000002, 0x0000000000000001, 0xfffff80003171e7f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-24507-01.

03/12/13 11:36:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007606bb0, 0x0000000000000000, 0x00000000fffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-102445-01.

03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2791765).

03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289).

03/11/13 7:29:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030af26b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-24382-01.

03/11/13 6:21:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

03/11/13 6:20:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338ecda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-73538-01.

03/11/13 6:19:03 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

03/11/13 6:19:03 AM, Error: SRTSP [4] - Error loading virus definitions.

03/11/13 2:39:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

03/11/13 2:37:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a726b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-99559-01.

03/11/13 2:29:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030efe45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-101307-01.

03/11/13 2:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

03/11/13 2:25:41 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/11/13 2:19:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

03/11/13 2:18:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 mfehidk spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6

03/11/13 2:14:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880048b45c8, 0xfffff880048b3e20, 0xfffff800030b677a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-27331-01.

03/11/13 2:07:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030aaeea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-96985-01.

03/11/13 10:56:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:55:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:53:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

03/11/13 10:52:22 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

03/11/13 10:46:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003081fe0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-110776-01.

03/11/13 10:42:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

03/11/13 10:42:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/11/13 10:42:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

03/11/13 10:23:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d8cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-32807-01.

03/11/13 10:18:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003376cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-127078-01.

03/11/13 1:44:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.

03/11/13 1:44:16 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/10/13 9:48:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b6e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-25006-01.

03/10/13 8:57:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

03/10/13 8:54:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80076f2bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-100823-01.

03/10/13 8:32:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800089e198, 0x0000000000000000, 0xfffff800030ed501, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-101509-01.

03/10/13 8:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

03/10/13 8:26:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}

03/10/13 8:22:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030f4e45, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-104255-01.

03/10/13 8:16:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

03/10/13 8:16:25 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/10/13 7:12:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

03/10/13 10:47:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003100e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-23540-01.

03/10/13 10:42:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).

03/10/13 10:40:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a8e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-63866-01.

03/08/13 8:02:34 PM, Error: Service Control Manager [7034] - The CrashPlan Backup Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[trojan.agent infection, system crashing every few minutes]

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A172.tmp.vir Win64/Olmarik.AY trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A183.tmp.vir Win64/Olmarik.AY trojan

C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js Win32/TrojanDownloader.Tracur.V trojan

[trojan.agent infection, system crashing every few minutes]

Wow this is taking forever. It's been running for an hour and a half, and it says it's only 36% done. So far, no threats found.

[trojan.agent infection, system crashing every few minutes]

Will be offline for 2-3 hours - post what you want me to do next, and I will take care of it as soon as I'm back.

[trojan.agent infection, system crashing every few minutes]

It's been fine. I left it on all night (it's 10:40am here) and it hasn't crashed. Did a mbam scan, came up clean.

[trojan.agent infection, system crashing every few minutes]

I ran a mbam scan this morning and it came up clean

[trojan.agent infection, system crashing every few minutes]

I ran combofix twice and am including both logs. I thought I'd disabled Norton completely, but it started scanning something in the middle of the combofix scan, so I figured better safe than sorry.

first scan:

ComboFix 13-03-12.02 - Pam 03/12/13 21:56:22.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3284 [GMT -5:00]

Running from: c:\users\Pam\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Microsoft\Windows\DRM\A172.tmp

c:\programdata\Microsoft\Windows\DRM\A183.tmp

c:\users\Pam\314_gotomypc.exe

c:\users\Pam\370_gotomypc.exe

c:\users\Pam\AppData\Local\assembly\tmp

c:\users\Pam\AppData\Local\ie_runner_app.exe

c:\users\Pam\Desktop\Internet Explorer.lnk

c:\users\Pam\WINDOWS

c:\windows\Downloaded Program Files\DM.0

c:\windows\Downloaded Program Files\DM.1

c:\windows\Downloaded Program Files\DM.1\DMService.exe

c:\windows\Downloaded Program Files\DM.1\WhlMgr.dll

c:\windows\TEMP\jna8284382155021705789.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DMService

-------\Service_DMService

.

.

((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))

.

.

2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-03-13 03:10 . 2013-03-13 03:10 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp

2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions

2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS

2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST

2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific

2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs

2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip

2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip

2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip

2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]

R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576]

R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]

S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]

S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mozyFilter

*Deregistered* - MPFP

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43]

.

2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]

.

2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://news.yahoo.com/?u

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: paycycle.com\www

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKCU-Run-Upromise Update - c:\program files (x86)\Upromise\dca-ua.exe

Wow6432Node-HKCU-Run-Upromise Tray - c:\program files (x86)\Upromise\UpromiseTray.exe

SafeBoot-27303051.sys

SafeBoot-86078694.sys

SafeBoot-95364534.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Upromise TurboSaver - c:\program files (x86)\Upromise\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2013-03-12 22:23:58 - machine was rebooted

ComboFix-quarantined-files.txt 2013-03-13 03:23

.

Pre-Run: 564,631,904,256 bytes free

Post-Run: 564,211,740,672 bytes free

.

- - End Of File - - D1CA6FB3A2F1CE1E71D1F8B9D52158D6

second scan:

ComboFix 13-03-12.02 - Pam 03/12/13 22:43:02.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3963 [GMT -5:00]

Running from: c:\users\Pam\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\jna8271226750236814921.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))

.

.

2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp

2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions

2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS

2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST

2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific

2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes

2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs

2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip

2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip

2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip

2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]

R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576]

R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]

S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]

S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mozyFilter

*Deregistered* - MPFP

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43]

.

2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]

.

2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://news.yahoo.com/?u

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: paycycle.com\www

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-12 22:58:22

ComboFix-quarantined-files.txt 2013-03-13 03:58

ComboFix2.txt 2013-03-13 03:23

.

Pre-Run: 564,720,992,256 bytes free

Post-Run: 564,411,543,552 bytes free

.

- - End Of File - - 0A8D42F28F788AF32E9BC5492DEF8DE6

[trojan.agent infection, system crashing every few minutes]

K will do. Guess we're not a good time zone match as I'm in Chicago. Sleep well.

[trojan.agent infection, system crashing every few minutes]

Ah crap it's back. Hasn't crashed yet, though.

[trojan.agent infection, system crashing every few minutes]

Going to have a glass of wine myself. File was in sda 4. Ran the command you gave me (please don't tell me it was supposed to generate a file, because it didn't, lol) and booted into normal mode. So far, so good. Usually by now, I've had notifications from mbam pop up, but none have so far.

[trojan.agent infection, system crashing every few minutes]

I also checked view hidden files, still not there

[trojan.agent infection, system crashing every few minutes]

Not there. I just went back into windows to double check, and it's in the same folder as mbrbackup. Checked a second time in xpud, only mbrbackup is listed.

[trojan.agent infection, system crashing every few minutes]

I copied the file in windows into the same directory as mbrbackup. Now I'm in xpud, I see mbrbackup, but I don't see the mbr zip file. Do I go ahead with typing the command in the terminal, or do we have another problem?

[trojan.agent infection, system crashing every few minutes]

Allrighty then. Sda 1 had nothing in it, which apparently was the problem, lol. It was sda 3 that we wanted. The file is attached.MBRbackup.zip

[trojan.agent infection, system crashing every few minutes]

Daniel, I don't know what to tell you. I've run this several times, coped it to several folders, searched in both safe and normal modes, but if i'm not in xpud, I can't find any trace of that file. There was a usr folder in xpud, but none with my name on it, so I copied the backup file to the usr folder, to the rdesktop folder and to the shared folder, but can't find it once I'm in windows. It's been ages since I've used DOS - is there a way to copy it through the command prompt? I don't know if external drives are recognized in DOS.

[trojan.agent infection, system crashing every few minutes]

Ok, I've tried this 3 times. I see the mbrbackup zip file in xpud, but i can't find it anywhere when I go into windows. I've searched the entire computer, and it doesn't show up anywhere.

When I type :dd if=/dev/sda of=MBRbackup.zip bs=512 count=1, its just sda in the line, not sda 1, correct?

[trojan.agent infection, system crashing every few minutes]

Ok this is the first time I'm not sure - I expanded mnt and it lists sda 1-4. I'm not clear on what you want me to do next. Do I click tool, open terminal, then type exactly what you have above, or do I need to change the sd designation?

[trojan.agent infection, system crashing every few minutes]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01

Ran by SYSTEM at 12-03-2013 16:29:35

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]

HKLM\...\Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-05-22] (IDT, Inc.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\Administrator\...\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)

HKU\Administrator\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]

HKU\Pam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKU\Pam\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-11-08] (Siber Systems)

HKU\Pam\...\Run: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [x]

HKU\Pam\...\Run: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [x]

HKU\Pam\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Pam\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)

HKU\Pam\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Pam\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" [468408 2009-06-05] (Adobe Systems, Inc.)

HKU\QBDataServiceUser18\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]

HKU\QBDataServiceUser18\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\ProgramData\Start Menu\Programs\Startup\CrashPlan Tray.lnk

ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)

2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)

2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-06] (Dell Inc.)

3 DMService; C:\Windows\Downloaded Program Files\DM.1\DMService.exe [487312 2010-11-25] (Microsoft Corporation)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)

2 QuickBooksDB18; C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)

2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)

3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]

3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)

1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)

3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-13] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)

3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2011-03-30] (http://libusb-win32.sourceforge.net)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)

1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)

3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS [126192 2013-03-11] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS [2087664 2013-03-11] (Symantec Corporation)

3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [23816 2011-05-08] (Prime Sense Ltd.)

1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-21] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [53808 2010-05-05] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)

3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)

3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)

3 27303051; C:\Windows\System32\drivers\33678759.sys [x]

3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]

3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]

3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]

3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]

3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]

3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]

3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt

2013-03-12 08:52 - 2013-03-12 08:51 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt

2013-03-12 08:43 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp

2013-03-12 08:39 - 2013-03-12 08:40 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp

2013-03-12 07:00 - 2013-03-12 07:02 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST

2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp

2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp

2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp

2013-03-11 11:13 - 2013-03-11 11:14 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp

2013-03-11 11:06 - 2013-03-11 11:07 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp

2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe

2013-03-11 10:51 - 2013-03-11 10:52 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt

2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt

2013-03-11 10:43 - 2013-03-11 10:50 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine

2013-03-11 10:41 - 2013-03-11 10:42 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe

2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:36 - 00007739 ____A C:\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe

2013-03-11 07:54 - 2013-03-11 07:55 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe

2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp

2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp

2013-03-11 07:17 - 2013-03-11 07:18 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp

2013-03-11 06:58 - 2013-03-11 06:57 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-03-11 06:58 - 2013-03-11 06:57 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 06:36 - 2013-03-11 06:49 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe

2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 03:19 - 2013-03-11 03:20 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp

2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec

2013-03-10 19:46 - 2013-03-10 19:47 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp

2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp

2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-10 19:25 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-03-10 18:47 - 2013-03-10 18:48 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp

2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-02-22 13:56 - 2013-03-10 16:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat

2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe

2013-02-13 09:04 - 2013-03-10 12:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-02-13 01:01 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 01:01 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-13 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-13 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-13 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-13 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-13 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-13 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-13 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-13 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-12 18:07 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-12 18:07 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-12 18:07 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-12 18:07 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-12 18:07 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-12 18:07 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-12 18:07 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-12 18:07 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-12 18:07 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-12 18:07 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-12 18:07 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-12 18:07 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

==================== One Month Modified Files and Folders =======

2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt

2013-03-12 08:51 - 2013-03-12 08:52 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt

2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp

2013-03-12 08:42 - 2012-02-19 16:36 - 00000000 ____D C:\Windows\Minidump

2013-03-12 08:42 - 2009-06-17 04:23 - 678886980 ____A C:\Windows\MEMORY.DMP

2013-03-12 08:40 - 2013-03-12 08:39 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 08:39 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Pam\Tracing

2013-03-12 08:37 - 2011-05-13 15:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-12 08:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp

2013-03-12 08:36 - 2009-07-13 20:51 - 01499812 ____A C:\Windows\setupact.log

2013-03-12 07:02 - 2013-03-12 07:00 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST

2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp

2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp

2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp

2013-03-11 11:14 - 2013-03-11 11:13 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp

2013-03-11 11:07 - 2013-03-11 11:06 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp

2013-03-11 10:58 - 2009-12-05 15:01 - 01704193 ____A C:\Windows\WindowsUpdate.log

2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe

2013-03-11 10:52 - 2013-03-11 10:51 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt

2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-11 10:50 - 2013-03-11 10:43 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine

2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt

2013-03-11 10:47 - 2009-07-13 21:13 - 00876842 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-11 10:43 - 2013-01-24 08:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-11 10:42 - 2013-03-11 10:41 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe

2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt

2013-03-11 10:36 - 2013-03-11 10:35 - 00007739 ____A C:\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe

2013-03-11 10:13 - 2011-05-13 15:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-11 08:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-03-11 08:01 - 2011-05-18 13:16 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Skype

2013-03-11 07:55 - 2013-03-11 07:54 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe

2013-03-11 07:52 - 2009-07-13 21:08 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp

2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp

2013-03-11 07:18 - 2013-03-11 07:17 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp

2013-03-11 07:07 - 2009-12-05 14:44 - 00532140 ____A C:\Windows\PFRO.log

2013-03-11 06:59 - 2009-01-04 08:56 - 00000000 ____D C:\ProgramData\Adobe

2013-03-11 06:57 - 2013-03-11 06:58 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-03-11 06:57 - 2013-03-11 06:58 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-11 06:57 - 2011-03-27 07:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-03-11 06:57 - 2009-01-04 08:51 - 00000000 ____D C:\Program Files (x86)\Java

2013-03-11 06:52 - 2009-12-05 14:23 - 00000000 ____D C:\users\Administrator

2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 06:49 - 2013-03-11 06:36 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe

2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 03:20 - 2013-03-11 03:19 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp

2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec

2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files\Bonjour

2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-03-10 21:37 - 2011-08-16 11:41 - 00000000 ____D C:\Program Files\CrashPlan

2013-03-10 21:37 - 2011-07-10 17:49 - 00000000 ____D C:\Program Files (x86)\Ring Factory

2013-03-10 21:37 - 2011-07-08 18:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-03-10 21:37 - 2011-06-20 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze

2013-03-10 21:37 - 2010-11-10 18:43 - 00000000 ____D C:\Python26

2013-03-10 21:37 - 2010-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\Finale 2011

2013-03-10 21:37 - 2010-04-21 05:06 - 00000000 ____D C:\ProgramData\Norton

2013-03-10 21:37 - 2009-12-05 14:23 - 00000000 ____D C:\users\QBDataServiceUser18

2013-03-10 21:37 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-03-10 21:37 - 2009-06-03 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-03-10 21:37 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Kevin

2013-03-10 19:47 - 2013-03-10 19:46 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp

2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp

2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-10 18:48 - 2013-03-10 18:47 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp

2013-03-10 18:48 - 2009-12-05 14:23 - 00000000 ____D C:\users\Pam

2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-03-10 17:06 - 2012-06-27 08:53 - 00000024 ____A C:\Users\Pam\random.dat

2013-03-10 17:02 - 2010-10-01 18:07 - 00000000 ____D C:\Users\Pam\Documents\Sara 2

2013-03-10 16:56 - 2013-02-22 13:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat

2013-03-10 16:56 - 2011-10-25 18:14 - 00000032 ____A C:\Users\Pam\jagex_cl_runescape_LIVE.dat

2013-03-10 12:50 - 2013-02-13 09:04 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-03-01 09:52 - 2011-02-12 07:53 - 00000000 ____D C:\Users\Pam\AppData\Local\{1339582B-495A-4F41-96DE-D29C21E8004D}

2013-02-26 20:43 - 2013-01-24 08:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-26 20:43 - 2011-06-29 04:59 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-22 13:56 - 2012-06-27 08:53 - 00000000 ____D C:\Users\Pam\jagexcache

2013-02-19 18:20 - 2010-10-02 11:53 - 00000509 ____A C:\Windows\demdata.txt

2013-02-13 21:20 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Personal

2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe

2013-02-13 19:11 - 2008-10-29 10:53 - 00000000 ____D C:\Users\Pam\Documents\QB 2008 data files

2013-02-13 14:47 - 2006-07-17 14:08 - 00000000 ____D C:\Users\Pam\Documents\JDM

2013-02-13 14:43 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Insctr

2013-02-13 07:21 - 2012-05-10 18:11 - 00000000 ____D C:\Users\Pam\Documents\Quicken

2013-02-13 01:41 - 2009-07-13 20:45 - 00648776 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-13 01:20 - 2009-01-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-13 01:09 - 2009-12-12 06:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-12 21:04 - 2013-01-24 16:58 - 00000000 ____D C:\Users\Pam\AppData\Local\{94636BCD-8EC9-4864-A7BC-33E9FFF0E645}

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-08 20:19:04

Restore point made on: 2013-03-11 06:57:10

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 6077.91 MB

Available physical RAM: 5338.51 MB

Total Pagefile: 6076.06 MB

Available Pagefile: 5345.73 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:505.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.3 GB) NTFS

4 Drive f: () (Removable) (Total:1.92 GB) (Free:1.59 GB) FAT

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 1967 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 88000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 62 MB 31 KB

Partition 2 Primary 15 GB 63 MB

Partition 3 Primary 683 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 62 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 683 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1966 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 1966 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 88000000

Partition 1:

=========

Hex: 80001E00000000001D00000000000000

Active: YES

Type: 00

Size: 0 byte

ATTENTION ===> 0 byte partition bootkit on partition 1

Partition 2:

=========

Hex: 00010100DEFE3F073F000000C9F50100

Active: NO

Type: DE

Size: 63 MB

Partition 3:

=========

Hex: 0008010807FEFFFF00F801000000E001

Active: NO

Type: 07 (NTFS)

Size: 15 GB

Partition 4:

=========

Hex: 80FEFFFF07FEFFFF00F8E10100607255

Active: YES

Type: 07 (NTFS)

Size: 684 GB

==============================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition 1:

=========

Hex: 800101000E0FA0BB20000000E0773D00

Active: YES

Type: 0E

Size: 2 GB

Last Boot: 2013-03-11 04:58

==================== End Of Log =============================

[trojan.agent infection, system crashing every few minutes]

Yes, I've been using a usb to move the programs you've had me using to the infected computer, since I can't get it to stay up long enough to download them directly. I inoculated the usb with the panda vaccine.

[trojan.agent infection, system crashing every few minutes]

<p> </p>

<div>11:53:50.0045 0288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42</div>

<div>11:53:50.0076 0288  ============================================================</div>

<div>11:53:50.0076 0288  Current date / time: 2013/03/12 11:53:50.0076</div>

<div>11:53:50.0076 0288  SystemInfo:</div>

<div>11:53:50.0076 0288  </div>

<div>11:53:50.0076 0288  OS Version: 6.1.7601 ServicePack: 1.0</div>

<div>11:53:50.0076 0288  Product type: Workstation</div>

<div>11:53:50.0076 0288  ComputerName: MAIN-DELL</div>

<div>11:53:50.0076 0288  UserName: Pam</div>

<div>11:53:50.0076 0288  Windows directory: C:\Windows</div>

<div>11:53:50.0076 0288  System windows directory: C:\Windows</div>

<div>11:53:50.0076 0288  Running under WOW64</div>

<div>11:53:50.0076 0288  Processor architecture: Intel x64</div>

<div>11:53:50.0076 0288  Number of processors: 4</div>

<div>11:53:50.0076 0288  Page size: 0x1000</div>

<div>11:53:50.0076 0288  Boot type: Safe boot</div>

<div>11:53:50.0076 0288  ============================================================</div>

<div>11:53:50.0388 0288  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</div>

<div>11:53:50.0388 0288  Drive \Device\Harddisk1\DR1 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'</div>

<div>11:53:50.0419 0288  ============================================================</div>

<div>11:53:50.0419 0288  \Device\Harddisk0\DR0:</div>

<div>11:53:50.0419 0288  MBR partitions:</div>

<div>11:53:50.0419 0288  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000</div>

<div>11:53:50.0419 0288  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000</div>

<div>11:53:50.0419 0288  \Device\Harddisk1\DR1:</div>

<div>11:53:50.0419 0288  MBR partitions:</div>

<div>11:53:50.0419 0288  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0</div>

<div>11:53:50.0419 0288  ============================================================</div>

<div>11:53:50.0450 0288  C: <-> \Device\Harddisk0\DR0\Partition2</div>

<div>11:53:50.0482 0288  D: <-> \Device\Harddisk0\DR0\Partition1</div>

<div>11:53:50.0482 0288  ============================================================</div>

<div>11:53:50.0482 0288  Initialize success</div>

<div>11:53:50.0482 0288  ============================================================</div>

<div>11:54:06.0955 0484  ============================================================</div>

<div>11:54:06.0955 0484  Scan started</div>

<div>11:54:06.0955 0484  Mode: Manual; </div>

<div>11:54:06.0955 0484  ============================================================</div>

<div>11:54:07.0018 0484  ================ Scan system memory ========================</div>

<div>11:54:07.0018 0484  System memory - ok</div>

<div>11:54:07.0018 0484  ================ Scan services =============================</div>

<div>11:54:07.0189 0484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys</div>

<div>11:54:07.0189 0484  1394ohci - ok</div>

<div>11:54:07.0205 0484  27303051 - ok</div>

<div>11:54:07.0252 0484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys</div>

<div>11:54:07.0252 0484  ACPI - ok</div>

<div>11:54:07.0298 0484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys</div>

<div>11:54:07.0298 0484  AcpiPmi - ok</div>

<div>11:54:07.0423 0484  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>11:54:07.0423 0484  AdobeARMservice - ok</div>

<div>11:54:07.0564 0484  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</div>

<div>11:54:07.0564 0484  AdobeFlashPlayerUpdateSvc - ok</div>

<div>11:54:07.0610 0484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys</div>

<div>11:54:07.0610 0484  adp94xx - ok</div>

<div>11:54:07.0642 0484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys</div>

<div>11:54:07.0642 0484  adpahci - ok</div>

<div>11:54:07.0673 0484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys</div>

<div>11:54:07.0673 0484  adpu320 - ok</div>

<div>11:54:07.0720 0484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll</div>

<div>11:54:07.0720 0484  AeLookupSvc - ok</div>

<div>11:54:07.0782 0484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys</div>

<div>11:54:07.0798 0484  AFD - ok</div>

<div>11:54:07.0829 0484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys</div>

<div>11:54:07.0829 0484  agp440 - ok</div>

<div>11:54:07.0829 0484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe</div>

<div>11:54:07.0829 0484  ALG - ok</div>

<div>11:54:07.0844 0484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys</div>

<div>11:54:07.0844 0484  aliide - ok</div>

<div>11:54:07.0907 0484  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe</div>

<div>11:54:07.0907 0484  AMD External Events Utility - ok</div>

<div>11:54:07.0922 0484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys</div>

<div>11:54:07.0922 0484  amdide - ok</div>

<div>11:54:07.0938 0484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys</div>

<div>11:54:07.0938 0484  AmdK8 - ok</div>

<div>11:54:08.0141 0484  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys</div>

<div>11:54:08.0250 0484  amdkmdag - ok</div>

<div>11:54:08.0281 0484  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys</div>

<div>11:54:08.0281 0484  amdkmdap - ok</div>

<div>11:54:08.0312 0484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys</div>

<div>11:54:08.0312 0484  AmdPPM - ok</div>

<div>11:54:08.0375 0484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys</div>

<div>11:54:08.0375 0484  amdsata - ok</div>

<div>11:54:08.0375 0484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys</div>

<div>11:54:08.0390 0484  amdsbs - ok</div>

<div>11:54:08.0406 0484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys</div>

<div>11:54:08.0406 0484  amdxata - ok</div>

<div>11:54:08.0453 0484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys</div>

<div>11:54:08.0453 0484  AppID - ok</div>

<div>11:54:08.0484 0484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll</div>

<div>11:54:08.0484 0484  AppIDSvc - ok</div>

<div>11:54:08.0531 0484  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll</div>

<div>11:54:08.0531 0484  Appinfo - ok</div>

<div>11:54:08.0609 0484  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>11:54:08.0609 0484  Apple Mobile Device - ok</div>

<div>11:54:08.0624 0484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys</div>

<div>11:54:08.0624 0484  arc - ok</div>

<div>11:54:08.0640 0484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys</div>

<div>11:54:08.0640 0484  arcsas - ok</div>

<div>11:54:08.0780 0484  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</div>

<div>11:54:08.0780 0484  aspnet_state - ok</div>

<div>11:54:08.0796 0484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys</div>

<div>11:54:08.0796 0484  AsyncMac - ok</div>

<div>11:54:08.0843 0484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys</div>

<div>11:54:08.0843 0484  atapi - ok</div>

<div>11:54:09.0014 0484  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys</div>

<div>11:54:09.0061 0484  atikmdag - ok</div>

<div>11:54:09.0108 0484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll</div>

<div>11:54:09.0124 0484  AudioEndpointBuilder - ok</div>

<div>11:54:09.0124 0484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll</div>

<div>11:54:09.0139 0484  AudioSrv - ok</div>

<div>11:54:09.0186 0484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll</div>

<div>11:54:09.0186 0484  AxInstSV - ok</div>

<div>11:54:09.0248 0484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys</div>

<div>11:54:09.0248 0484  b06bdrv - ok</div>

<div>11:54:09.0280 0484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys</div>

<div>11:54:09.0280 0484  b57nd60a - ok</div>

<div>11:54:09.0342 0484  [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys</div>

<div>11:54:09.0373 0484  BCM43XX - ok</div>

<div>11:54:09.0420 0484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll</div>

<div>11:54:09.0420 0484  BDESVC - ok</div>

<div>11:54:09.0436 0484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys</div>

<div>11:54:09.0436 0484  Beep - ok</div>

<div>11:54:09.0514 0484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll</div>

<div>11:54:09.0529 0484  BFE - ok</div>

<div>11:54:09.0716 0484  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys</div>

<div>11:54:09.0732 0484  BHDrvx64 - ok</div>

<div>11:54:09.0779 0484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll</div>

<div>11:54:09.0794 0484  BITS - ok</div>

<div>11:54:09.0826 0484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys</div>

<div>11:54:09.0826 0484  blbdrive - ok</div>

<div>11:54:09.0935 0484  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>11:54:09.0950 0484  Bonjour Service - ok</div>

<div>11:54:09.0982 0484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys</div>

<div>11:54:09.0997 0484  bowser - ok</div>

<div>11:54:10.0013 0484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys</div>

<div>11:54:10.0013 0484  BrFiltLo - ok</div>

<div>11:54:10.0028 0484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys</div>

<div>11:54:10.0028 0484  BrFiltUp - ok</div>

<div>11:54:10.0060 0484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll</div>

<div>11:54:10.0060 0484  Browser - ok</div>

<div>11:54:10.0075 0484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys</div>

<div>11:54:10.0091 0484  Brserid - ok</div>

<div>11:54:10.0106 0484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys</div>

<div>11:54:10.0106 0484  BrSerWdm - ok</div>

<div>11:54:10.0122 0484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys</div>

<div>11:54:10.0122 0484  BrUsbMdm - ok</div>

<div>11:54:10.0138 0484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys</div>

<div>11:54:10.0138 0484  BrUsbSer - ok</div>

<div>11:54:10.0138 0484  BTCFilterService - ok</div>

<div>11:54:10.0169 0484  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys</div>

<div>11:54:10.0169 0484  BthEnum - ok</div>

<div>11:54:10.0184 0484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys</div>

<div>11:54:10.0184 0484  BTHMODEM - ok</div>

<div>11:54:10.0216 0484  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys</div>

<div>11:54:10.0216 0484  BthPan - ok</div>

<div>11:54:10.0278 0484  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys</div>

<div>11:54:10.0278 0484  BTHPORT - ok</div>

<div>11:54:10.0294 0484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll</div>

<div>11:54:10.0309 0484  bthserv - ok</div>

<div>11:54:10.0325 0484  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys</div>

<div>11:54:10.0325 0484  BTHUSB - ok</div>

<div>11:54:10.0372 0484  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys</div>

<div>11:54:10.0372 0484  btusbflt - ok</div>

<div>11:54:10.0387 0484  [ A44AD9AB3BF98A65EB58662E3C78EAE0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys</div>

<div>11:54:10.0387 0484  btwaudio - ok</div>

<div>11:54:10.0418 0484  [ A441D453821A6336F516F97F79BBFA17 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys</div>

<div>11:54:10.0418 0484  btwavdt - ok</div>

<div>11:54:10.0450 0484  [ B550C75397D96251A92391555FE5534C ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys</div>

<div>11:54:10.0450 0484  btwrchid - ok</div>

<div>11:54:10.0528 0484  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys</div>

<div>11:54:10.0543 0484  ccHP - ok</div>

<div>11:54:10.0543 0484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys</div>

<div>11:54:10.0559 0484  cdfs - ok</div>

<div>11:54:10.0590 0484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys</div>

<div>11:54:10.0606 0484  cdrom - ok</div>

<div>11:54:10.0637 0484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll</div>

<div>11:54:10.0637 0484  CertPropSvc - ok</div>

<div>11:54:10.0684 0484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys</div>

<div>11:54:10.0684 0484  circlass - ok</div>

<div>11:54:10.0715 0484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys</div>

<div>11:54:10.0715 0484  CLFS - ok</div>

<div>11:54:10.0793 0484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</div>

<div>11:54:10.0793 0484  clr_optimization_v2.0.50727_32 - ok</div>

<div>11:54:10.0855 0484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe</div>

<div>11:54:10.0855 0484  clr_optimization_v2.0.50727_64 - ok</div>

<div>11:54:10.0933 0484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</div>

<div>11:54:10.0933 0484  clr_optimization_v4.0.30319_32 - ok</div>

<div>11:54:10.0964 0484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</div>

<div>11:54:10.0964 0484  clr_optimization_v4.0.30319_64 - ok</div>

<div>11:54:10.0980 0484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys</div>

<div>11:54:10.0980 0484  CmBatt - ok</div>

<div>11:54:11.0027 0484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys</div>

<div>11:54:11.0027 0484  cmdide - ok</div>

<div>11:54:11.0058 0484  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys</div>

<div>11:54:11.0074 0484  CNG - ok</div>

<div>11:54:11.0089 0484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys</div>

<div>11:54:11.0089 0484  Compbatt - ok</div>

<div>11:54:11.0120 0484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys</div>

<div>11:54:11.0120 0484  CompositeBus - ok</div>

<div>11:54:11.0120 0484  COMSysApp - ok</div>

<div>11:54:11.0230 0484  [ E2CEC73B4D221B9FFE906748D1F5FC54 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe</div>

<div>11:54:11.0230 0484  CrashPlanService - ok</div>

<div>11:54:11.0245 0484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys</div>

<div>11:54:11.0245 0484  crcdisk - ok</div>

<div>11:54:11.0261 0484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll</div>

<div>11:54:11.0261 0484  CryptSvc - ok</div>

<div>11:54:11.0308 0484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll</div>

<div>11:54:11.0323 0484  DcomLaunch - ok</div>

<div>11:54:11.0354 0484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll</div>

<div>11:54:11.0354 0484  defragsvc - ok</div>

<div>11:54:11.0401 0484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys</div>

<div>11:54:11.0417 0484  DfsC - ok</div>

<div>11:54:11.0432 0484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll</div>

<div>11:54:11.0448 0484  Dhcp - ok</div>

<div>11:54:11.0479 0484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys</div>

<div>11:54:11.0479 0484  discache - ok</div>

<div>11:54:11.0510 0484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys</div>

<div>11:54:11.0510 0484  Disk - ok</div>

<div>11:54:11.0588 0484  [ ADBFBACB97C73ED85A2B6DF89CAB57DB ] DLPWD           C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE</div>

<div>11:54:11.0588 0484  DLPWD - ok</div>

<div>11:54:11.0635 0484  [ A411AB2E7CD15CC7AD9D8E19A6ADD7A7 ] DLSDB           C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE</div>

<div>11:54:11.0635 0484  DLSDB - ok</div>

<div>11:54:11.0713 0484  [ 4E82A6C63AF27769D116EAB576E5357E ] DMService       C:\Windows\Downloaded Program Files\DM.1\DMService.exe</div>

<div>11:54:11.0713 0484  DMService - ok</div>

<div>11:54:11.0760 0484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll</div>

<div>11:54:11.0760 0484  Dnscache - ok</div>

<div>11:54:11.0776 0484  [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe</div>

<div>11:54:11.0776 0484  DockLoginService - ok</div>

<div>11:54:11.0822 0484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll</div>

<div>11:54:11.0822 0484  dot3svc - ok</div>

<div>11:54:11.0838 0484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll</div>

<div>11:54:11.0838 0484  DPS - ok</div>

<div>11:54:11.0900 0484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys</div>

<div>11:54:11.0900 0484  drmkaud - ok</div>

<div>11:54:11.0947 0484  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys</div>

<div>11:54:11.0963 0484  DXGKrnl - ok</div>

<div>11:54:11.0994 0484  [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express       C:\Windows\system32\DRIVERS\e1e6232e.sys</div>

<div>11:54:11.0994 0484  e1express - ok</div>

<div>11:54:12.0041 0484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll</div>

<div>11:54:12.0041 0484  EapHost - ok</div>

<div>11:54:12.0103 0484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys</div>

<div>11:54:12.0134 0484  ebdrv - ok</div>

<div>11:54:12.0212 0484  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys</div>

<div>11:54:12.0212 0484  eeCtrl - ok</div>

<div>11:54:12.0259 0484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe</div>

<div>11:54:12.0259 0484  EFS - ok</div>

<div>11:54:12.0275 0484  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe</div>

<div>11:54:12.0290 0484  ehRecvr - ok</div>

<div>11:54:12.0322 0484  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe</div>

<div>11:54:12.0322 0484  ehSched - ok</div>

<div>11:54:12.0384 0484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys</div>

<div>11:54:12.0384 0484  elxstor - ok</div>

<div>11:54:12.0446 0484  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys</div>

<div>11:54:12.0446 0484  EraserUtilRebootDrv - ok</div>

<div>11:54:12.0446 0484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys</div>

<div>11:54:12.0446 0484  ErrDev - ok</div>

<div>11:54:12.0478 0484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll</div>

<div>11:54:12.0493 0484  EventSystem - ok</div>

<div>11:54:12.0509 0484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys</div>

<div>11:54:12.0509 0484  exfat - ok</div>

<div>11:54:12.0524 0484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys</div>

<div>11:54:12.0540 0484  fastfat - ok</div>

<div>11:54:12.0587 0484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe</div>

<div>11:54:12.0602 0484  Fax - ok</div>

<div>11:54:12.0602 0484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys</div>

<div>11:54:12.0618 0484  fdc - ok</div>

<div>11:54:12.0649 0484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll</div>

<div>11:54:12.0649 0484  fdPHost - ok</div>

<div>11:54:12.0649 0484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll</div>

<div>11:54:12.0649 0484  FDResPub - ok</div>

<div>11:54:12.0665 0484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys</div>

<div>11:54:12.0665 0484  FileInfo - ok</div>

<div>11:54:12.0680 0484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys</div>

<div>11:54:12.0680 0484  Filetrace - ok</div>

<div>11:54:12.0696 0484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys</div>

<div>11:54:12.0696 0484  flpydisk - ok</div>

<div>11:54:12.0712 0484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys</div>

<div>11:54:12.0712 0484  FltMgr - ok</div>

<div>11:54:12.0743 0484  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll</div>

<div>11:54:12.0758 0484  FontCache - ok</div>

<div>11:54:12.0821 0484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe</div>

<div>11:54:12.0821 0484  FontCache3.0.0.0 - ok</div>

<div>11:54:12.0836 0484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys</div>

<div>11:54:12.0836 0484  FsDepends - ok</div>

<div>11:54:12.0852 0484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys</div>

<div>11:54:12.0852 0484  Fs_Rec - ok</div>

<div>11:54:12.0883 0484  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys</div>

<div>11:54:12.0883 0484  fvevol - ok</div>

<div>11:54:12.0930 0484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys</div>

<div>11:54:12.0930 0484  gagp30kx - ok</div>

<div>11:54:12.0946 0484  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys</div>

<div>11:54:12.0946 0484  GEARAspiWDM - ok</div>

<div>11:54:12.0977 0484  getPlusHelper - ok</div>

<div>11:54:13.0008 0484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll</div>

<div>11:54:13.0008 0484  gpsvc - ok</div>

<div>11:54:13.0102 0484  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>11:54:13.0102 0484  gupdate - ok</div>

<div>11:54:13.0117 0484  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>11:54:13.0117 0484  gupdatem - ok</div>

<div>11:54:13.0148 0484  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe</div>

<div>11:54:13.0148 0484  gusvc - ok</div>

<div>11:54:13.0164 0484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys</div>

<div>11:54:13.0164 0484  hcw85cir - ok</div>

<div>11:54:13.0211 0484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys</div>

<div>11:54:13.0211 0484  HdAudAddService - ok</div>

<div>11:54:13.0273 0484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys</div>

<div>11:54:13.0273 0484  HDAudBus - ok</div>

<div>11:54:13.0289 0484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys</div>

<div>11:54:13.0289 0484  HidBatt - ok</div>

<div>11:54:13.0304 0484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys</div>

<div>11:54:13.0304 0484  HidBth - ok</div>

<div>11:54:13.0320 0484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys</div>

<div>11:54:13.0320 0484  HidIr - ok</div>

<div>11:54:13.0351 0484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll</div>

<div>11:54:13.0351 0484  hidserv - ok</div>

<div>11:54:13.0382 0484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys</div>

<div>11:54:13.0382 0484  HidUsb - ok</div>

<div>11:54:13.0414 0484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll</div>

<div>11:54:13.0414 0484  hkmsvc - ok</div>

<div>11:54:13.0460 0484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll</div>

<div>11:54:13.0460 0484  HomeGroupListener - ok</div>

<div>11:54:13.0492 0484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll</div>

<div>11:54:13.0507 0484  HomeGroupProvider - ok</div>

<div>11:54:13.0523 0484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys</div>

<div>11:54:13.0523 0484  HpSAMD - ok</div>

<div>11:54:13.0554 0484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys</div>

<div>11:54:13.0570 0484  HTTP - ok</div>

<div>11:54:13.0601 0484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys</div>

<div>11:54:13.0601 0484  hwpolicy - ok</div>

<div>11:54:13.0648 0484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys</div>

<div>11:54:13.0648 0484  i8042prt - ok</div>

<div>11:54:13.0710 0484  [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe</div>

<div>11:54:13.0710 0484  IAANTMON - ok</div>

<div>11:54:13.0757 0484  [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys</div>

<div>11:54:13.0757 0484  iaStor - ok</div>

<div>11:54:13.0788 0484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys</div>

<div>11:54:13.0804 0484  iaStorV - ok</div>

<div>11:54:13.0850 0484  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div>

<div>11:54:13.0850 0484  IDriverT - ok</div>

<div>11:54:13.0882 0484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe</div>

<div>11:54:13.0897 0484  idsvc - ok</div>

<div>11:54:13.0991 0484  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys</div>

<div>11:54:14.0006 0484  IDSVia64 - ok</div>

<div>11:54:14.0038 0484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys</div>

<div>11:54:14.0038 0484  iirsp - ok</div>

<div>11:54:14.0084 0484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll</div>

<div>11:54:14.0100 0484  IKEEXT - ok</div>

<div>11:54:14.0116 0484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys</div>

<div>11:54:14.0116 0484  intelide - ok</div>

<div>11:54:14.0131 0484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys</div>

<div>11:54:14.0131 0484  intelppm - ok</div>

<div>11:54:14.0194 0484  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe</div>

<div>11:54:14.0194 0484  IntuitUpdateService - ok</div>

<div>11:54:14.0240 0484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll</div>

<div>11:54:14.0240 0484  IPBusEnum - ok</div>

<div>11:54:14.0287 0484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys</div>

<div>11:54:14.0287 0484  IpFilterDriver - ok</div>

<div>11:54:14.0318 0484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll</div>

<div>11:54:14.0334 0484  iphlpsvc - ok</div>

<div>11:54:14.0365 0484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys</div>

<div>11:54:14.0365 0484  IPMIDRV - ok</div>

<div>11:54:14.0381 0484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys</div>

<div>11:54:14.0381 0484  IPNAT - ok</div>

<div>11:54:14.0443 0484  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe</div>

<div>11:54:14.0459 0484  iPod Service - ok</div>

<div>11:54:14.0474 0484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys</div>

<div>11:54:14.0474 0484  IRENUM - ok</div>

<div>11:54:14.0474 0484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys</div>

<div>11:54:14.0490 0484  isapnp - ok</div>

<div>11:54:14.0521 0484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys</div>

<div>11:54:14.0537 0484  iScsiPrt - ok</div>

<div>11:54:14.0552 0484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys</div>

<div>11:54:14.0552 0484  kbdclass - ok</div>

<div>11:54:14.0568 0484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys</div>

<div>11:54:14.0568 0484  kbdhid - ok</div>

<div>11:54:14.0584 0484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe</div>

<div>11:54:14.0584 0484  KeyIso - ok</div>

<div>11:54:14.0615 0484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys</div>

<div>11:54:14.0615 0484  KSecDD - ok</div>

<div>11:54:14.0646 0484  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys</div>

<div>11:54:14.0646 0484  KSecPkg - ok</div>

<div>11:54:14.0677 0484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys</div>

<div>11:54:14.0677 0484  ksthunk - ok</div>

<div>11:54:14.0708 0484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll</div>

<div>11:54:14.0724 0484  KtmRm - ok</div>

<div>11:54:14.0740 0484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll</div>

<div>11:54:14.0740 0484  LanmanServer - ok</div>

<div>11:54:14.0786 0484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll</div>

<div>11:54:14.0786 0484  LanmanWorkstation - ok</div>

<div>11:54:14.0818 0484  Lavasoft Kernexplorer - ok</div>

<div>11:54:14.0864 0484  [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys</div>

<div>11:54:14.0864 0484  libusb0 - ok</div>

<div>11:54:14.0896 0484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys</div>

<div>11:54:14.0896 0484  lltdio - ok</div>

<div>11:54:14.0927 0484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll</div>

<div>11:54:14.0927 0484  lltdsvc - ok</div>

<div>11:54:14.0942 0484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll</div>

<div>11:54:14.0942 0484  lmhosts - ok</div>

<div>11:54:14.0974 0484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys</div>

<div>11:54:14.0974 0484  LSI_FC - ok</div>

<div>11:54:14.0989 0484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys</div>

<div>11:54:14.0989 0484  LSI_SAS - ok</div>

<div>11:54:15.0005 0484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys</div>

<div>11:54:15.0005 0484  LSI_SAS2 - ok</div>

<div>11:54:15.0005 0484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys</div>

<div>11:54:15.0020 0484  LSI_SCSI - ok</div>

<div>11:54:15.0036 0484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys</div>

<div>11:54:15.0036 0484  luafv - ok</div>

<div>11:54:15.0083 0484  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys</div>

<div>11:54:15.0083 0484  MBAMProtector - ok</div>

<div>11:54:15.0145 0484  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>11:54:15.0145 0484  MBAMScheduler - ok</div>

<div>11:54:15.0192 0484  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>11:54:15.0208 0484  MBAMService - ok</div>

<div>11:54:15.0239 0484  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll</div>

<div>11:54:15.0254 0484  Mcx2Svc - ok</div>

<div>11:54:15.0286 0484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys</div>

<div>11:54:15.0286 0484  megasas - ok</div>

<div>11:54:15.0301 0484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys</div>

<div>11:54:15.0301 0484  MegaSR - ok</div>

<div>11:54:15.0332 0484  [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys</div>

<div>11:54:15.0332 0484  mfeavfk - ok</div>

<div>11:54:15.0348 0484  [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys</div>

<div>11:54:15.0348 0484  mfehidk - ok</div>

<div>11:54:15.0379 0484  [ 624D717B11E5004F68442B5740F17F21 ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys</div>

<div>11:54:15.0379 0484  mferkdk - ok</div>

<div>11:54:15.0410 0484  [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys</div>

<div>11:54:15.0410 0484  mfesmfk - ok</div>

<div>11:54:15.0442 0484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll</div>

<div>11:54:15.0442 0484  MMCSS - ok</div>

<div>11:54:15.0457 0484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys</div>

<div>11:54:15.0457 0484  Modem - ok</div>

<div>11:54:15.0504 0484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys</div>

<div>11:54:15.0504 0484  monitor - ok</div>

<div>11:54:15.0504 0484  motccgp - ok</div>

<div>11:54:15.0520 0484  motccgpfl - ok</div>

<div>11:54:15.0520 0484  MotoSwitchService - ok</div>

<div>11:54:15.0535 0484  Motousbnet - ok</div>

<div>11:54:15.0551 0484  motusbdevice - ok</div>

<div>11:54:15.0582 0484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys</div>

<div>11:54:15.0582 0484  mouclass - ok</div>

<div>11:54:15.0598 0484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys</div>

<div>11:54:15.0598 0484  mouhid - ok</div>

<div>11:54:15.0629 0484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys</div>

<div>11:54:15.0629 0484  mountmgr - ok</div>

<div>11:54:15.0644 0484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys</div>

<div>11:54:15.0644 0484  mpio - ok</div>

<div>11:54:15.0660 0484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys</div>

<div>11:54:15.0660 0484  mpsdrv - ok</div>

<div>11:54:15.0707 0484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll</div>

<div>11:54:15.0707 0484  MpsSvc - ok</div>

<div>11:54:15.0754 0484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys</div>

<div>11:54:15.0754 0484  MRxDAV - ok</div>

<div>11:54:15.0816 0484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys</div>

<div>11:54:15.0816 0484  mrxsmb - ok</div>

<div>11:54:15.0847 0484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys</div>

<div>11:54:15.0847 0484  mrxsmb10 - ok</div>

<div>11:54:15.0863 0484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys</div>

<div>11:54:15.0863 0484  mrxsmb20 - ok</div>

<div>11:54:15.0878 0484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys</div>

<div>11:54:15.0878 0484  msahci - ok</div>

<div>11:54:15.0894 0484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys</div>

<div>11:54:15.0910 0484  msdsm - ok</div>

<div>11:54:15.0910 0484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe</div>

<div>11:54:15.0910 0484  MSDTC - ok</div>

<div>11:54:15.0956 0484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys</div>

<div>11:54:15.0956 0484  Msfs - ok</div>

<div>11:54:15.0972 0484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys</div>

<div>11:54:15.0972 0484  mshidkmdf - ok</div>

<div>11:54:15.0972 0484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys</div>

<div>11:54:15.0972 0484  msisadrv - ok</div>

<div>11:54:16.0019 0484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll</div>

<div>11:54:16.0019 0484  MSiSCSI - ok</div>

<div>11:54:16.0019 0484  msiserver - ok</div>

<div>11:54:16.0050 0484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys</div>

<div>11:54:16.0050 0484  MSKSSRV - ok</div>

<div>11:54:16.0066 0484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys</div>

<div>11:54:16.0066 0484  MSPCLOCK - ok</div>

<div>11:54:16.0081 0484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys</div>

<div>11:54:16.0081 0484  MSPQM - ok</div>

<div>11:54:16.0128 0484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys</div>

<div>11:54:16.0128 0484  MsRPC - ok</div>

<div>11:54:16.0128 0484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys</div>

<div>11:54:16.0128 0484  mssmbios - ok</div>

<div>11:54:16.0237 0484  MSSQL$SQLEXPRESS - ok</div>

<div>11:54:16.0315 0484  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE</div>

<div>11:54:16.0315 0484  MSSQLServerADHelper100 - ok</div>

<div>11:54:16.0331 0484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys</div>

<div>11:54:16.0331 0484  MSTEE - ok</div>

<div>11:54:16.0346 0484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys</div>

<div>11:54:16.0346 0484  MTConfig - ok</div>

<div>11:54:16.0362 0484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys</div>

<div>11:54:16.0362 0484  Mup - ok</div>

<div>11:54:16.0424 0484  [ B4187346F54E362DAFFE647B25A58D50 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe</div>

<div>11:54:16.0424 0484  N360 - ok</div>

<div>11:54:16.0471 0484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll</div>

<div>11:54:16.0471 0484  napagent - ok</div>

<div>11:54:16.0518 0484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys</div>

<div>11:54:16.0518 0484  NativeWifiP - ok</div>

<div>11:54:16.0627 0484  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS</div>

<div>11:54:16.0627 0484  NAVENG - ok</div>

<div>11:54:16.0690 0484  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS</div>

<div>11:54:16.0721 0484  NAVEX15 - ok</div>

<div>11:54:16.0768 0484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys</div>

<div>11:54:16.0768 0484  NDIS - ok</div>

<div>11:54:16.0799 0484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys</div>

<div>11:54:16.0799 0484  NdisCap - ok</div>

<div>11:54:16.0814 0484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys</div>

<div>11:54:16.0814 0484  NdisTapi - ok</div>

<div>11:54:16.0830 0484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys</div>

<div>11:54:16.0830 0484  Ndisuio - ok</div>

<div>11:54:16.0861 0484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys</div>

<div>11:54:16.0861 0484  NdisWan - ok</div>

<div>11:54:16.0908 0484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys</div>

<div>11:54:16.0908 0484  NDProxy - ok</div>

<div>11:54:16.0939 0484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys</div>

<div>11:54:16.0939 0484  NetBIOS - ok</div>

<div>11:54:16.0955 0484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys</div>

<div>11:54:16.0955 0484  NetBT - ok</div>

<div>11:54:16.0970 0484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe</div>

<div>11:54:16.0970 0484  Netlogon - ok</div>

<div>11:54:17.0017 0484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll</div>

<div>11:54:17.0033 0484  Netman - ok</div>

<div>11:54:17.0080 0484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0080 0484  NetMsmqActivator - ok</div>

<div>11:54:17.0080 0484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0080 0484  NetPipeActivator - ok</div>

<div>11:54:17.0095 0484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll</div>

<div>11:54:17.0111 0484  netprofm - ok</div>

<div>11:54:17.0111 0484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0111 0484  NetTcpActivator - ok</div>

<div>11:54:17.0111 0484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0111 0484  NetTcpPortSharing - ok</div>

<div>11:54:17.0158 0484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys</div>

<div>11:54:17.0158 0484  nfrd960 - ok</div>

<div>11:54:17.0173 0484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll</div>

<div>11:54:17.0173 0484  NlaSvc - ok</div>

<div>11:54:17.0204 0484  nosGetPlusHelper - ok</div>

<div>11:54:17.0220 0484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys</div>

<div>11:54:17.0236 0484  Npfs - ok</div>

<div>11:54:17.0236 0484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll</div>

<div>11:54:17.0236 0484  nsi - ok</div>

<div>11:54:17.0251 0484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys</div>

<div>11:54:17.0251 0484  nsiproxy - ok</div>

<div>11:54:17.0329 0484  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys</div>

<div>11:54:17.0345 0484  Ntfs - ok</div>

<div>11:54:17.0360 0484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys</div>

<div>11:54:17.0360 0484  Null - ok</div>

<div>11:54:17.0407 0484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys</div>

<div>11:54:17.0423 0484  nvraid - ok</div>

<div>11:54:17.0438 0484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys</div>

<div>11:54:17.0438 0484  nvstor - ok</div>

<div>11:54:17.0470 0484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys</div>

<div>11:54:17.0470 0484  nv_agp - ok</div>

<div>11:54:17.0548 0484  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE</div>

<div>11:54:17.0563 0484  odserv - ok</div>

<div>11:54:17.0579 0484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys</div>

<div>11:54:17.0579 0484  ohci1394 - ok</div>

<div>11:54:17.0626 0484  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE</div>

<div>11:54:17.0626 0484  ose - ok</div>

<div>11:54:17.0766 0484  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</div>

<div>11:54:17.0813 0484  osppsvc - ok</div>

<div>11:54:17.0860 0484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll</div>

<div>11:54:17.0860 0484  p2pimsvc - ok</div>

<div>11:54:17.0875 0484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll</div>

<div>11:54:17.0891 0484  p2psvc - ok</div>

<div>11:54:17.0922 0484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys</div>

<div>11:54:17.0922 0484  Parport - ok</div>

<div>11:54:17.0969 0484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys</div>

<div>11:54:17.0969 0484  partmgr - ok</div>

<div>11:54:17.0984 0484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll</div>

<div>11:54:17.0984 0484  PcaSvc - ok</div>

<div>11:54:18.0016 0484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys</div>

<div>11:54:18.0016 0484  pci - ok</div>

<div>11:54:18.0031 0484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys</div>

<div>11:54:18.0031 0484  pciide - ok</div>

<div>11:54:18.0062 0484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys</div>

<div>11:54:18.0062 0484  pcmcia - ok</div>

<div>11:54:18.0078 0484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys</div>

<div>11:54:18.0078 0484  pcw - ok</div>

<div>11:54:18.0109 0484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys</div>

<div>11:54:18.0109 0484  PEAUTH - ok</div>

<div>11:54:18.0187 0484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe</div>

<div>11:54:18.0187 0484  PerfHost - ok</div>

<div>11:54:18.0250 0484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll</div>

<div>11:54:18.0265 0484  pla - ok</div>

<div>11:54:18.0328 0484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll</div>

<div>11:54:18.0328 0484  PlugPlay - ok</div>

<div>11:54:18.0343 0484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll</div>

<div>11:54:18.0343 0484  PNRPAutoReg - ok</div>

<div>11:54:18.0499 0484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll</div>

<div>11:54:18.0515 0484  PNRPsvc - ok</div>

<div>11:54:18.0530 0484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll</div>

<div>11:54:18.0530 0484  PolicyAgent - ok</div>

<div>11:54:18.0577 0484  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll</div>

<div>11:54:18.0577 0484  Power - ok</div>

<div>11:54:18.0624 0484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys</div>

<div>11:54:18.0624 0484  PptpMiniport - ok</div>

<div>11:54:18.0640 0484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys</div>

<div>11:54:18.0640 0484  Processor - ok</div>

<div>11:54:18.0686 0484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll</div>

<div>11:54:18.0686 0484  ProfSvc - ok</div>

<div>11:54:18.0702 0484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe</div>

<div>11:54:18.0702 0484  ProtectedStorage - ok</div>

<div>11:54:18.0749 0484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys</div>

<div>11:54:18.0749 0484  Psched - ok</div>

<div>11:54:18.0780 0484  [ 5F6085E17866C1BF098C42D30A894DED ] psdrv3          C:\Windows\system32\Drivers\psdrv3.sys</div>

<div>11:54:18.0780 0484  psdrv3 - ok</div>

<div>11:54:18.0827 0484  [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</div>

<div>11:54:18.0827 0484  QBCFMonitorService - ok</div>

<div>11:54:18.0858 0484  [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe</div>

<div>11:54:18.0874 0484  QBFCService - ok</div>

<div>11:54:18.0920 0484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys</div>

<div>11:54:18.0936 0484  ql2300 - ok</div>

<div>11:54:18.0967 0484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys</div>

<div>11:54:18.0967 0484  ql40xx - ok</div>

<div>11:54:19.0030 0484  QuickBooksDB18 - ok</div>

<div>11:54:19.0045 0484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll</div>

<div>11:54:19.0061 0484  QWAVE - ok</div>

<div>11:54:19.0076 0484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys</div>

<div>11:54:19.0076 0484  QWAVEdrv - ok</div>

<div>11:54:19.0076 0484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys</div>

<div>11:54:19.0076 0484  RasAcd - ok</div>

<div>11:54:19.0092 0484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys</div>

<div>11:54:19.0092 0484  RasAgileVpn - ok</div>

<div>11:54:19.0108 0484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll</div>

<div>11:54:19.0108 0484  RasAuto - ok</div>

<div>11:54:19.0139 0484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys</div>

<div>11:54:19.0154 0484  Rasl2tp - ok</div>

<div>11:54:19.0170 0484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll</div>

<div>11:54:19.0170 0484  RasMan - ok</div>

<div>11:54:19.0201 0484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys</div>

<div>11:54:19.0201 0484  RasPppoe - ok</div>

<div>11:54:19.0217 0484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys</div>

<div>11:54:19.0217 0484  RasSstp - ok</div>

<div>11:54:19.0264 0484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys</div>

<div>11:54:19.0264 0484  rdbss - ok</div>

<div>11:54:19.0279 0484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys</div>

<div>11:54:19.0279 0484  rdpbus - ok</div>

<div>11:54:19.0279 0484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys</div>

<div>11:54:19.0279 0484  RDPCDD - ok</div>

<div>11:54:19.0310 0484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys</div>

<div>11:54:19.0310 0484  RDPENCDD - ok</div>

<div>11:54:19.0310 0484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys</div>

<div>11:54:19.0310 0484  RDPREFMP - ok</div>

<div>11:54:19.0357 0484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys</div>

<div>11:54:19.0357 0484  RDPWD - ok</div>

<div>11:54:19.0388 0484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys</div>

<div>11:54:19.0404 0484  rdyboost - ok</div>

<div>11:54:19.0435 0484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll</div>

<div>11:54:19.0435 0484  RemoteAccess - ok</div>

<div>11:54:19.0451 0484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll</div>

<div>11:54:19.0451 0484  RemoteRegistry - ok</div>

<div>11:54:19.0498 0484  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys</div>

<div>11:54:19.0513 0484  RFCOMM - ok</div>

<div>11:54:19.0544 0484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll</div>

<div>11:54:19.0544 0484  RpcEptMapper - ok</div>

<div>11:54:19.0560 0484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe</div>

<div>11:54:19.0560 0484  RpcLocator - ok</div>

<div>11:54:19.0607 0484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll</div>

<div>11:54:19.0607 0484  RpcSs - ok</div>

<div>11:54:19.0638 0484  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys</div>

<div>11:54:19.0654 0484  RsFx0105 - ok</div>

<div>11:54:19.0685 0484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys</div>

<div>11:54:19.0685 0484  rspndr - ok</div>

<div>11:54:19.0700 0484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe</div>

<div>11:54:19.0700 0484  SamSs - ok</div>

<div>11:54:19.0732 0484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys</div>

<div>11:54:19.0732 0484  sbp2port - ok</div>

<div>11:54:19.0747 0484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll</div>

<div>11:54:19.0747 0484  SCardSvr - ok</div>

<div>11:54:19.0778 0484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys</div>

<div>11:54:19.0778 0484  scfilter - ok</div>

<div>11:54:19.0825 0484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll</div>

<div>11:54:19.0841 0484  Schedule - ok</div>

<div>11:54:19.0888 0484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll</div>

<div>11:54:19.0888 0484  SCPolicySvc - ok</div>

<div>11:54:19.0919 0484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll</div>

<div>11:54:19.0919 0484  SDRSVC - ok</div>

<div>11:54:19.0934 0484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys</div>

<div>11:54:19.0934 0484  secdrv - ok</div>

<div>11:54:19.0950 0484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll</div>

<div>11:54:19.0950 0484  seclogon - ok</div>

<div>11:54:19.0966 0484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll</div>

<div>11:54:19.0981 0484  SENS - ok</div>

<div>11:54:19.0997 0484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll</div>

<div>11:54:19.0997 0484  SensrSvc - ok</div>

<div>11:54:20.0012 0484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys</div>

<div>11:54:20.0012 0484  Serenum - ok</div>

<div>11:54:20.0044 0484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys</div>

<div>11:54:20.0044 0484  Serial - ok</div>

<div>11:54:20.0059 0484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys</div>

<div>11:54:20.0059 0484  sermouse - ok</div>

<div>11:54:20.0106 0484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll</div>

<div>11:54:20.0106 0484  SessionEnv - ok</div>

<div>11:54:20.0106 0484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys</div>

<div>11:54:20.0106 0484  sffdisk - ok</div>

<div>11:54:20.0122 0484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys</div>

<div>11:54:20.0122 0484  sffp_mmc - ok</div>

<div>11:54:20.0137 0484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys</div>

<div>11:54:20.0137 0484  sffp_sd - ok</div>

<div>11:54:20.0153 0484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys</div>

<div>11:54:20.0153 0484  sfloppy - ok</div>

<div>11:54:20.0200 0484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll</div>

<div>11:54:20.0215 0484  SharedAccess - ok</div>

<div>11:54:20.0231 0484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll</div>

<div>11:54:20.0231 0484  ShellHWDetection - ok</div>

<div>11:54:20.0246 0484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys</div>

<div>11:54:20.0246 0484  SiSRaid2 - ok</div>

<div>11:54:20.0262 0484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys</div>

<div>11:54:20.0262 0484  SiSRaid4 - ok</div>

<div>11:54:20.0340 0484  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe</div>

<div>11:54:20.0340 0484  SkypeUpdate - ok</div>

<div>11:54:20.0387 0484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys</div>

<div>11:54:20.0387 0484  Smb - ok</div>

<div>11:54:20.0418 0484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe</div>

<div>11:54:20.0418 0484  SNMPTRAP - ok</div>

<div>11:54:20.0434 0484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys</div>

<div>11:54:20.0434 0484  spldr - ok</div>

<div>11:54:20.0480 0484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe</div>

<div>11:54:20.0480 0484  Spooler - ok</div>

<div>11:54:20.0574 0484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe</div>

<div>11:54:20.0605 0484  sppsvc - ok</div>

<div>11:54:20.0621 0484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll</div>

<div>11:54:20.0621 0484  sppuinotify - ok</div>

<div>11:54:20.0746 0484  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE</div>

<div>11:54:20.0761 0484  SQLAgent$SQLEXPRESS - ok</div>

<div>11:54:20.0808 0484  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe</div>

<div>11:54:20.0808 0484  SQLBrowser - ok</div>

<div>11:54:20.0870 0484  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</div>

<div>11:54:20.0870 0484  SQLWriter - ok</div>

<div>11:54:20.0948 0484  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS</div>

<div>11:54:20.0948 0484  SRTSP - ok</div>

<div>11:54:20.0964 0484  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS</div>

<div>11:54:20.0964 0484  SRTSPX - ok</div>

<div>11:54:21.0011 0484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys</div>

<div>11:54:21.0026 0484  srv - ok</div>

<div>11:54:21.0042 0484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys</div>

<div>11:54:21.0042 0484  srv2 - ok</div>

<div>11:54:21.0058 0484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys</div>

<div>11:54:21.0058 0484  srvnet - ok</div>

<div>11:54:21.0120 0484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll</div>

<div>11:54:21.0120 0484  SSDPSRV - ok</div>

<div>11:54:21.0120 0484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll</div>

<div>11:54:21.0120 0484  SstpSvc - ok</div>

<div>11:54:21.0167 0484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys</div>

<div>11:54:21.0167 0484  stexstor - ok</div>

<div>11:54:21.0214 0484  [ 6299F206F17E34EAD0EF63DAD8CD4272 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys</div>

<div>11:54:21.0229 0484  STHDA - ok</div>

<div>11:54:21.0276 0484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll</div>

<div>11:54:21.0276 0484  stisvc - ok</div>

<div>11:54:21.0292 0484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys</div>

<div>11:54:21.0292 0484  swenum - ok</div>

<div>11:54:21.0323 0484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll</div>

<div>11:54:21.0338 0484  swprv - ok</div>

<div>11:54:21.0338 0484  sxuptp - ok</div>

<div>11:54:21.0354 0484  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS</div>

<div>11:54:21.0354 0484  SymDS - ok</div>

<div>11:54:21.0416 0484  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS</div>

<div>11:54:21.0416 0484  SymEFA - ok</div>

<div>11:54:21.0432 0484  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</div>

<div>11:54:21.0448 0484  SymEvent - ok</div>

<div>11:54:21.0479 0484  [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys</div>

<div>11:54:21.0479 0484  SymIM - ok</div>

<div>11:54:21.0510 0484  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS</div>

<div>11:54:21.0510 0484  SymIRON - ok</div>

<div>11:54:21.0541 0484  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS</div>

<div>11:54:21.0557 0484  SYMTDIv - ok</div>

<div>11:54:21.0635 0484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll</div>

<div>11:54:21.0650 0484  SysMain - ok</div>

<div>11:54:21.0682 0484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll</div>

<div>11:54:21.0682 0484  TabletInputService - ok</div>

<div>11:54:21.0728 0484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll</div>

<div>11:54:21.0728 0484  TapiSrv - ok</div>

<div>11:54:21.0775 0484  [ 79E084FCCFEF637580A06F3DC36C1A6C ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys</div>

<div>11:54:21.0791 0484  TASCAM_US122144 - ok</div>

<div>11:54:21.0822 0484  [ DE0AE9891AA5D08A9EC92C326D8000F9 ] TASCAM_US122L_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys</div>

<div>11:54:21.0822 0484  TASCAM_US122L_MK2_MIDI - ok</div>

<div>11:54:21.0838 0484  [ BC94143174B92C181AE6135750DAEA7D ] TASCAM_US122L_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys</div>

<div>11:54:21.0838 0484  TASCAM_US122L_MK2_WDM - ok</div>

<div>11:54:21.0869 0484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll</div>

<div>11:54:21.0869 0484  TBS - ok</div>

<div>11:54:21.0947 0484  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys</div>

<div>11:54:21.0962 0484  Tcpip - ok</div>

<div>11:54:21.0994 0484  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys</div>

<div>11:54:22.0009 0484  TCPIP6 - ok</div>

<div>11:54:22.0040 0484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys</div>

<div>11:54:22.0040 0484  tcpipreg - ok</div>

<div>11:54:22.0087 0484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys</div>

<div>11:54:22.0087 0484  TDPIPE - ok</div>

<div>11:54:22.0118 0484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys</div>

<div>11:54:22.0118 0484  TDTCP - ok</div>

<div>11:54:22.0165 0484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys</div>

<div>11:54:22.0165 0484  tdx - ok</div>

<div>11:54:22.0212 0484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys</div>

<div>11:54:22.0212 0484  TermDD - ok</div>

<div>11:54:22.0243 0484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll</div>

<div>11:54:22.0259 0484  TermService - ok</div>

<div>11:54:22.0259 0484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll</div>

<div>11:54:22.0274 0484  Themes - ok</div>

<div>11:54:22.0306 0484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll</div>

<div>11:54:22.0306 0484  THREADORDER - ok</div>

<div>11:54:22.0321 0484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll</div>

<div>11:54:22.0321 0484  TrkWks - ok</div>

<div>11:54:22.0399 0484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe</div>

<div>11:54:22.0399 0484  TrustedInstaller - ok</div>

<div>11:54:22.0430 0484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys</div>

<div>11:54:22.0446 0484  tssecsrv - ok</div>

<div>11:54:22.0477 0484  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys</div>

<div>11:54:22.0493 0484  TsUsbFlt - ok</div>

<div>11:54:22.0540 0484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys</div>

<div>11:54:22.0540 0484  tunnel - ok</div>

<div>11:54:22.0555 0484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys</div>

<div>11:54:22.0555 0484  uagp35 - ok</div>

<div>11:54:22.0633 0484  [ E212CD75C7558450C0890710F892084C ] uagqecsvc       C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe</div>

<div>11:54:22.0633 0484  uagqecsvc - ok</div>

<div>11:54:22.0680 0484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys</div>

<div>11:54:22.0680 0484  udfs - ok</div>

<div>11:54:22.0711 0484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe</div>

<div>11:54:22.0711 0484  UI0Detect - ok</div>

<div>11:54:22.0727 0484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys</div>

<div>11:54:22.0727 0484  uliagpkx - ok</div>

<div>11:54:22.0758 0484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys</div>

<div>11:54:22.0758 0484  umbus - ok</div>

<div>11:54:22.0789 0484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys</div>

<div>11:54:22.0789 0484  UmPass - ok</div>

<div>11:54:22.0805 0484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll</div>

<div>11:54:22.0820 0484  upnphost - ok</div>

<div>11:54:22.0852 0484  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys</div>

<div>11:54:22.0852 0484  USBAAPL64 - ok</div>

<div>11:54:22.0898 0484  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys</div>

<div>11:54:22.0898 0484  usbccgp - ok</div>

<div>11:54:22.0945 0484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys</div>

<div>11:54:22.0945 0484  usbcir - ok</div>

<div>11:54:22.0976 0484  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys</div>

<div>11:54:22.0976 0484  usbehci - ok</div>

<div>11:54:23.0008 0484  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys</div>

<div>11:54:23.0008 0484  usbhub - ok</div>

<div>11:54:23.0023 0484  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys</div>

<div>11:54:23.0023 0484  usbohci - ok</div>

<div>11:54:23.0054 0484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys</div>

<div>11:54:23.0054 0484  usbprint - ok</div>

<div>11:54:23.0086 0484  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys</div>

<div>11:54:23.0086 0484  usbscan - ok</div>

<div>11:54:23.0132 0484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS</div>

<div>11:54:23.0132 0484  USBSTOR - ok</div>

<div>11:54:23.0148 0484  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys</div>

<div>11:54:23.0148 0484  usbuhci - ok</div>

<div>11:54:23.0179 0484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll</div>

<div>11:54:23.0179 0484  UxSms - ok</div>

<div>11:54:23.0195 0484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe</div>

<div>11:54:23.0195 0484  VaultSvc - ok</div>

<div>11:54:23.0226 0484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys</div>

<div>11:54:23.0242 0484  vdrvroot - ok</div>

<div>11:54:23.0242 0484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe</div>

<div>11:54:23.0257 0484  vds - ok</div>

<div>11:54:23.0273 0484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys</div>

<div>11:54:23.0273 0484  vga - ok</div>

<div>11:54:23.0273 0484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys</div>

<div>11:54:23.0273 0484  VgaSave - ok</div>

<div>11:54:23.0304 0484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys</div>

<div>11:54:23.0304 0484  vhdmp - ok</div>

<div>11:54:23.0335 0484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys</div>

<div>11:54:23.0335 0484  viaide - ok</div>

<div>11:54:23.0366 0484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys</div>

<div>11:54:23.0366 0484  volmgr - ok</div>

<div>11:54:23.0398 0484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys</div>

<div>11:54:23.0398 0484  volmgrx - ok</div>

<div>11:54:23.0429 0484  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys</div>

<div>11:54:23.0429 0484  volsnap - ok</div>

<div>11:54:23.0476 0484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys</div>

<div>11:54:23.0476 0484  vsmraid - ok</div>

<div>11:54:23.0616 0484  [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys</div>

<div>11:54:23.0616 0484  VSPerfDrv100 - ok</div>

<div>11:54:23.0694 0484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe</div>

<div>11:54:23.0710 0484  VSS - ok</div>

<div>11:54:23.0741 0484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys</div>

<div>11:54:23.0741 0484  vwifibus - ok</div>

<div>11:54:23.0756 0484  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys</div>

<div>11:54:23.0756 0484  vwififlt - ok</div>

<div>11:54:23.0788 0484  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys</div>

<div>11:54:23.0788 0484  vwifimp - ok</div>

<div>11:54:23.0819 0484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll</div>

<div>11:54:23.0834 0484  W32Time - ok</div>

<div>11:54:23.0850 0484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys</div>

<div>11:54:23.0850 0484  WacomPen - ok</div>

<div>11:54:23.0850 0484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys</div>

<div>11:54:23.0850 0484  WANARP - ok</div>

<div>11:54:23.0866 0484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys</div>

<div>11:54:23.0866 0484  Wanarpv6 - ok</div>

<div>11:54:23.0912 0484  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe</div>

<div>11:54:23.0928 0484  WatAdminSvc - ok</div>

<div>11:54:23.0975 0484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe</div>

<div>11:54:23.0990 0484  wbengine - ok</div>

<div>11:54:24.0006 0484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll</div>

<div>11:54:24.0006 0484  WbioSrvc - ok</div>

<div>11:54:24.0053 0484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll</div>

<div>11:54:24.0053 0484  wcncsvc - ok</div>

<div>11:54:24.0068 0484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll</div>

<div>11:54:24.0068 0484  WcsPlugInService - ok</div>

<div>11:54:24.0084 0484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys</div>

<div>11:54:24.0084 0484  Wd - ok</div>

<div>11:54:24.0131 0484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys</div>

<div>11:54:24.0146 0484  Wdf01000 - ok</div>

<div>11:54:24.0162 0484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll</div>

<div>11:54:24.0162 0484  WdiServiceHost - ok</div>

<div>11:54:24.0162 0484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll</div>

<div>11:54:24.0162 0484  WdiSystemHost - ok</div>

<div>11:54:24.0209 0484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll</div>

<div>11:54:24.0209 0484  WebClient - ok</div>

<div>11:54:24.0224 0484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll</div>

<div>11:54:24.0224 0484  Wecsvc - ok</div>

<div>11:54:24.0271 0484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll</div>

<div>11:54:24.0271 0484  wercplsupport - ok</div>

<div>11:54:24.0287 0484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll</div>

<div>11:54:24.0287 0484  WerSvc - ok</div>

<div>11:54:24.0334 0484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys</div>

<div>11:54:24.0334 0484  WfpLwf - ok</div>

<div>11:54:24.0349 0484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys</div>

<div>11:54:24.0349 0484  WIMMount - ok</div>

<div>11:54:24.0365 0484  WinDefend - ok</div>

<div>11:54:24.0365 0484  WinHttpAutoProxySvc - ok</div>

<div>11:54:24.0443 0484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll</div>

<div>11:54:24.0458 0484  Winmgmt - ok</div>

<div>11:54:24.0583 0484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll</div>

<div>11:54:24.0599 0484  WinRM - ok</div>

<div>11:54:24.0661 0484  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys</div>

<div>11:54:24.0661 0484  WinUsb - ok</div>

<div>11:54:24.0708 0484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll</div>

<div>11:54:24.0724 0484  Wlansvc - ok</div>

<div>11:54:24.0786 0484  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe</div>

<div>11:54:24.0786 0484  wlcrasvc - ok</div>

<div>11:54:24.0880 0484  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>

<div>11:54:24.0895 0484  wlidsvc - ok</div>

<div>11:54:24.0942 0484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys</div>

<div>11:54:24.0942 0484  WmiAcpi - ok</div>

<div>11:54:24.0958 0484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe</div>

<div>11:54:24.0958 0484  wmiApSrv - ok</div>

<div>11:54:24.0989 0484  WMPNetworkSvc - ok</div>

<div>11:54:24.0989 0484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll</div>

<div>11:54:24.0989 0484  WPCSvc - ok</div>

<div>11:54:25.0020 0484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll</div>

<div>11:54:25.0036 0484  WPDBusEnum - ok</div>

<div>11:54:25.0067 0484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys</div>

<div>11:54:25.0067 0484  ws2ifsl - ok</div>

<div>11:54:25.0082 0484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll</div>

<div>11:54:25.0082 0484  wscsvc - ok</div>

<div>11:54:25.0129 0484  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys</div>

<div>11:54:25.0129 0484  WSDPrintDevice - ok</div>

<div>11:54:25.0160 0484  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys</div>

<div>11:54:25.0160 0484  WSDScan - ok</div>

<div>11:54:25.0176 0484  WSearch - ok</div>

<div>11:54:25.0238 0484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll</div>

<div>11:54:25.0270 0484  wuauserv - ok</div>

<div>11:54:25.0301 0484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys</div>

<div>11:54:25.0301 0484  WudfPf - ok</div>

<div>11:54:25.0332 0484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys</div>

<div>11:54:25.0348 0484  WUDFRd - ok</div>

<div>11:54:25.0379 0484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll</div>

<div>11:54:25.0379 0484  wudfsvc - ok</div>

<div>11:54:25.0410 0484  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll</div>

<div>11:54:25.0426 0484  WwanSvc - ok</div>

<div>11:54:25.0441 0484  ================ Scan global ===============================</div>

<div>11:54:25.0488 0484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll</div>

<div>11:54:25.0519 0484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div>

<div>11:54:25.0535 0484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div>

<div>11:54:25.0566 0484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll</div>

<div>11:54:25.0582 0484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe</div>

<div>11:54:25.0597 0484  [Global] - ok</div>

<div>11:54:25.0597 0484  ================ Scan MBR ==================================</div>

<div>11:54:25.0597 0484  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0</div>

<div>11:54:25.0597 0484  Suspicious mbr (Forged): \Device\Harddisk0\DR0</div>

<div>11:54:25.0660 0484  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected</div>

<div>11:54:25.0660 0484  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)</div>

<div>11:54:25.0675 0484  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1</div>

<div>11:54:40.0604 0484  \Device\Harddisk1\DR1 - ok</div>

<div>11:54:40.0604 0484  ================ Scan VBR ==================================</div>

<div>11:54:40.0604 0484  [ 558935E347C8ECEE3B3AF00CCE866096 ] \Device\Harddisk0\DR0\Partition1</div>

<div>11:54:40.0604 0484  \Device\Harddisk0\DR0\Partition1 - ok</div>

<div>11:54:40.0620 0484  [ 9AF75B854291DF1541FF0996489C2EB8 ] \Device\Harddisk0\DR0\Partition2</div>

<div>11:54:40.0620 0484  \Device\Harddisk0\DR0\Partition2 - ok</div>

<div>11:54:40.0620 0484  [ 2ED775138C0F13AE7947B6D3D01EF753 ] \Device\Harddisk1\DR1\Partition1</div>

<div>11:54:40.0620 0484  \Device\Harddisk1\DR1\Partition1 - ok</div>

<div>11:54:40.0620 0484  ============================================================</div>

<div>11:54:40.0620 0484  Scan finished</div>

<div>11:54:40.0620 0484  ============================================================</div>

<div>11:54:40.0636 1948  Detected object count: 1</div>

<div>11:54:40.0636 1948  Actual detected object count: 1</div>

<div>11:55:04.0738 1948  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user</div>

<div>11:55:04.0738 1948  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip </div>

<div> </div>